Comment by NoGravitas
6 months ago
Banking apps will work on Graphene if you have sandboxed Google Play Services installed, and if the banking app requires only a basic level of Play Integrity attestation. I got the same level of support with my previous LineageOS for MicroG phone as I have with my current GrapheneOS phone, it just required a lot more tinkering (and was a lot less secure).
I do appreciate the work the GrapheneOS team puts in toward compatibility, and especially the fact that they just got RCS messaging working. But any time Google or even an app vendor wants to tighten the noose, they can, just by requiring the higher, hardware-backed attestation level.
https://grapheneos.org/articles/attestation-compatibility-gu...
That page seems to be saying the opposite: hardware attestation would support GrapheneOS, whereas the Play Integrity API would not.
Anecdotally, both of the banking apps I use 'just work', and I haven't encountered any app that doesn't work. The closest thing was the Disney parks app a few years ago which would crash on launch until I disabled the hardened malloc feature for it.
I see "... and permitting our official release signing keys" there, which means you are swapping Google Android for GrapheneOS Android, and you can't use bogwog Android if you wanted to.
There is a list of apps banning GrapheneOS keys here, including govt apps, ticket apps, and McDonalds for some reason:
https://grapheneos.org/articles/attestation-compatibility-gu...
> you are swapping Google Android for GrapheneOS Android
No? You're adding support for Graphene's keys, not replacing Google's. Obviously, the main barrier is convincing developers of these apps to add support for Graphene's keys. However, this is only a problem for apps that opted to implement the Play Integrity API at all, which doesn't seem to be very common. All the recent monopoly rulings against Google may be deterring devs from implementing this obviously anti-competitive feature, and that's not to mention Google's new responsibility to offer the Play store app catalog to competing stores, thanks to the Epic case.
> The injunction issued last year by U.S. District Judge James Donato requires Google to allow users to download rival app stores within its Play store and make Play's app catalog available to competitors. Those provisions do not take effect until July 2026.
(source: https://www.reuters.com/sustainability/boards-policy-regulat...)
Maybe they'll get away with requiring competing stores to implement Play Integrity API, maybe (probably) not.
Also, that list of incompatible apps is probably out of date since I use the ebay app all the time with no issues.
3 replies →