cross-posted from: https://slrpnk.net/post/15995282
Real unfortunate news for GrapheneOS users as Revolut has decided to ban the use of ‘non-google’ approved OSes. This is currently being posted about and updated by GrahpeneOS over at Bluesky for those who want to follow it more closely.
Edit: had to change the title, originally it said Uber too but I cannot find back to the source of ether that’s true or not…
the problem here is not the banks or apps, the problem is Google Play Integrity API, which is supposed to enforce to run apps in secured phones and it is used to ban secured ROMs such as GrapheneOS and it allows to run apps on outdated phones without security patches.
So that’s why it works on lineage? They seem to get around this somehow
It runs in Lineage? Lineage is certified by Google Play Integrity API (I doubt it)? or Lineage tricks Google Play Integrity API?
Yes. These apps work and bank apps work fine. Netflix works too.
There are only problems with a bunch of applications that recently decided to use Play Integrity API not with every banking app nor Netflix.
This is the list: https://grapheneos.org/articles/attestation-compatibility-guide#apps-banning-grapheneos
In fact those applications should not work with Lineage unless Play Integrity API is patched/cracked someway in Lineage.
Oh, the banks and regulators are to blame. Especially in Europe.
Find me a PSD2 bank bank that doesn’t require a phone number
In this case, thanks to regulation, it seems GrapheneOS team is talking with European Commission about this problem with Play Integrity API https://fosstodon.org/@[email protected]/113623767380032309 and the only hope is a movement of the regulator against this policy of Google.
Just to be clear, they banned all custom roms, not only graphene.
This makes me want to use GrapheneOS more. If the dataminers don’t want you to use it then it must be doing something right.
Webapps everything you can like I do with Firefox and ublock origin. Fuck these assholes.
Not for Revolut. App only.
This sounds like an antitrust legal problem…
The GrapheneOS team is already talking to regulators: https://grapheneos.social/@GrapheneOS/112539378681400395
Can Graphene add a feature to run in emulation mode to allow apps to believe it’s on an unrestricted OS?
Unfortunately, this is probably because of the apps started using the Play Integrity API, which is a hardware-based attestation and can only be faked in two ways that GrapheneOS isn’t interested in:
- you can fake an older device that didn’t support hardware attestation yet, or had a broken implementation
- or you can try getting leaked vendor keys and emulate the crypto with those until they get revoked
