GrapheneOS wants Volkswagen drivers to start making noise. The privacy-focused Android project has confirmed what owners began reporting in mid-June, that Volkswagen’s companion app no longer works on GrapheneOS phones, locking people out of remote door controls, charging settings, and even the ability to see where they parked.
Alongside that confirmation came a pointed comparison. Two of Volkswagen’s rivals already solved the exact problem Volkswagen now blames on technical necessity.
Hyundai and Kia both added official GrapheneOS support to their apps several months before Volkswagen shut the door, the project said. They did it by verifying devices through hardware rather than leaning on Google’s Play Integrity API, the attestation system sitting at the center of this dispute. The workable path exists, two competitors have already taken it, and Volkswagen went the other direction.
Writing on X, the GrapheneOS team said there was “no legitimate reason” for Volkswagen to exclude the operating system, arguing the carmaker could check devices using hardware-backed verification instead of relying solely on Google’s API. That single design choice explains the whole standoff.
Here is what attestation actually does. When the Volkswagen app launches, it asks Google a question through the Play Integrity API, roughly whether the phone is a legitimate, unmodified Android device.
GrapheneOS fails that check, and not because it is insecure. It fails because Google’s list of approved devices does not include it. GrapheneOS runs a locked bootloader and verified boot, sandboxes apps more tightly than stock Android, and strips out the Google components that harvest user data in the background. The attestation system reads all of that hardening as a red flag, treating a more private phone as a less trustworthy one.
That outcome is the issue for any Volkswagen owner who chose GrapheneOS to get away from Google in the first place. Volkswagen is using Google’s gatekeeping to herd those exact users back into Google’s ecosystem, the one they deliberately left.
When one affected user, XavDub, contacted Volkswagen, the response was that GrapheneOS “is not an official Volkswagen offering,” with a suggestion to contact their OS provider instead.
XavDub described the failure. “First symptom, sync did not work anymore from the app, so I tried to logout to login again, but it’s since just impossible,” they wrote, noting that the identical login worked fine on a stock Google Pixel.
Volkswagen’s app still functions on older, end-of-life Android builds carrying known holes, while rejecting an operating system that is arguably harder to compromise. A company genuinely worried about device integrity would not wave through outdated phones and block a hardened one. The behavior points at control, not protection.
This lockout also lands in the middle of a broader squeeze on what drivers can do with their own vehicles. Volkswagen recently changed the APIs used to reach vehicle data, and according to German outlet Heise, that change broke third-party tools owners relied on for smart charging, solar integration, and home automation.
That leaves customers more dependent on Volkswagen’s own software and further from the data their cars generate, which raises a fair question about how any of this squares with the EU Data Act’s goal of giving people access to connected-device information.
There is a deeper irony here in that Volkswagen is invoking security and integrity to justify shutting out privacy-minded users, despite a track record that undercuts the posture. In 2024 the company exposed location data for roughly 800,000 electric vehicles, revealing where owners parked, including at home and at sensitive sites. A firm with that history is now positioning itself as the careful guardian deciding which phones are safe enough.




