@arstechnica I think the description of how the scanning occurs is a bit too vague, and puts too much emphasis on rooting. Play integrity is an implementation of trusted computing, an old demon from the early 2000s.

The problem goes down to the silicon and firmware level, those are used to attest to the boot state of the device and whether you're running the official OS, which means apps (or rather app servers) can require you to cryptographically prove you're running unmodified android to be allowed to connect.

Unless we get rid of TC or neuter it by adding user override as was proposed back in the day and rejected, there won't be any software freedom. It's only a matter of time until a proposal like WEI succeeds on the web, as it already has on mobile devices more generally because of the overwhelming power of Apple and Google. The only path I see forward is legislative, but the tech is too hidden for most to even notice and take action before it's too late.