Google has tied its next-generation reCAPTCHA system to Google Play Services, meaning de-Googled Android users will automatically fail verification when challenged. Users running custom ROMs like GrapheneOS that strip out Google's software cannot complete the QR code scan required for verification. The system demands Play Services version 25.41.30 or higher to prove you're human.

When reCAPTCHA flags suspicious activity, it abandons traditional image puzzles and requires scanning a QR code that needs Play Services running in the background, communicating with Google's servers. Google announced this broader system, Google Cloud Fraud Defense, at Cloud Next on April 23, pitching it as a trust platform for autonomous AI agents and traditional bots. An Internet Archive snapshot from October 2025 shows the same support page already listing a Play Services requirement at version 25.39.30, meaning Google built this dependency quietly for at least seven months.

The iOS comparison reveals the asymmetry—Apple devices running iOS 16.4 or later complete the same verification without installing any additional apps. Google didn't demand iPhone users install Google software to pass the test. Only Android users who refuse Play Services get locked out, revealing what this is really about: ecosystem control, not security. Web developers adopting this reCAPTCHA should understand they're telling de-Googled Android users they aren't welcome.