Comment by pabs3

15 days ago

Attestation means you probably will need an Apple/Google device in addition to the GrapheneOS one:

https://grapheneos.org/articles/attestation-compatibility-gu...

6 comments

pabs3

Reply
strcat  15 days ago

Only a tiny subset of apps ban GrapheneOS. Several such as Swissquote recently decided to permit it via hardware attestation. Swizerland's government ID app is also going to be permitting it. We're working on getting more apps using the Play Integrity API to do that, but it would be better if the EU and other governments required permitting alternatives which are at least as secure as what Google permits (currently an extremely low bar, since they permit many years without privacy/security patches and only check for licensing Google Mobile Services).

  • pabs3  14 days ago

    A very large subset of important/mandatory apps though, like banking or government apps. You shouldn't be asking them to allow GrapheneOS, but asking them to stop using attestation, so people can use their choice of OS, even a custom one that they wrote, no matter how "insecure" that might be.

  • shakna  14 days ago

    As we're talking Australia... All our banks require Play Integrity. Commbank, ANZ, Bendigo, etc. All of them.

    MyGov, Centrelink, ATO and other government apps all require it.

    The "tiny subset", in Australian terms covers, "things you are required to use".

preisschild  15 days ago

Letting the app developers know that it doesnt improve security and that it blocks you from using the app and it enforcing a monopoly sometimes works.

I/We managed to get two apps (banking and eID) to remove SafetyNet attestation through complaining a lot.

  • pabs3  15 days ago

    I'm assuming those apps are still proprietary and probably privacy violating?

    • preisschild  15 days ago

      > I'm assuming those apps are still proprietary and probably privacy violating?

      Yes. Not sure about "privacy violating" though. But since its not open source I have to trust them...