this post was submitted on 11 Jan 2025
87 points (100.0% liked)

GrapheneOS [Unofficial]

1830 readers
5 users here now

Welcome to the GrapheneOS (Unofficial) community

This feed is currently only used for announcements and news.

Official support available on our forum and matrix chat rooms

GrapheneOS is a privacy and security focused mobile OS with Android app compatibility.

Links

More Site links

Social Media

This is a community based around the GrapheneOS projects including the hardened Android Open Source Project fork, Auditor, AttestationServer, the hardened malloc implementation and other projects.

founded 3 years ago
MODERATORS
KindnessInfinity@lemmy.ml
maade@lemmy.ml
akc3n@lemmy.ml
treequell@lemmy.world
87
GrapheneOS Play Integrity Usage Notifications Coming Soon (grapheneos.social)
submitted 1 week ago by KindnessInfinity@lemmy.ml to c/grapheneos@lemmy.ml
11 comments fedilink hide all child comments
 

We've implemented a system for notifying users when apps use the Play Integrity API. This will help users determine which apps are banning using a non-stock OS. Some of these will still work if they only enforce basic integrity rather than requiring a Google certified device running the stock OS.

Using Play Integrity is an incredibly anti-privacy and anti-security practice despite being wrongly portrayed as a security feature. The notification will include a link for leaving a rating and review for the app via sandboxed Play Store to make it very convenient for people to send complaints.

App developers can implement support using standard hardware-based attestation and allowlist the GrapheneOS signing keys if they insist on checking device integrity. There's a guide for this at https://grapheneos.org/articles/attestation-compatibility-guide. There's no good excuse for only permitting a device/OS licensing GMS.

Most apps using the Play Integrity API are enforcing the device integrity level. This enforces having a device licensing Google Mobile Services with the stock OS. It has no issue with a device behind on patches by a decade. Strong integrity level checks for the same thing via hardware attestation.

We may also add a way to block the Play Integrity API with a per-app toggle if we determine this helps improve compatibility due to some apps still having a fallback to other approaches. Spoofing device integrity level is possible but increasingly problematic and will get worse.

you are viewing a single comment's thread
view the rest of the comments
[–] highduc@lemmy.ml 22 points 1 week ago (10 children)

I'm glad they're trying to fight it, because if banks apps enforce "play integrity" I'm guessing that'll be a nail in the coffin for Graphene.
With the reviews however I don't think we'll be able to make much of an impact. Revolut already has 1 star from me, can't give it any fewer I'm afraid.
And I think so few people use Graphene that the banks can just ignore us.

[–] sic_semper_tyrannis 14 points 1 week ago (7 children)

I've been using GrapheneOS for a few years now and simply log into my bank via my web browser. Sure I can't depoit checks remotely but I don't understand why this is such a deal breaker for people

[–] propter_hog@hexbear.net 8 points 1 week ago (1 children)

It's a big deal breaker when your bank is online only. Mobile deposit is the only way I can make a deposit.

[–] ParetoOptimalDev 3 points 1 week ago

Move banks, leave feedback why you left.

load more comments (5 replies)
load more comments (7 replies)