Bug #2015109 landed in Firefox 149 last month, and the details are now surfacing on Mozilla's Bugzilla. The resolution marks a significant architectural shift for Firefox on Android—Mozilla has integrated Google Play Integrity API checks as a prerequisite for its AI-powered features, specifically those feeding into the MLPA backend.

What Play Integrity Actually Does

The implementation isn't just a simple checkbox. According to the attachment descriptions, Mozilla created an entirely new gradle module called "lib-integrity-googleplay" with five distinct components: scaffolding for integrity APIs, a full GooglePlayIntegrityClient implementation, BuildConfig seeding from files at build time, integration directly into Fenix (the codename for Firefox Android), and a debug drawer for testing. The MLPA backend—the machine learning platform API powering these features—now requires a valid Play Integrity token before accepting requests.

Why This Matters for Mobile AI

Play Integrity checks are designed to verify that an app is running on an unmodified, legitimate Android device with genuine Google Play Services. For AI features, this serves dual purposes: preventing spoofed clients from abusing the MLPA infrastructure and ensuring Google Play's ecosystem dominance remains intact. If you're running Firefox through F-Droid or a third-party APK store without Google Play Services, don't expect these AI capabilities to work.

The Tradeoff Is Real

This is pragmatic engineering over ideological purity. Mozilla could have built fallback verification methods, but following Google's established pattern makes sense operationally. That said, it reinforces exactly the kind of lock-in that open-source advocates criticize. Your Firefox experience on Android now has invisible strings attached to Google's infrastructure—strings you can't see unless you hit a feature wall.

Key Takeaways

  • Bug #2015109 resolved as FIXED in Firefox 149 branch
  • Mozilla built lib-integrity-googleplay module with client implementation and debug tooling
  • MLPA backend now requires valid Play Integrity tokens for AI features on Android
  • Users outside Google Play ecosystem will lose access to certain capabilities

The Bottom Line

Mozilla made the practical call here, but it's a quiet concession that even Firefox isn't fully independent on mobile anymore. The browser we once championed as the alternative is now dancing to Google's tune when it comes to AI. That's not necessarily wrong—security has costs—but let's not pretend this is a win for user freedom.