cross-posted from: https://slrpnk.net/post/15995282
Real unfortunate news for GrapheneOS users as Revolut has decided to ban the use of ‘non-google’ approved OSes. This is currently being posted about and updated by GrahpeneOS over at Bluesky for those who want to follow it more closely.
Edit: had to change the title, originally it said Uber too but I cannot find back to the source of ether that’s true or not…
the problem here is not the banks or apps, the problem is Google Play Integrity API, which is supposed to enforce to run apps in secured phones and it is used to ban secured ROMs such as GrapheneOS and it allows to run apps on outdated phones without security patches.
OK McDonald’s, I will not use your most cost effective ordering method. I guess I will just have to order my 10 individually custom cheeseburgers at the counter instead. I might have to have e the order read back, and change my mind about a few burgers.
This makes me want to use GrapheneOS more. If the dataminers don’t want you to use it then it must be doing something right.
Too bad it only runs on Google’s phones…
Right? Have to pay google for the privilege
You can always buy a second hand one
Someone installing graphene os for security shouldn’t be trusting random second/third/etc hand hardware lol
There is absolutely no problem with that. The phone is wiped and encrypted when you flash graphene, and it does an integrity check every time it boots.
Hypothetically the hardware could have been modified, but that would take some insane level of a determined attacker to be fabricating modified pixels just to sell them on the used market.
Yes, this would only be a concern for targeted attacks by state actors, in which case not even buying new would be safe.
Thinking about it, in such a scenario buying used may even be safer
It’s only officially supported on google phones because sadly those are the only ones that are not modified to fuck which makes installing and supporting other OS’es way too much work.
Giving google money once for a device is not a problem from a privacy or security standpoint.
That’s correct, but not the reason grapheneOS chooses only pixel phones. It’s the level of hardware security features.
Also unlockable and presumably has well working builds. It’s not just graphene, but just about every Android project it there that’s best supported on pixels. Other manufacturers have a crazy variety of locking schemes and required tools. Each one is a nightmare to support.
For GrapheneOS, it’s primarily that it’s re-lockable. That’s why other unlockable phones aren’t supported.
The GrapheneOS install process sets new OS signing keys so you can lock the phone again and get full verified boot. However, most manufacturers haven’t implemented this feature.
What do you get, app/feature wise for verified boot vs. Play integrity app? Does it increase the amount of apps that work on it?
No, Play Integrity intentionally checks if it’s a Google-approved key. Android itself has an API to check verified boot and gives info on the signing key - most devs just want to know verified boot is working.
I feel Play Integrity has a short life ahead of if competition authorities realise how exactly it works. “Anti-competitive” is the first thing policy-minded folks think when I explain the API to them.
scjEvMGdxcGvGsFga7mOVosCISuySZVbZulIVbuUYF7A08FSRCB84Ok7Mk4P4TEI
Odd timing considering I’ve banned McDonalds, Revolut and Authy from my phone.
This is very bad news, because this means any app that wants your data could do the same.
On the other hand, it makes it easy to find which apps aren’t to be trusted with your data.
