this post was submitted on 09 Dec 2024
779 points (99.9% liked)

Privacy

32482 readers
219 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

cross-posted from: https://slrpnk.net/post/15995282

Real unfortunate news for GrapheneOS users as Revolut has decided to ban the use of 'non-google' approved OSes. This is currently being posted about and updated by GrahpeneOS over at Bluesky for those who want to follow it more closely.

Edit: had to change the title, originally it said Uber too but I cannot find back to the source of ether that's true or not..

you are viewing a single comment's thread
view the rest of the comments
[–] zako@lemmy.world 73 points 2 weeks ago (3 children)

the problem here is not the banks or apps, the problem is Google Play Integrity API, which is supposed to enforce to run apps in secured phones and it is used to ban secured ROMs such as GrapheneOS and it allows to run apps on outdated phones without security patches.

[–] kevincox@lemmy.ml 121 points 2 weeks ago (3 children)

which is supposed to enforce to run apps in secured phones

The point of the Google Play Integrity API is to ensure that the user is not in control of their phone, but that one of a small number of megacorps are in control.

Can the user pull their data out of apps? Not acceptable. Can the user access the app file itself? Not acceptable. Can the user modify apps? Not acceptable.

Basically it ensures that the user has no control over their own computing.

[–] umami_wasbi@lemmy.ml 26 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

It's simply the "secure" isn't meant for users but the cooperations. Make it "secure" to their business.

[–] zako@lemmy.world 4 points 2 weeks ago

If you install GrapheneOS, you do not need root, so GrapheneOS is in control of the phone not the user. The key here is if GrapheneOS is secure enough to be certified by Google Play Integrity API. is it security or other issue? perhaps Google is not supporter of FOSS ROMs, perhaps it is not fun of how GrapheneOS removes permissions to Google Apps, ...

If it is not security, this is a kind of monopoly to control which ROMs are allowed to run apps.

[–] Anivia@feddit.org 1 points 2 weeks ago

Can the user access the app file itself? Not acceptable

This is possible on any Android phone, no root or custom rom required

[–] ryannathans@aussie.zone 6 points 2 weeks ago (1 children)

So that's why it works on lineage? They seem to get around this somehow

[–] zako@lemmy.world 3 points 2 weeks ago (1 children)

It runs in Lineage? Lineage is certified by Google Play Integrity API (I doubt it)? or Lineage tricks Google Play Integrity API?

[–] ryannathans@aussie.zone 1 points 2 weeks ago (1 children)

Yes. These apps work and bank apps work fine. Netflix works too.

[–] zako@lemmy.world 1 points 2 weeks ago (1 children)

There are only problems with a bunch of applications that recently decided to use Play Integrity API not with every banking app nor Netflix.

This is the list: https://grapheneos.org/articles/attestation-compatibility-guide#apps-banning-grapheneos

In fact those applications should not work with Lineage unless Play Integrity API is patched/cracked someway in Lineage.

[–] ryannathans@aussie.zone 2 points 2 weeks ago

Authy in that list works fine too

[–] jagged_circle@feddit.nl 6 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

Oh, the banks and regulators are to blame. Especially in Europe.

Find me a PSD2 bank bank that doesn't require a phone number

[–] zako@lemmy.world 16 points 2 weeks ago (1 children)

In this case, thanks to regulation, it seems GrapheneOS team is talking with European Commission about this problem with Play Integrity API https://fosstodon.org/@GrapheneOS@grapheneos.social/113623767380032309 and the only hope is a movement of the regulator against this policy of Google.

[–] boonhet@lemm.ee 1 points 2 weeks ago (1 children)

So the Play Integrity API is literally why I moved to iOS. My bank apps didn't work with Lineage and the stock OnePlus ROM just sucked ass after the ColorOS or whatever update. I figured I might as well go iOS if I can't have a custom ROM anyway, and so far it has indeed been a much nicer experience than stock Android. If you can't TRULY customize everything, might as well at least get stability and consistency out of it, right? Plus at the time, there wasn't a single Android OEM out there with truly long OS update support.

Anyway, if this succeeds and custom ROMs are considered to have sound integrity, I might just move back to Android. Graphene seems cool, I haven't tried it yet because I've never owned a Pixel.

[–] jagged_circle@feddit.nl 5 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

How would iOS be better? There is no blob-free, secure version on their devices at all. Right?

[–] boonhet@lemm.ee 1 points 2 weeks ago (1 children)

It's not for privacy. But without access to custom ROMs, Android is shit.

[–] jagged_circle@feddit.nl 4 points 2 weeks ago (1 children)

Sure, but the ROMs is what makes Android a more secure platform

[–] boonhet@lemm.ee 1 points 2 weeks ago (1 children)

Sure, but my point was if you can't even use ROMs because then you lose access to your bank (and now McD apparently), there's much less reason to use Android - certainly was so 2.5 years ago when they were mostly all promising 2-3 years of support for flagship devices and Apple had a track record of 6-7 years.

[–] jagged_circle@feddit.nl 2 points 2 weeks ago (1 children)

Nah, you dont need MacDonalds and you dont need shitty banks that require apps.

Apple has a terrible security record lol

[–] boonhet@lemm.ee 1 points 2 weeks ago (1 children)

How do I send people money without a bank? Okay maybe Wise but as you pointed out in the other thread, that money might not be insured. Also, iPhones are harder to unlock from before first unlock than many stock Androids.

[–] jagged_circle@feddit.nl 1 points 2 weeks ago (1 children)

I'm saying use another bank that doesn't block security hardened phones. Or one that doesn't require a phone at all.

More than half of the world sends money without bank accounts. How varies by region, but its usually a local company (usually mobile telecom companies) or an international remittances company, or cryptocurrencies

[–] EngineerGaming@feddit.nl 1 points 2 weeks ago (1 children)

I personally use ATMs to send money. And if I were willing to resolve cert troubles (long story), I would've used the bank's website rather than the app.

[–] boonhet@lemm.ee 1 points 2 weeks ago (1 children)

I can't imagine using either of those solutions every day, sometimes several times per day.

I made 3 transfers yesterday, but there have been days of 10-20 transfers and I don't always have them planned, often it's pretty spontaneous when we buy used things from other people, particularly strangers.

[–] EngineerGaming@feddit.nl 1 points 2 weeks ago (1 children)

Yeah, I transfer money not so regularly so I get why it wouldn't work for everyone. But why not use the website?

[–] boonhet@lemm.ee 1 points 2 weeks ago

Website requires login every time, apps for most banks here have biometrics for transfers under a certain limit or people you send money to often.