TL;DR
- Efforts like Graphene OS face increasing pressure from apps that refuse to run on non-standard Android.
- The custom ROM project characterizes Google’s approach to device attestation as incomplete and flawed.
- Graphene OS is prepared to take legal action if Google won’t let it pass Play Integrity checks.
yeah. like my manufacturers’ 3-year-old, full-o-spyware ROM is more secure than latest clean installed lineage.
they just want control, not security. and with banking apps becoming a necessity, i’m starting to be forced to return to stock.
graphene sandboxes Google services so they don’t run as root on your device. I haven’t encountered an app I can’t get running on graphene yet and having Google play installed as non root is a far sight better than stock.
my biggest problem with lineage was compatibility with banking apps so I reluctantly switched but graphene is a solid choice in operating system for privacy and security.
does it hide root/custom roms?
if so im interested.
not really. after enabling oem unlocking in developer options you just boot it while holding one of the volume buttons and you’re able to unlock the bootloader.
root is not typically available and you don’t need it for most uses besides development, but even then, I would recommend not using a phone you daily for that.
sure, but unrooted custom roms also trip the protections.
root can sometimes be used to mask that.
you’re already over my head but you can talk to the devs. they have a matrix chat they link on their site
Is has been discussed, I read once here: https://discuss.grapheneos.org/d/475-wallet-google-pay/2 about it, but sadly the tweet is gone and I dont remeber the exact reason.
Graphene is great, but I’m currently on a Xiaomi phone so I can’t run most ROMs, I’ll likely run derpfest when I get the bootloader unlocked
that’s one I haven’t heard of. how is it functionally?
I haven’t tried it yet, but it seems to have a lot of pixel features ported, I realized crDroid supports my phone so I might try that
Myself, I use my bank’s web portal via my mobile browser. Not as instant as an app, but it gets the job done.
Culprit is: I need the phones app as second factor to log in to the web interface.
Yep been seeing more of that. Will just refuse to use it on my phone.
It’s been clear for at least 10 years that apps are about data harvesting not making something more useful or easier to use or more universal than a mobile website.
AFAIK that’s the way it has to be done in the EU…
I’d just leave for a different bank at that point, although I get that it’s not always practical.
Graphene os + a work profile + sandboxed play services allows you to have some baking apps. Ive got 3 and they all work without a hitch.
same bs with apps not running jidt because root or apps not being visible in playstore because of it. Netflix isn’t even showing up as existing in playstore just because i have root. it’s nuts. and there are tons of apps like this.
Netflix and their DRM is so extremely stupid it’s incomprehensible. It only hurts normal users while the rippers have no issues getting the content.
You can fix most apps with the Play Integrity Fix module and denylist. You might have to hide the magisk app too. It doesn’t get 100% of them though, I still can’t figure out how my bank app is catching it. Plus I’ve had RCS stop working with that setup, so I have to keep it disabled to avoid missing messages
The apple music app checks for a specific binary. Could be something like that.
Second phone just for these things wouldn’t work for what you need?
That’s not exactly a great solution. It works, but it’s a shitty workaround at best.
Not disagreeing I was genuinely asking.
For me it wouldnt be too inconvenient but I barely use banks so my perspective is atypical
Two phones no sweat and no use for banks… Can i get a sack? 🤣
Dont know what you mean sorry
I did pull $600 out my sock at the best buy to buy my pixel recently tho lol
I do basically that, but with aSamsung tablet, then my phone can be for phone things, calls, messages, emails. Then if I’m out and about and need to check my bank, mobile hotspot to my phone and go from there.
thats what i do atm, but its a shitty solution when i have a perfectly good phone. it defeats the purpose.
the irony is, my second phone is probably less secure, because its stuck in an ancient version of android.
I have been using stock for a while, but I remember using magisk root to hide root to the bank app and I never had an issue
i do that but sadly it aint working anymore. they implemented a new google sanctioned way of blocking it that hasnt been cracked yet.
What’s changed to make banking apps more necessary?
you cant use banks without at least their 2fa app on your phone
Ohh wow that’s wild
Thanks for the answer