this post was submitted on 09 Dec 2024
783 points (99.7% liked)

Privacy

32442 readers
834 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

cross-posted from: https://slrpnk.net/post/15995282

Real unfortunate news for GrapheneOS users as Revolut has decided to ban the use of 'non-google' approved OSes. This is currently being posted about and updated by GrahpeneOS over at Bluesky for those who want to follow it more closely.

Edit: had to change the title, originally it said Uber too but I cannot find back to the source of ether that's true or not..

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 73 points 1 week ago (3 children)

the problem here is not the banks or apps, the problem is Google Play Integrity API, which is supposed to enforce to run apps in secured phones and it is used to ban secured ROMs such as GrapheneOS and it allows to run apps on outdated phones without security patches.

[–] [email protected] 121 points 1 week ago (3 children)

which is supposed to enforce to run apps in secured phones

The point of the Google Play Integrity API is to ensure that the user is not in control of their phone, but that one of a small number of megacorps are in control.

Can the user pull their data out of apps? Not acceptable. Can the user access the app file itself? Not acceptable. Can the user modify apps? Not acceptable.

Basically it ensures that the user has no control over their own computing.

[–] [email protected] 26 points 1 week ago* (last edited 1 week ago) (1 children)

It's simply the "secure" isn't meant for users but the cooperations. Make it "secure" to their business.

[–] [email protected] 4 points 1 week ago

If you install GrapheneOS, you do not need root, so GrapheneOS is in control of the phone not the user. The key here is if GrapheneOS is secure enough to be certified by Google Play Integrity API. is it security or other issue? perhaps Google is not supporter of FOSS ROMs, perhaps it is not fun of how GrapheneOS removes permissions to Google Apps, ...

If it is not security, this is a kind of monopoly to control which ROMs are allowed to run apps.

[–] [email protected] 1 points 1 week ago

Can the user access the app file itself? Not acceptable

This is possible on any Android phone, no root or custom rom required

[–] [email protected] 6 points 1 week ago (1 children)

So that's why it works on lineage? They seem to get around this somehow

[–] [email protected] 3 points 1 week ago (1 children)

It runs in Lineage? Lineage is certified by Google Play Integrity API (I doubt it)? or Lineage tricks Google Play Integrity API?

[–] [email protected] 1 points 1 week ago (1 children)

Yes. These apps work and bank apps work fine. Netflix works too.

[–] [email protected] 1 points 1 week ago (1 children)

There are only problems with a bunch of applications that recently decided to use Play Integrity API not with every banking app nor Netflix.

This is the list: https://grapheneos.org/articles/attestation-compatibility-guide#apps-banning-grapheneos

In fact those applications should not work with Lineage unless Play Integrity API is patched/cracked someway in Lineage.

[–] [email protected] 2 points 1 week ago

Authy in that list works fine too

[–] [email protected] 6 points 1 week ago* (last edited 1 week ago) (1 children)

Oh, the banks and regulators are to blame. Especially in Europe.

Find me a PSD2 bank bank that doesn't require a phone number

[–] [email protected] 16 points 1 week ago (1 children)

In this case, thanks to regulation, it seems GrapheneOS team is talking with European Commission about this problem with Play Integrity API https://fosstodon.org/@[email protected]/113623767380032309 and the only hope is a movement of the regulator against this policy of Google.

[–] [email protected] 1 points 1 week ago (1 children)

So the Play Integrity API is literally why I moved to iOS. My bank apps didn't work with Lineage and the stock OnePlus ROM just sucked ass after the ColorOS or whatever update. I figured I might as well go iOS if I can't have a custom ROM anyway, and so far it has indeed been a much nicer experience than stock Android. If you can't TRULY customize everything, might as well at least get stability and consistency out of it, right? Plus at the time, there wasn't a single Android OEM out there with truly long OS update support.

Anyway, if this succeeds and custom ROMs are considered to have sound integrity, I might just move back to Android. Graphene seems cool, I haven't tried it yet because I've never owned a Pixel.

[–] [email protected] 5 points 1 week ago* (last edited 1 week ago) (1 children)

How would iOS be better? There is no blob-free, secure version on their devices at all. Right?

[–] [email protected] 1 points 1 week ago (1 children)

It's not for privacy. But without access to custom ROMs, Android is shit.

[–] [email protected] 4 points 1 week ago (1 children)

Sure, but the ROMs is what makes Android a more secure platform

[–] [email protected] 1 points 1 week ago (1 children)

Sure, but my point was if you can't even use ROMs because then you lose access to your bank (and now McD apparently), there's much less reason to use Android - certainly was so 2.5 years ago when they were mostly all promising 2-3 years of support for flagship devices and Apple had a track record of 6-7 years.

[–] [email protected] 2 points 1 week ago (1 children)

Nah, you dont need MacDonalds and you dont need shitty banks that require apps.

Apple has a terrible security record lol

[–] [email protected] 1 points 1 week ago (1 children)

How do I send people money without a bank? Okay maybe Wise but as you pointed out in the other thread, that money might not be insured. Also, iPhones are harder to unlock from before first unlock than many stock Androids.

[–] [email protected] 1 points 1 week ago (1 children)

I'm saying use another bank that doesn't block security hardened phones. Or one that doesn't require a phone at all.

More than half of the world sends money without bank accounts. How varies by region, but its usually a local company (usually mobile telecom companies) or an international remittances company, or cryptocurrencies

[–] [email protected] 1 points 1 week ago (1 children)

I personally use ATMs to send money. And if I were willing to resolve cert troubles (long story), I would've used the bank's website rather than the app.

[–] [email protected] 1 points 1 week ago (1 children)

I can't imagine using either of those solutions every day, sometimes several times per day.

I made 3 transfers yesterday, but there have been days of 10-20 transfers and I don't always have them planned, often it's pretty spontaneous when we buy used things from other people, particularly strangers.

[–] [email protected] 1 points 1 week ago (1 children)

Yeah, I transfer money not so regularly so I get why it wouldn't work for everyone. But why not use the website?

[–] [email protected] 1 points 1 week ago

Website requires login every time, apps for most banks here have biometrics for transfers under a certain limit or people you send money to often.