Privacy advocates are criticizing Google’s latest reCAPTCHA update, arguing it effectively locks out Android users running privacy-focused operating systems like GrapheneOS and CalyxOS.
The new verification system, part of Google’s “Cloud Fraud Defense,” presents users with a QR code that requires Google Play Services or an Apple equivalent. Devices without this software are blocked from accessing millions of websites.
The GrapheneOS team called the move anti-competitive. “Requiring people to have an Apple device or Google-certified Android device is anti-competition, not security.”
Bitcoin security researcher Jameson Lopp said privacy-conscious users are being demoted. Brendan Eich, CEO of Brave browser, called Google’s security excuse bogus, noting it permits decade-old unpatched devices while blocking secure ones.
The mobile verification requirement applies to desktop platforms initially but may expand. Google attempted a similar approach in 2023 with “Web Environment Integrity,” which was dropped after public backlash. Critics say the QR code method is the same concept in a new form.