Comment by jojobas
6 months ago
While this is awesome, I'm kinda skeptical on the premise on two points.
Almost nobody cares about privacy, and this is going to be super expensive. I might be fine with paying extra, but the economy might not work out, like it didn't for Blackphone. Fairphone is barely alive as well. Seeing as phones are just source of ad money Google can drop the prices on their phones as well.
Some European countries and banks already require crap like Play Integrity for essential apps. So far it's possible to hold out, but for how much longer?
GrapheneOS user here. Every single banking and financial app I use works. Both European ones and non-European. Some require changing per-app settings, but nothing crazy. There's a good chance that your banking app will work.
https://github.com/PrivSec-dev/banking-apps-compat-report
https://privsec.dev/posts/android/banking-applications-compa...
We're working with a major Android OEM on the future generations of their existing devices meeting the official GrapheneOS requirements so we can officially support their devices. People will be able to buy the regular devices and install GrapheneOS at no extra cost. We're talking about selling devices with GrapheneOS preinstalled but that's not a requirement for the partnership to be a success and other companies could still do it as they do now with Pixels.
Play Integrity API doesn't impact GrapheneOS as much as other alternatives not focused on privacy and security in a similar way. A subset of the apps using the Play Integrity API are explicitly permitting GrapheneOS via hardware attestation including multiple banks like Swissquote. We're working on convincing more banks to permit it. Our hope is for regulators to invalidate the current approach and require defining clear security standards which need to be fairly enforced. The status quo of some banks banning using a much more secure OS that's even much more heavily using hardware-based security features while permitting a Google Mobile Services OS with no patches for 6 years is a massive antitrust issue. It impacts every alternative hardware platform and OS since Android app compatibility is important for competing. The obstacles to getting approved should also not be unreasonably high. It's better if apps don't do this but we can accept they are going to do it if it's a fair system permitting competition, unlike the Play Integrity API.
This is the real problem: I need my phone to work with my bank. So whatever we're doing, that's the bar to clear.
Buy the cheapest updatable phone that will work for your bank(probably a used iPhone) and use a free OS for everything else.
No, I don't want to buy, take care of, and carry around 2 devices at all times. I'm not a drug dealer.
13 replies →
I use 4 different banks, they all work with GrapheneOS.
I use 3 banks, they all work as well. Plus they're all on a separate user profile, which makes it even more secure.
Is there something important in banking apps that cannot be done with a web browser?
My bank uses the banking app for auth if I try and login via a browser.
17 replies →
Maybe the real focus should be treating Android as a single purpose environment rather than your real/life depending one.
Maybe the better approach would be focusing on getting postmarketOS to work, and use an emulation or recompilation layer that is running Android in a box (pun intended). Anbox and others were still too painful to use for daily usage, but maybe you can get rid of everything except the things that Play Integrity checks against? Maybe we can make waydroid work?
[1] https://waydro.id/
Waydroid is not a private or secure way to run Android apps. It uses an old fork of LineageOS and throws away most of the privacy and security model with how it's implemented. It does that to run Android apps on top of a much less private and secure base OS. Compatibility is far worse and it in no way avoids the Play Integrity API checks. Most banking apps do permit GrapheneOS and some of the apps banning using a non-stock OS or non-GMS devices with the Play Integrity API have explicitly permitted GrapheneOS via hardware attestation including Swissquote. Banks have no reason to ban GrapheneOS since it has all of the standard privacy and security model combined with major privacy and security improvements. They're often willing to permit it once they understand what it is and how they can verify it with a standard Android API. Convincing every app using Play Integrity to do this case-by-case is painful and unrealistic, but regulation can require permitting secure alternatives meeting defined security requirements.
why not the other way around? aosp already has a much better security posture, already runs almost everything virtualised, and will soon run 'desktop linux' apps in a vm
in fact statements from graphene suggest they hope to eventually move away from linux on the host
Doesn't play integrity verify the hardware among other things?
it won't be a special graphene phone, they are working with the OEM to make their next flagship meet graphene's security requirements; it'll just be another phone they support that isn't a pixel