Google has updated the reCAPTCHA so that without the company’s services, sites are now simply not allowed.
Users of Android smartphones without Google services began to face a new problem: sites with protection reCAPTCHA may simply not let go further, even if there is a living person in front of the screen. Google has tied the new verification system to Google Play Services, and without the company’s proprietary components, identity confirmation stops working.
Previously, reCAPTCHA usually asked to choose pictures with traffic lights, bicycles or buses. Now, with suspicious activity, the system shows the QR code that needs to be scanned by the smartphone. Such a check requires Google Play Services version 25.41.30 or newer. Without Google’s services, confirmation ends with an error.
QR code for checking for bot (cloud.google.com)
The problem affected smartphone owners with alternative firmware like GrapheneOS and other systems where Google applications have been removed. Users of such devices deliberately abandoned the company’s services for reasons of confidentiality and unwillingness to share data. The new scheme actually makes the lack of Google components a reason for suspicion.
Representatives of the MEGA service заявилиsaid that Google has already tried to promote a similar idea in 2023 through the Web Environment Integrity initiative. Then the project caused a wave of criticism and was curtailed. Now, according to the company, a similar mechanism is quietly implemented through the commercial product reCAPTCHA. MEGA added that the old methods of verification remain as a backup option, but it is not known how long Google will retain this possibility.
The developers of GrapheneOS consider what is happening to be part of a larger process associated with the hardware certification of devices. We are talking about mechanisms that allow services to check whether a person uses the “approved” device and the official operating system. On Android, the Play Integrity API is used for this, and Apple uses the App Attest API.
According to the GrapheneOS team, Google and Apple are gradually convincing banks, government services and large Internet platforms to implement such checks. As a result, users of alternative firmware, desktop Linux or other independent systems may eventually face restrictions on access to sites and applications.
The developers of GrapheneOS separately criticized the fact that the Play Integrity API blocks the system, despite enhanced security mechanisms. The authors of the project claim that Google allows you to pass the check of even obsolete Android devices without security updates over the past ten years, but does not allow alternative systems without Google certification.
Google unveiled the Google Cloud Fraud Defense platform in April at the Cloud Next conference. The company described the system as protection against bots and automated AI agents. At the same time, the presentations almost did not mention that the inspection on Android will require the constant operation of Google services in the background.
Judging by the archival copies of the pages of support, dependence on Google Play Services did not appear yesterday. In the fall of 2025, the documentation already included a mandatory requirement for the established Google services. Wide attention was paid to the problem only after discussion on Reddit, and then the topic was picked up by profile publications.
Particularly noticeable is the difference with Apple devices. On the iPhone with iOS 16.4 and newer, such a check works without installing additional Google applications. The restriction applies only to Android-smartphones without the company’s proprietary infrastructure.
reCAPTCHA is used on millions of sites around the world. Because of the new scheme, resource owners actually force Android users to run Google software and transfer data to the company’s servers for access to regular web pages. For the supporters of “de-Googled” devices, the situation looks like another attempt to strengthen control over the Android ecosystem.
Users of Android smartphones without Google services began to face a new problem: sites with protection reCAPTCHA may simply not let go further, even if there is a living person in front of the screen. Google has tied the new verification system to Google Play Services, and without the company’s proprietary components, identity confirmation stops working.
Previously, reCAPTCHA usually asked to choose pictures with traffic lights, bicycles or buses. Now, with suspicious activity, the system shows the QR code that needs to be scanned by the smartphone. Such a check requires Google Play Services version 25.41.30 or newer. Without Google’s services, confirmation ends with an error.
QR code for checking for bot (cloud.google.com)
The problem affected smartphone owners with alternative firmware like GrapheneOS and other systems where Google applications have been removed. Users of such devices deliberately abandoned the company’s services for reasons of confidentiality and unwillingness to share data. The new scheme actually makes the lack of Google components a reason for suspicion.
Representatives of the MEGA service заявилиsaid that Google has already tried to promote a similar idea in 2023 through the Web Environment Integrity initiative. Then the project caused a wave of criticism and was curtailed. Now, according to the company, a similar mechanism is quietly implemented through the commercial product reCAPTCHA. MEGA added that the old methods of verification remain as a backup option, but it is not known how long Google will retain this possibility.
The developers of GrapheneOS consider what is happening to be part of a larger process associated with the hardware certification of devices. We are talking about mechanisms that allow services to check whether a person uses the “approved” device and the official operating system. On Android, the Play Integrity API is used for this, and Apple uses the App Attest API.
According to the GrapheneOS team, Google and Apple are gradually convincing banks, government services and large Internet platforms to implement such checks. As a result, users of alternative firmware, desktop Linux or other independent systems may eventually face restrictions on access to sites and applications.
The developers of GrapheneOS separately criticized the fact that the Play Integrity API blocks the system, despite enhanced security mechanisms. The authors of the project claim that Google allows you to pass the check of even obsolete Android devices without security updates over the past ten years, but does not allow alternative systems without Google certification.
Google unveiled the Google Cloud Fraud Defense platform in April at the Cloud Next conference. The company described the system as protection against bots and automated AI agents. At the same time, the presentations almost did not mention that the inspection on Android will require the constant operation of Google services in the background.
Judging by the archival copies of the pages of support, dependence on Google Play Services did not appear yesterday. In the fall of 2025, the documentation already included a mandatory requirement for the established Google services. Wide attention was paid to the problem only after discussion on Reddit, and then the topic was picked up by profile publications.
Particularly noticeable is the difference with Apple devices. On the iPhone with iOS 16.4 and newer, such a check works without installing additional Google applications. The restriction applies only to Android-smartphones without the company’s proprietary infrastructure.
reCAPTCHA is used on millions of sites around the world. Because of the new scheme, resource owners actually force Android users to run Google software and transfer data to the company’s servers for access to regular web pages. For the supporters of “de-Googled” devices, the situation looks like another attempt to strengthen control over the Android ecosystem.
