The app worked without issues until a few weeks ago. I used it for a year. It was not broken. GrapheneOS is just AOSP Android, optionally with Google Play Services.
My take is that they were trying to block rooted phones and/or custom ROMs of questionable origin and GrapheneOS just became collateral damage because all these companies do go the minimal route of using Play Integrity. GrapheneOS supports remote attestation through AOSP APIs, in fact, they have a page about it.
I think it's worth letting this be heard. GrapheneOS has > 400,000 users and is rapidly growing. Breaking things is not going to affect 5 people anymore, but thousands, ten thousands or hundreds of thousands, depending on what the app is.
> My take is that they were trying to block rooted phones and/or custom ROMs of questionable origin
There are only bad reasons for them to do that. End users don't get compromised that way in reality, but it does mean they might convince the app to do something that's bad for profits.
They don't need to do anything to support GrapheneOS. They only need to stop actively going out of the way to block it and any other alternative OS via the Play Integrity API. They put significant effort into blocking anything other than iOS or a Google Mobile Services Android stock OS certified by Google. They're not only blocking a non-stock AOSP-based operating system but rather anything other than iOS or a Google Mobile Services Android device certified by Google.
GrapheneOS maintains 99% android app compatibility. It does not require any additional funding or expenses to support GrapheneOS, and is actually more expensive to add these anticompetitive tools responsible for banning GrapheneOS.
GrapheneOS is also not responsible for bugs in this app. Any bug reports coming from GOS are likely to be from the hardening toggles, which uncover bugs in the app. This is the apps fault, and these bugs still exist on other OSs. It should be resolved for the benefit of all users.
Its not a different os though. Its still android. VW seems to just have turned on integrity checks which constantly cause issues for non-google androids. Plenty of banks do the same.
"Support" is such an overloaded and vague word in the software industry. What does it mean for a company to "support" an app/os configuration?
1. They deliberately target that app/os configuration, QA tests it, and answer customer support requests about it.
2. They target the configuration, QA tests it, but it's offered without customer support.
3. They target the configuration, but only release an untested build, use at your own risk.
4. They don't target the configuration at all, but the builds they do release happen to work on the configuration, totally unacknowledged by the company.
5. They don't target the configuration, and deliberately sabotage their application such that un-targeted configurations are actively blocked. Only adversarial users who hack the software are able to use it.
Too many companies say: "We can't do 1 because we don't 'support' it, therefore we must do 5!"
Proton is one of the best examples of this phenomenon. Almost all Windows games work on Linux via Proton. Sometimes they even run better than they do on Windows.
About the only time it doesn't work is when the game uses an anticheat system that intentionally blocks Linux. I can even see where the game devs are coming from when it comes to competitive games; cheating ruins the game for other players, and there's no way to prevent certain kinds of cheating without trusting the client to a degree.
I can't see any reasonable and user-respecting place VW could be coming from intentionally blocking access from open systems.
> If 97% of your users are on mainstream OSes, and the rest also account for disproportionately high numbers of bug reports, why should they bother supporting alternatives?
The app worked without issues until a few weeks ago. I used it for a year. It was not broken. GrapheneOS is just AOSP Android, optionally with Google Play Services.
My take is that they were trying to block rooted phones and/or custom ROMs of questionable origin and GrapheneOS just became collateral damage because all these companies do go the minimal route of using Play Integrity. GrapheneOS supports remote attestation through AOSP APIs, in fact, they have a page about it.
I think it's worth letting this be heard. GrapheneOS has > 400,000 users and is rapidly growing. Breaking things is not going to affect 5 people anymore, but thousands, ten thousands or hundreds of thousands, depending on what the app is.
> My take is that they were trying to block rooted phones and/or custom ROMs of questionable origin
There are only bad reasons for them to do that. End users don't get compromised that way in reality, but it does mean they might convince the app to do something that's bad for profits.
They don't need to do anything to support GrapheneOS. They only need to stop actively going out of the way to block it and any other alternative OS via the Play Integrity API. They put significant effort into blocking anything other than iOS or a Google Mobile Services Android stock OS certified by Google. They're not only blocking a non-stock AOSP-based operating system but rather anything other than iOS or a Google Mobile Services Android device certified by Google.
GrapheneOS maintains 99% android app compatibility. It does not require any additional funding or expenses to support GrapheneOS, and is actually more expensive to add these anticompetitive tools responsible for banning GrapheneOS.
GrapheneOS is also not responsible for bugs in this app. Any bug reports coming from GOS are likely to be from the hardening toggles, which uncover bugs in the app. This is the apps fault, and these bugs still exist on other OSs. It should be resolved for the benefit of all users.
Its not a different os though. Its still android. VW seems to just have turned on integrity checks which constantly cause issues for non-google androids. Plenty of banks do the same.
> expensive to support
"Support" is such an overloaded and vague word in the software industry. What does it mean for a company to "support" an app/os configuration?
1. They deliberately target that app/os configuration, QA tests it, and answer customer support requests about it.
2. They target the configuration, QA tests it, but it's offered without customer support.
3. They target the configuration, but only release an untested build, use at your own risk.
4. They don't target the configuration at all, but the builds they do release happen to work on the configuration, totally unacknowledged by the company.
5. They don't target the configuration, and deliberately sabotage their application such that un-targeted configurations are actively blocked. Only adversarial users who hack the software are able to use it.
Too many companies say: "We can't do 1 because we don't 'support' it, therefore we must do 5!"
Proton is one of the best examples of this phenomenon. Almost all Windows games work on Linux via Proton. Sometimes they even run better than they do on Windows.
About the only time it doesn't work is when the game uses an anticheat system that intentionally blocks Linux. I can even see where the game devs are coming from when it comes to competitive games; cheating ruins the game for other players, and there's no way to prevent certain kinds of cheating without trusting the client to a degree.
I can't see any reasonable and user-respecting place VW could be coming from intentionally blocking access from open systems.
> If 97% of your users are on mainstream OSes, and the rest also account for disproportionately high numbers of bug reports, why should they bother supporting alternatives?
Because of those bug reports, very few may be specific to the non-mainstream OS? https://news.ycombinator.com/item?id=28978086