Google’s reCAPTCHA Mobile Verification uses QR-code scanning from a certified iOS or Android device to extend hardware attestation requirements to Windows, Linux, and other desktop systems.
Key Takeaways
reCAPTCHA Mobile Verification routes desktop users through a QR scan from an Apple or Google-certified Android device, effectively gating web access on approved mobile hardware.
Google Play Integrity API bans GrapheneOS and any uncertified Android fork regardless of security posture; devices with no patches for 10 years are permitted.
Apple’s Privacy Pass, Google’s shelved Web Environment Integrity, and now reCAPTCHA Mobile Verification form a clear progression toward browser-level hardware attestation on the open web.
EU governments are accelerating adoption by mandating Play Integrity and App Attest for digital payments, national ID, and age verification, deepening the Apple/Google duopoly via regulation.
Google’s certification requirements bundle Google Mobile Services and Chrome, making Play Integrity an GMS licensing enforcement mechanism, not a security control.
Hacker News Comment Review
The single comment flags the anti-competitive angle as the core legal question, consistent with the source’s argument that GMS bundling requirements have already been found illegal in South Korea and elsewhere.
