- cross-posted to:
- [email protected]
- [email protected]
- cross-posted to:
- [email protected]
- [email protected]
cross-posted from: https://slrpnk.net/post/15995282
Real unfortunate news for GrapheneOS users as Revolut has decided to ban the use of ‘non-google’ approved OSes. This is currently being posted about and updated by GrahpeneOS over at Bluesky for those who want to follow it more closely.
Edit: had to change the title, originally it said Uber too but I cannot find back to the source of ether that’s true or not…
You must log in or register to comment.
This surprises me because McDonald’s app is hands down the worst app I’ve ever encountered in the history of all Android apps.
It’s is sluggish, ignores touches/taps half the time, doesn’t adhere to Android best practices for flow, crashes a lot, errors a lot, etc.
But OK McDonald’s. Fuck off.
I can add that it requires location permission (even when you attempt to search manually with zip or city). What a shitty, dystopian timeline we are experiencing when we’re mandated to run privacy invasive spyware, just to get a fucking discount on nugs.
It’s almost as if a clown programmed it
Ronapp McDonapp?
I just switched, looks like uber is working for me
Wait until the next update.
I think we gonna start learning who actually can’t handle not getting your data finally.
Also microg v sanboxed gps debate might get resolved
also as a former driver I just want to say DOWN WITH THEIR ECONOMIC TERRORISM!
I’m a microG guy, so I use Calyx. I wish graphene supported microG.
It stopped working in April or May I think so that’s interesting
Uber driver
Use the websites whenever you can. That’s what I do at least. Although I had to stop using Lyft entirely, because they stopped supporting rides from their website apparently. And that leaves just Uber. I actually left my bank for a similar reason. It supported my phone just fine, and it worked without Google Play Services, but the website wouldn’t let me do everything that the app would, and the app required that I have Aurora Store to download their banking app from the Google Play Store, and I wanted to get away from that, so I switched banks so that I could use the bank website instead. From what I can tell, you run into this kind of stuff a lot with FinTech apps. But if you use older banks, like Discover or Wells Fargo or things like that, they tend to work better. Maybe because they’re not up with the newest technology, LOL.
Yeah Revolut is also the kinda app that is almost only a mobile app, not much you can do with their website, last i checked.
Revolut was the one I was looking at if I’d switch to Graphene.
Correct. This is the reason not to use Revolut.
Choose Wise instead.
lol, I’ve observed the same.
Fancy “Digital Wallet” thingy is absolutely decked out in Root detection, meanwhile my older, physical bank’s app doesn’t give a fuck.I’ve never been too fond on the idea of a 100% digital bank so no loss for me!
womp womp.
I use Authy under a separate work profile on graphene with no issues 🤔
Guess you won’t be for much longer 🤷 I’d bare careful with logging out.
But when did you set Authy up? I don’t recall when Authy made the change, but it wouldn’t kick you out. It would, however, prevent you from signing in a new device. So if you lose your phone, you might lose access to those tokens…
Oh ok. Yeah it was a while ago. Will have to switch to something else soon then.
I use Aegis.
Well, Google is known for destroying its opposition.
This has very little to do with Google. Custom OS’s in general are being restricted by these apps, not Graphene in particular. All custom OS’s and root access devices are inherently less secure, even if they are privacy focused OS’s.
In IT this is called a zero trust. You don’t trust anything you cannot verify yourself. And a user installed OS is not something anyone can verify other than the installing user. Obviously for your own security you have your own zero trust policy if you are using something like Graphene, but these companies aren’t making it more secure for you as a user, they’re covering their asses in case there are holes in security they cannot account for.
I had Custom OSs installed before. My bank works fine, but there are apps that require Google Apps. I’d say that’s got pretty much to do with Google.
You’re implying that Google is causing these apps to not support custom OSs. But it’s literally not true. These apps are just not supporting custom OSs because their businesses don’t want to support non-standard platforms for security purposes. Tons of banks do not support custom OSs. It has nothing to do with Google and everything to do with not trusting the user which is 100% the correct approach for cyber security.
Got it. So it’s something similar to latest security proposals like not letting me download files on Windows because they are not normally downloaded. Or visiting a website with self signed certificates. So it’s more secure.
The apps complain: “You need Google Play services to use this app”.
So it’s about security. Right. What kind of security does McDonaldss need? Does it need security for their coupons?
Besides that, I thought payment gateway provided very good security by themselves.
But let’s steer from what happens on mainstream apps a little.
Isn’t Google Wallet or Online payments insecure too? Don’t they have tons security failures also? Human security failures, like if someone robs my phone and my info they would have access to my money?
Google and the smartphone industry employ accelerometers and other methods to make sure robbers can’t get to the system. They admit themselves that the systems aren’t safe and they’re working on AI and electronic methods to avoid access to sensitive information.
Is this the security you’re talking about? Maybe we should just steer the industry another way, like those Custom OSs do. Alternatives aren’t security potential threats. They’re the solution for the problem.
Making a monopoly based on making it “safe” isn’t secure at all.
It’s not for your security. It’s for the company’s security. You’re really dense you know that. This is not about you and it’s not about Google. What I’m saying is, people suck ass. So to protect themselves from people sucking ass, they restrict access to their system to their terms. Completely fair if you ask me.
You can go cry Google bad all you want. I might even agree Google is bad. But this is not a Google thing. It’s an IT security thing. The banks and MFA providers are security first businesses. They will make the decision that protect them first and it makes sense for them to do so. If you owned a bank, there is a high likelihood you would make similar decisions that end users don’t quite understand.
As far as McDonald’s is concerned, who the fuck knows what their developers are doing. That app is trash anyways.
perhaps dial back the attitude a bit there? if you think you know better than someone (even if you’re wrong), then you should have no trouble kindly educating instead of insulting them.
you may also wish to revisit your highly questionable claim that graphene properly configured on pixel is less secure than stock rom on some random android device.
It’s not questionable at all to assume that a user rooting and installing their own OS is a security risk. That’s the entire premise of zero trust. I’m sure Graphene OS is secure and better for user privacy when configured properly. But you can’t trust that an end user will configure it properly. That’s what I am saying and have been saying since the first message. You can’t trust the user to be security minded. Ultimately, the best thing you can do as a developer or a business is support a known quantity of software and hardware configurations and that likely means only supporting OEM installed ROMs.
Revolut seems to continue working as of now on my PIxel 7. I’m transferring the money out just in case. Any idea when are they going to stop them from working?
Next update
Stops working if you log in and out of your account. At least this is what GrapheneOS folks stated on BlueSky.
FYI, grapheneOS devs added a list of apps to their wiki:
https://grapheneos.org/articles/attestation-compatibility-guide#apps-banning-grapheneos
Just run PWA instead no?
It’s a mobile app only. The web interface is strictly for managing your account, last I checked.
For Revolut? Unlikely, their website forces you into using the app.
The others sure, i guess, but i don’t see the user overlap.
Revolut works fine for me still on Graphene?
Odd timing considering I’ve banned McDonalds, Revolut and Authy from my phone.
man, and i was gonna switch to graphene this christmas. if every app can just ban my OS, i might have to rethink this. i would use the website but they restrict so many things to apps now…
Well, switching to GrapheneOS shows that you don’t care what those companies do, and that you’re willing to fight. It means those companies lose one more customer. The more people that use GrapheneOS, the more companies will be forced to support it.
Honestly i didn’t even think of that. i’ll still switch then!
Nice choice. You not switching is exactly what these companies wanted.
Use a browser like Native Alpha or Hermit, which present a website like an app.
And if you use Bitwarden/Vaultwarden for your passwords, it can be pretty seamless.
I was about to switch bank because for a few days my current one (inadvertently) blocked it on grapheneOS. We sent them a few emails and they fixed in less than a week.
I use a small local credit union that doesn’t appear on their supported list. It’s literally the only thing holding me back, I’m tempted to say fuck it anyway. But I wonder if it might work anyway…
- Order a Pixel
- Flash GrapheneOS
- If it works, congratulations! If not, switch banks or revert to stock and return the phone.
What’s the app name? I could install it and see what happens
If nothing else can you use the browser?
I’ve used Hermit for years to present websites like an app, and am using Native Alpha on my new phone.
Yeah you’re probably right. I’ve gotta get a new phone before I can really attempt it, but I’ll at least try!
TBF, this is the first time I’ve encountered an app not working - and it was before this. It’s just because of Google push towards monopoly via their Play Integrity API that’s ruining this.
play “integrity” should be considered malware, any program that deliberately does something the user doesn’t want it to should.
the problem here is not the banks or apps, the problem is Google Play Integrity API, which is supposed to enforce to run apps in secured phones and it is used to ban secured ROMs such as GrapheneOS and it allows to run apps on outdated phones without security patches.
Oh, the banks and regulators are to blame. Especially in Europe.
Find me a PSD2 bank bank that doesn’t require a phone number
In this case, thanks to regulation, it seems GrapheneOS team is talking with European Commission about this problem with Play Integrity API https://fosstodon.org/@[email protected]/113623767380032309 and the only hope is a movement of the regulator against this policy of Google.
So the Play Integrity API is literally why I moved to iOS. My bank apps didn’t work with Lineage and the stock OnePlus ROM just sucked ass after the ColorOS or whatever update. I figured I might as well go iOS if I can’t have a custom ROM anyway, and so far it has indeed been a much nicer experience than stock Android. If you can’t TRULY customize everything, might as well at least get stability and consistency out of it, right? Plus at the time, there wasn’t a single Android OEM out there with truly long OS update support.
Anyway, if this succeeds and custom ROMs are considered to have sound integrity, I might just move back to Android. Graphene seems cool, I haven’t tried it yet because I’ve never owned a Pixel.
How would iOS be better? There is no blob-free, secure version on their devices at all. Right?
It’s not for privacy. But without access to custom ROMs, Android is shit.
Sure, but the ROMs is what makes Android a more secure platform
Sure, but my point was if you can’t even use ROMs because then you lose access to your bank (and now McD apparently), there’s much less reason to use Android - certainly was so 2.5 years ago when they were mostly all promising 2-3 years of support for flagship devices and Apple had a track record of 6-7 years.
which is supposed to enforce to run apps in secured phones
The point of the Google Play Integrity API is to ensure that the user is not in control of their phone, but that one of a small number of megacorps are in control.
Can the user pull their data out of apps? Not acceptable. Can the user access the app file itself? Not acceptable. Can the user modify apps? Not acceptable.
Basically it ensures that the user has no control over their own computing.
It’s simply the “secure” isn’t meant for users but the cooperations. Make it “secure” to their business.
It’s used to help secure the businesses app yes. It helps with things like preventing resource abuse which would cost the company money. E.g. querying mass amounts of data on a loop to increase the companies bill.
If you install GrapheneOS, you do not need root, so GrapheneOS is in control of the phone not the user. The key here is if GrapheneOS is secure enough to be certified by Google Play Integrity API. is it security or other issue? perhaps Google is not supporter of FOSS ROMs, perhaps it is not fun of how GrapheneOS removes permissions to Google Apps, …
If it is not security, this is a kind of monopoly to control which ROMs are allowed to run apps.
Can the user access the app file itself? Not acceptable
This is possible on any Android phone, no root or custom rom required
So that’s why it works on lineage? They seem to get around this somehow
It runs in Lineage? Lineage is certified by Google Play Integrity API (I doubt it)? or Lineage tricks Google Play Integrity API?
Yes. These apps work and bank apps work fine. Netflix works too.
There are only problems with a bunch of applications that recently decided to use Play Integrity API not with every banking app nor Netflix.
This is the list: https://grapheneos.org/articles/attestation-compatibility-guide#apps-banning-grapheneos
In fact those applications should not work with Lineage unless Play Integrity API is patched/cracked someway in Lineage.
Authy in that list works fine too
Small OT: In the article it’s mentioned also the app “IO” (italian for the english word “I”). There are also other important italian apps not working without play services. The serious thing is that that apps are almost mandatory to do the ordinary public administration bureaucracy. We can say that the italian state forces its citizens to use a smartphone with Google Play Services installed. This is no sense.
They’re already in contact with US agents to bring Google to justice
