User:Louis/Volkswagen app GrapheneOS lockout

This is a personal page in Louis's userspace, kept as a reference. It is not a wiki article.

Volkswagen's official smartphone app, which owners use for remote functions such as vehicle status, location, and charging,^[1] does not run normally on GrapheneOS or other alternative, de-Googled Android systems.^[2] In a support reply to an affected owner, Volkswagen stated that the app is "only supported on iOS devices and Android devices with supported operating system versions" and that on "alternative operating systems (so-called custom ROMs, e.g. GrapheneOS, LineageOS, or similar solutions)" the owner should expect "limitations or a lack of functionality," because the app "relies on security-relevant system components and certified Android standards."^[2] GrapheneOS keeps a locked bootloader and verified boot signed with its own keys, but it is not a Google-certified manufacturer image, the condition Google's Play Integrity API requires before it returns the device-integrity verdict an app can demand.^[3][4]

The Volkswagen app and the We Connect service expose Volkswagen Group's connected-car functions to the owner's phone, including vehicle status, parking location, and charging.^[1]

The app block is the first-party-app counterpart to the Volkswagen Carnet API shutdown, the change that began on May 27, 2026, in which Volkswagen Group cut off third-party software such as Home Assistant and evcc and routed vehicle-data access through an official Volkswagen Group app.^[5] The two changes work from opposite sides of the same gate: the earlier one required a community client to authenticate through an official app,^[5] and this one requires the owner's phone to pass Google's device attestation before the official app itself will run.^[3]

The episode is documented through Volkswagen's own support correspondence. Replying to an owner who reported that the Volkswagen app no longer worked on a GrapheneOS phone, Volkswagen attributed the restriction to security and to Android certification:

"On devices on which alternative operating systems (so-called custom ROMs, e.g. GrapheneOS, LineageOS, or similar solutions) are installed, limitations or a lack of functionality of the Volkswagen app may occur. These systems are not part of the supported application environment of Volkswagen AG for the Volkswagen app, which is why we unfortunately cannot offer technical support in such cases. The reason for this is that the Volkswagen app relies on security-relevant system components and certified Android standards to ensure reliable and secure use of our digital services."

^[2]

The certification the email points to does not measure how current a device's patches are. Google's device-integrity verdict certifies that the operating system is "a certified device manufacturer image" on a locked bootloader; only the separate, stricter strong-integrity verdict additionally requires that the device received security updates in the last year.^[3] In practice the device-integrity check passes an older, unpatched but still factory-certified Android build, while a current GrapheneOS build, which is not a manufacturer image, does not produce that verdict.^[3]

The check behind "certified Android standards" is remote device attestation. On Android the dominant implementation is Google's Play Integrity API, which Google describes as a way to confirm that requests come from a "genuine and certified Android device."^[6] When an app calls it, Google returns a device-integrity verdict in three tiers: MEETS_BASIC_INTEGRITY, MEETS_DEVICE_INTEGRITY, and MEETS_STRONG_INTEGRITY.^[3] An app server can refuse to act unless it sees the tier it demands.

GrapheneOS is a hardened Android distribution that keeps a locked bootloader and verified boot, but it replaces the manufacturer's operating system with its own signed build. Because it is not a Google-licensed, factory-certified manufacturer image, it does not produce the MEETS_DEVICE_INTEGRITY verdict by default, regardless of how it is patched.^[3][4]

The GrapheneOS project argues that excluding it is a business choice, not a security requirement, and that an app that wants a genuine hardware-backed guarantee already has a better tool. Its attestation compatibility guide says a developer can support GrapheneOS "by using the standard Android hardware attestation API and permitting our official release signing keys," an approach the project describes as stronger than Play Integrity because it can "whitelist the keys of alternate operating systems."^[4] The project states the reason apps decline to do so directly:

"The only reason they aren't permitting it is because we do not license Google Mobile Services (GMS) and these apps are enforcing Google's business interests rather than security."

^[4]

In May 2026, Android Authority reported GrapheneOS's warning that Google and Apple device checks are increasingly used to restrict alternative operating systems, describing the purpose of these systems, in the project's words, as "disallowing people from using hardware and software not approved by Apple or Google."^[7] The project put its own exclusion plainly:

"Google's Play Integrity API bans using GrapheneOS despite it being far more secure than anything they permit."

^[7]

A vendor-neutral alternative exists but is barely deployed. Unified Attestation, an open-source project led by Volla Systeme GmbH, presents itself as "a free, open-source alternative to Google Play Integrity" that an app can run alongside Google's own check.^[8] GrapheneOS opposes that scheme as well, arguing it would replace Google's gatekeeping with a new vendor-managed allow-list rather than open access to any hardened operating system.^[9]

• Volkswagen Carnet API shutdown
• Mazda DMCA takedown of open source Home Assistant app
• GrapheneOS
• Right to repair