TL;DR
- Efforts like Graphene OS face increasing pressure from apps that refuse to run on non-standard Android.
- The custom ROM project characterizes Google’s approach to device attestation as incomplete and flawed.
- Graphene OS is prepared to take legal action if Google won’t let it pass Play Integrity checks.
I mean, as long as it’s in a pretty robust sandbox and it’s either firewalled or has no network access (if possible for the app in question), I would think security implications are minimal. Like, even if the version of Android inside the container is compromised, the app could only take over its own container, which is non-privileged and doesn’t have access to anything you didn’t explicitly give it (in terms of user data).
But almost every app is going to crash because they’re built on needing the information those APIs return.
His example of not being able to control some wireless speaker? Supporting that app is going to be a mess, best case.