{"id":17880,"date":"2026-07-06T09:31:58","date_gmt":"2026-07-06T16:31:58","guid":{"rendered":"https:\/\/jasonsblog.ddns.net\/?p=17880"},"modified":"2026-07-06T09:31:58","modified_gmt":"2026-07-06T16:31:58","slug":"volkswagen-punishes-the-phones-that-trust-google-least","status":"publish","type":"post","link":"https:\/\/jasonsblog.ddns.net\/index.php\/2026\/07\/06\/volkswagen-punishes-the-phones-that-trust-google-least\/","title":{"rendered":"Volkswagen Punishes the Phones That Trust Google Least"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">The interesting part of this article is Kia and Hyundai allowing their apps on Graphene OS by verifying the hardware. As age verification and digital ID are inbound, this is an interesting look into how they&#8217;re going to exclude you for using a privacy focused Android OS. I&#8217;ve ordered a phone to experiment with CalyxOS, and possibly Linneage OS, to see what apps I have a problem with using microG instead of Google Play services. Graphene OS is the privacy standard, but I&#8217;m not paying hundreds for a Pixel, though a supported Motorola device is due out next year, with Graphene OS preinstalled.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/reclaimthenet.org\/volkswagen-punishes-the-phones-that-trust-google-least\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/reclaimthenet.org\/volkswagen-punishes-the-phones-that-trust-google-least<\/a><\/p>\n\n\n<div class=\"wp-block-ub-divider ub_divider ub-divider-orientation-horizontal\" id=\"ub_divider_515d3621-4b58-4ad5-b9ea-3b1eb5ff3642\"><div class=\"ub_divider_wrapper\" style=\"position: relative; margin-bottom: 2px; width: 100%; height: 2px; \" data-divider-alignment=\"center\"><div class=\"ub_divider_line\" style=\"border-top: 2px solid #ccc; margin-top: 2px; \"><\/div><\/div><\/div>\n\n\n<h5 class=\"wp-block-heading\">The same company that leaked the parking spots of 800,000 cars last year now says privacy-focused GrapheneOS phones aren\u2019t trustworthy enough for its app.<\/h5>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/media.reclaimthenet.org\/2026\/07\/uD2cfEo6LK56.jpg\" alt=\"Close-up of a black Volkswagen alloy wheel with a silver VW logo and brake disc visible behind the spokes\"\/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">By Rick Findlay<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">GrapheneOS wants Volkswagen drivers to start making noise. The privacy-focused Android project has confirmed what owners began reporting in mid-June, that Volkswagen\u2019s companion app no longer works on <a href=\"https:\/\/reclaimthenet.org\/an-introduction-to-grapheneos\">GrapheneOS phones<\/a>, locking people out of remote door controls, charging settings, and even the ability to see where they parked.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Alongside that confirmation came a pointed comparison. Two of Volkswagen\u2019s rivals already solved the exact problem Volkswagen now blames on technical necessity.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Hyundai and Kia both <a href=\"https:\/\/cyberinsider.com\/grapheneos-cites-hyundai-kia-as-it-pressures-volkswagen-over-app-block\/\">added official GrapheneOS support<\/a> to their apps several months before Volkswagen shut the door, the project said. They did it by verifying devices through hardware rather than leaning on Google\u2019s Play Integrity API, the attestation system sitting at the center of this dispute. The workable path exists, two competitors have already taken it, and Volkswagen went the other direction.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Writing on X, the GrapheneOS team said there was \u201c<a href=\"https:\/\/x.com\/GrapheneOS\/status\/2069846696574472688\">no legitimate reason<\/a>\u201d for Volkswagen to exclude the operating system, arguing the carmaker could check devices using hardware-backed verification instead of relying solely on Google\u2019s API. That single design choice explains the whole standoff.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Here is what attestation actually does. When the Volkswagen app launches, it asks Google a question through the Play Integrity API, roughly whether the phone is a legitimate, unmodified Android device.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">GrapheneOS fails that check, and not because it is insecure. It fails because Google\u2019s list of approved devices does not include it. GrapheneOS runs a locked bootloader and verified boot, sandboxes apps more tightly than stock Android, and strips out the Google components that harvest user data in the background. The attestation system reads all of that hardening as a red flag, treating a more private phone as a less trustworthy one.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">That outcome is the issue for any Volkswagen owner who chose GrapheneOS to get away from Google in the first place. Volkswagen is using Google\u2019s gatekeeping to herd those exact users back into Google\u2019s ecosystem, the one they deliberately left.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">When one affected user, <a href=\"https:\/\/discuss.grapheneos.org\/d\/35949-volkswagen-app\/20\">XavDub<\/a>, contacted Volkswagen, the response was that GrapheneOS \u201cis not an official Volkswagen offering,\u201d with a suggestion to contact their OS provider instead.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">XavDub described the failure. \u201cFirst symptom, sync did not work anymore from the app, so I tried to logout to login again, but it\u2019s since just impossible,\u201d they wrote, noting that the identical login worked fine on a stock Google Pixel.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Volkswagen\u2019s app still functions on older, end-of-life Android builds carrying known holes, while rejecting an operating system that is arguably harder to compromise. A company genuinely worried about device integrity would not wave through outdated phones and block a hardened one. The behavior points at control, not protection.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This lockout also lands in the middle of a broader squeeze on what drivers can do with their own vehicles. Volkswagen recently changed the APIs used to reach vehicle data, and <a href=\"https:\/\/www.heise.de\/en\/news\/VW-cuts-owners-access-to-their-own-vehicle-data-with-API-change-11312776.html\">according to German outlet Heise<\/a>, that change broke third-party tools owners relied on for smart charging, solar integration, and home automation.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">That leaves customers more dependent on Volkswagen\u2019s own software and further from the data their cars generate, which raises a fair question about how any of this squares with the <a href=\"https:\/\/digital-strategy.ec.europa.eu\/en\/policies\/data-act\">EU Data Act\u2019s goal<\/a> of giving people access to connected-device information.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">There is a deeper irony here in that Volkswagen is invoking security and integrity to justify shutting out privacy-minded users, despite a track record that undercuts the posture. In 2024 the company exposed location data for <a href=\"https:\/\/techcrunch.com\/2024\/12\/30\/volkswagen-leak-exposed-precise-location-data-on-thousands-of-vehicles-across-europe-for-months\/\">roughly 800,000 electric vehicles<\/a>, revealing where owners parked, including at home and at sensitive sites. A firm with that history is now positioning itself as the careful guardian deciding which phones are safe enough.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The interesting part of this article is Kia and Hyundai allowing their apps on Graphene OS by verifying the hardware. As age verification and digital ID are inbound, this is an interesting look into how they&#8217;re going to exclude you for using a privacy focused Android OS. I&#8217;ve ordered a phone to experiment with CalyxOS, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,7],"tags":[],"class_list":["post-17880","post","type-post","status-publish","format-standard","hentry","category-tech","category-world"],"blocksy_meta":[],"featured_image_src":null,"author_info":{"display_name":"Jason","author_link":"https:\/\/jasonsblog.ddns.net\/index.php\/author\/jturning\/"},"_links":{"self":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/17880","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/comments?post=17880"}],"version-history":[{"count":1,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/17880\/revisions"}],"predecessor-version":[{"id":17881,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/17880\/revisions\/17881"}],"wp:attachment":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/media?parent=17880"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/categories?post=17880"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/tags?post=17880"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}