X just made it much harder to log in on older Android phones

X now seems to be blocking users from logging into its Android app if their phone fails Google’s strict Play Integrity check. The change arrived quietly with version 11.88.0. It shuts out anyone using a rooted device, an unlocked bootloader, or older hardware lacking official Google certification.

Security researcher Mololuwa noted that the platform fully implemented the Strong Integrity tier of the Play Integrity API. This means the app actively checks the hardware and software state of the phone before letting you in. So if a device has not synced its certification with Google recently, the login simply fails. The version of the app you install does not matter anymore.

Meanwhile, users have already been running into issues following this change. One poster complained about needing to pass strong integrity just to access a basic social media app. They even shared screen recording for proof. Check it out below:

This means that Android power users who rely on custom ROMs to keep aging hardware alive and functional are also going to run into problems accessing X on their devices. But even if you’re not on a Custom ROM and have an Android phone that hasn’t bagged any updates recently, you’ll still be prevented from signing in. 

One Galaxy S9+ user shared a picture of the X app forcing them to sign in on the device from the website or the “official X apps” despite them using the actual X app, just on a much older device.

This push for security isn’t exactly surprising. The company has been aggressively locking down its ecosystem for months. Back in October, X users began seeing a vague “Attestation Denied” error during login. People found workarounds through password resets on the web, but X quickly patched those out.

Then, in March, X forced an attestation check that completely broke posting for third-party clients and the official X Lite app (unintentionally). The company rolled the requirement back briefly after intense user backlash, only to turn it right back on days later.

It is starting to look like part of a massive cleanup operation. Just last week, replies completely broke on the legacy Twitter app. X is systematically killing off older API access points and unverified entry methods.

People are scrambling to find ways around the new block. A few users in X threads claim to have found a clever bypass using passkeys.

A commenter pointed out that setting up a passkey via ProtonPass let them access the app on a custom ROM. Another user confirmed the trick worked for their Galaxy S9+, an aging device that only passes basic integrity.

These fixes usually do not last long. We do not know if X will loosen the restriction or stick to the strict enforcement. For now, if you run a custom Android setup or an older uncertified phone, the official app is essentially a brick.

We stand out from the tech-media crowd because we break news stories; we mainly bring you stuff that you won’t find anywhere in the mainstream tech media. Our stories have been picked up by some of the world’s most popular websites and media outlets—more info is available here.