And what kind of support do you think a Linux phone will have? While also having trash tier security. I don’t see that as an issue (for Americans at least since most banks here don’t use NFC/wallets in their apps), just use the web browser to access your bank.
Also GrapheneOS has in my experience decent banking app support outside of a handful of apps (including, ironically, my main bank which disabled GrapheneOS support a week or two ago). There is a maintained list of working apps that you can see for yourself: https://privsec.dev/posts/android/banking-applications-compa...
Does/do your bank/s absolutely always require you to use an app? Is there a desktop/website that you can use? Do they have a brick and mortar location?
Which bank, specifically, requires an app for the purpose of 2FA? Further, what is the 2FA process for logging in to the app itself - wouldn't you need a second form of authentication that's not the app in that instance? If so, is that form of 2FA not allowed when logging in via desktop/laptop?
I inquire because I use multiple different banks, CC providers and financial services, but have never once been required to use an app, even with "mobile" banks like Simple or One.
I think you are both kind of wrong :). There are different Play Integrity levels. GrapheneOS passes the basic level, which is enough for many apps, including a bunch of European banking apps. GrapheneOS does not pass the strong level, which does remote attestation, but Google does not want to add the GrapheneOS signing key fingerprints.
My European banking and credit card apps work fine on GrapheneOS because they don't require the strong integrity level.
Google is using Play Integrity at the strong level to shut down competition. It's kinda ironic, since GrapheneOS is much more secure than the many phones out there with abysmal device security and slow updates that Google does accept with strong integrity.
Yeah you're right, serves me right for writing that while busy doing other things this morning.
The intent of the comment stands though.
I meant to point out that GrapheneOS has perfectly good support for verifying device integrity via Hardware Attestation, just not the method which requires Google to acknowledge the OS signing keys.
Then keep Google crapphone for banking purposes in your drawer, like auth scratch code cards in the past.
I don't get that idea of carrying device with bank access in your pocket constantly.
Moreover, at least in EU, there is more and more banks which publish their apps in non Google app stores too.
All Swedish banking apps work without issue and many apps that use play integrity works well regardless. It's just some apps that use play integrity that in a certain way that doesn't work.
And what kind of support do you think a Linux phone will have? While also having trash tier security. I don’t see that as an issue (for Americans at least since most banks here don’t use NFC/wallets in their apps), just use the web browser to access your bank.
Also GrapheneOS has in my experience decent banking app support outside of a handful of apps (including, ironically, my main bank which disabled GrapheneOS support a week or two ago). There is a maintained list of working apps that you can see for yourself: https://privsec.dev/posts/android/banking-applications-compa...
Does/do your bank/s absolutely always require you to use an app? Is there a desktop/website that you can use? Do they have a brick and mortar location?
Typically the website requires you to use the mobile app as 2FA. Typically also there are less and less brick and mortar locations.
Help me follow.
Which bank, specifically, requires an app for the purpose of 2FA? Further, what is the 2FA process for logging in to the app itself - wouldn't you need a second form of authentication that's not the app in that instance? If so, is that form of 2FA not allowed when logging in via desktop/laptop?
I inquire because I use multiple different banks, CC providers and financial services, but have never once been required to use an app, even with "mobile" banks like Simple or One.
1 reply →
You are badly informed.
GrapheneOS has full support for Play Integrity[0].
[0]: https://grapheneos.org/articles/attestation-compatibility-gu...
The link you link literally explains how GrapheneOS doesn’t support Play Integrity and apps should use the Hardware Attestation API instead.
I think you are both kind of wrong :). There are different Play Integrity levels. GrapheneOS passes the basic level, which is enough for many apps, including a bunch of European banking apps. GrapheneOS does not pass the strong level, which does remote attestation, but Google does not want to add the GrapheneOS signing key fingerprints.
My European banking and credit card apps work fine on GrapheneOS because they don't require the strong integrity level.
Google is using Play Integrity at the strong level to shut down competition. It's kinda ironic, since GrapheneOS is much more secure than the many phones out there with abysmal device security and slow updates that Google does accept with strong integrity.
Yeah you're right, serves me right for writing that while busy doing other things this morning.
The intent of the comment stands though.
I meant to point out that GrapheneOS has perfectly good support for verifying device integrity via Hardware Attestation, just not the method which requires Google to acknowledge the OS signing keys.
Then keep Google crapphone for banking purposes in your drawer, like auth scratch code cards in the past. I don't get that idea of carrying device with bank access in your pocket constantly. Moreover, at least in EU, there is more and more banks which publish their apps in non Google app stores too.
All Swedish banking apps work without issue and many apps that use play integrity works well regardless. It's just some apps that use play integrity that in a certain way that doesn't work.
I've had multiple apps attempt to use Play Integrity on my GrapheneOS phone(it tells you when they try), and then just work anyway. Not sure why.
Then don't use those apps. I know it's easier said than done sometimes, but freedom is more important than convenience.
Yeah, just like, move to a country where banks still offer web banking, bro. Move banks. Got a locked down mortgage on good rates? Tough luck man.
Etc
What are you trying to do with your mortgage using a mobile phone?
"Terrible" is incorrect. Yes quite a few don't work but many many do . See:
https://privsec.dev/posts/android/banking-applications-compa...