What does Google’s “Binary Transparency” for its apps mean for microG?

Google just announced a “public ledger” that verifies all Google apps released after May 1 this year are authentic and authorized. As verification tools like this mature, app developers could eventually check this ledger before running. From Google’s article (link): > Historically, trust in software has been “implicit,” based on the simple assumption that an application is genuine because of its signature. However, as software complexity increases, so does the surface area for binary supply chain attacks. It is becoming insufficient to rely on the binary’s signature alone, as a signature cannot guarantee that this particular binary was the intended one to be released to the public by its author. Digital signatures are a certificate of origin, but binary transparency is a certificate of intent. Examples of binaries that are not meant to be released include stolen signing keys, insider attacks, and internal development builds. Google is helping address this real-world risk by expanding Binary Transparency on Android. By utilizing public, append-only ledgers, we are moving beyond assumptions to provide confidence that the Google software on your device is exactly what we intended to build and distribute. Will we eventually see apps refuse to run if they detect microG instead of official Google Play Services? Or will microG remain unaffected? Curious to see what your reads are on this.