cross-posted from: https://slrpnk.net/post/15995282

Real unfortunate news for GrapheneOS users as Revolut has decided to ban the use of ‘non-google’ approved OSes. This is currently being posted about and updated by GrahpeneOS over at Bluesky for those who want to follow it more closely.

    • m-p{3}@lemmy.ca
      link
      fedilink
      arrow-up
      0
      ·
      14 days ago

      On the other hand, it makes it easy to find which apps aren’t to be trusted with your data.

      • themurphy@lemmy.ml
        link
        fedilink
        arrow-up
        0
        ·
        14 days ago

        Also very obvious when an app or website have an US and an EU version. You just know they buttfuck the Americans because no rules.

        Even Apple had to make two versions of iOS.

    • dutchkimble@lemy.lol
      link
      fedilink
      arrow-up
      0
      ·
      13 days ago

      Maybe graphene will find a way into duping those apps to think you have a regular android phone?

  • yoshisaur@lemm.ee
    link
    fedilink
    arrow-up
    0
    ·
    14 days ago

    man, and i was gonna switch to graphene this christmas. if every app can just ban my OS, i might have to rethink this. i would use the website but they restrict so many things to apps now…

    • BearOfaTime@lemm.ee
      link
      fedilink
      arrow-up
      0
      ·
      14 days ago

      Use a browser like Native Alpha or Hermit, which present a website like an app.

      And if you use Bitwarden/Vaultwarden for your passwords, it can be pretty seamless.

    • The 8232 Project@lemmy.ml
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      14 days ago

      Well, switching to GrapheneOS shows that you don’t care what those companies do and that you’re willing to fight. It means those companies lose one more customer.

    • Sips'@slrpnk.netOP
      link
      fedilink
      arrow-up
      0
      ·
      14 days ago

      TBF, this is the first time I’ve encountered an app not working - and it was before this. It’s just because of Google push towards monopoly via their Play Integrity API that’s ruining this.

      • RobotToaster@mander.xyz
        link
        fedilink
        arrow-up
        0
        ·
        14 days ago

        play “integrity” should be considered malware, any program that deliberately does something the user doesn’t want it to should.

    • Im_old@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      14 days ago

      I was about to switch bank because for a few days my current one (inadvertently) blocked it on grapheneOS. We sent them a few emails and they fixed in less than a week.

      • A_Union_of_Kobolds@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        14 days ago

        I use a small local credit union that doesn’t appear on their supported list. It’s literally the only thing holding me back, I’m tempted to say fuck it anyway. But I wonder if it might work anyway…

  • AstralPath@lemmy.ca
    link
    fedilink
    arrow-up
    0
    ·
    14 days ago

    Fuck both of these companies. Never used McDicks app in the first place. Spyware bullshit.

  • Droggelbecher@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    14 days ago

    I haven’t switched my phone yet, but will do so soon. Does anyone have experience with compatibility layers on phone, akin to wine? I unfortunately cannot go without my public transport apps, and they’re android or IOS only. I’ve looking into postmarket OS, but open for suggestions.

        • RubberElectrons@lemmy.world
          link
          fedilink
          arrow-up
          0
          ·
          14 days ago

          You can take a look at calyxOS, it’s what I use. Android but with all Google telemetry ripped out. It’s not as resistant as graphene against a govt adversary, but for privacy, better battery (bc google stuff isn’t constantly running) and still being able to use everything, it works great.

        • granolabar@kbin.melroy.org
          link
          fedilink
          arrow-up
          0
          ·
          14 days ago

          Most EVERYTHING works unless your app dev is PoS like these guys.

          Another alternative is MicroG which might work better in light of recent development.

          How zealous are you on dumping google?

        • killingspark@feddit.org
          link
          fedilink
          English
          arrow-up
          0
          ·
          14 days ago

          Well yes and no. The point is to stop using Google. And that entails quite a few things you might expect a phone to do

    • anti-idpol action@programming.dev
      link
      fedilink
      arrow-up
      0
      ·
      14 days ago

      What public transport apps if I may ask? Most of Western Europe and especially Germany present no issues and even have OSS options, same with Finland.

      • Droggelbecher@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        13 days ago

        Thanks for the input, i realise it’s been a while since I checked this! ÖBB Scotty, ÖBB Tickets (could forgo this one) and SBB mobile. I also need Digitales Amt (official government app for things like signing contracts without printing them, ordering your election materials to a different address than usual, checking your medical info etc). Do you happen to know whether that would work?

        • anti-idpol action@programming.dev
          link
          fedilink
          arrow-up
          0
          ·
          13 days ago

          Don’t know and sadly my Pixel got stolen recently, but you can see if Offi or Transportr meet your needs, they’re available on fdroid.

          I guess I have bad news for you regarding the government app: https://discuss.grapheneos.org/d/253-compatibility-for-austria-e-government-app

          Anyway depending on your threat model keeping a normiephone as a decoy and mainlining something like graphene os can be a good opsec decision.

          • Droggelbecher@lemmy.world
            link
            fedilink
            arrow-up
            0
            ·
            13 days ago

            Nice, thanks for the tip! Also thanks for going through the trouble of finding out for me, I appreciate it! I’m unfortunately in one of the regions where it’s specifically not available. But the second phone thing might be an option. That, or just a compatibility layer with regular old android after all.

  • tisktisk@piefed.social
    link
    fedilink
    English
    arrow-up
    0
    ·
    14 days ago

    Is this not a sign of the true intentions on both sides of the dilemma here!?!?
    Let us go to the end. We cannot afford to carry on in fear of these bans. Let the lines be neatly placed and the sides chosen wisely. If sustained profits are desired, the walled-gardens must come down.

    Vote with your dollar and vote again with your data. Wary, but never afraid is the motto privacy comrades!

    • vividspecter@lemm.ee
      link
      fedilink
      arrow-up
      0
      ·
      13 days ago

      Agreed. Leave immediately to other services, and tell them why you’re leaving. It might not make a dent, but you’ll be doing the right thing at least.

  • VeganCheesecake@lemmy.blahaj.zone
    link
    fedilink
    arrow-up
    0
    ·
    14 days ago

    Banks seem to be hit or miss, happy that mine works. Would rather switch Banks than use a stock Rom, though.

    All the Uber stuff works in Browser, both eats and their fake taxi stuff.

    Not having a subtle reminder to eat at McDonald’s is probably better for you.

    Honestly, if your app could be a website, and includes services not on your website, fuck you, I’m gonna go to the competition.

  • HiddenLayer555@lemmy.ml
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    14 days ago

    This makes me want to use GrapheneOS more. If the dataminers don’t want you to use it then it must be doing something right.

        • 50MYT@aussie.zone
          link
          fedilink
          arrow-up
          0
          ·
          13 days ago

          Your options are:

          Apple phone

          Bloated android phone like Samsung etc.

          Chinese android phone (xiami etc)

          Google phone with Android

          Google phone with graphene. This still looks like the best of those options.

          Or no phone? I guess people are hardcore enough that will be the option.

            • Andromxda 🇺🇦🇵🇸🇹🇼@lemmy.dbzer0.com
              link
              fedilink
              English
              arrow-up
              0
              ·
              edit-2
              12 days ago

              All of these are insecure as hell. Linux phones especially https://madaidans-insecurities.github.io/linux-phones.html

              Fairphone also really fucked up: They signed their own OS with the publicly available (!) AOSP test signing keys. These guys really don’t know that they’re doing, and I would trust their hardware or software whatsoever. And no, installing a custom ROM doesn’t solve this. Considering how bad their security practices are, we genuinely have to assume that there are security issues with the device firmware as well.

              /e/OS is based on the already insecure LineageOS, and it weakens the security further, so it’s not a good option either.

              None of the options you mentioned can be compared to GrapheneOS. It’s currently the best option if you value your privacy and security. You don’t have to give Google money either, since you can just buy a used device, which is also cheaper and more environmentally friendly. Google also makes repairing their devices pretty easy for consumers and even works with iFixit. Here’s a Mastodon post I recently saw about that: https://social.linux.pizza/@midtsveen/113630773097519792

              • Venia Silente@lemm.ee
                link
                fedilink
                English
                arrow-up
                0
                ·
                12 days ago

                An used Pixel, assuming I can find one in my country, still costs four (4) times what I need to shell out for a in-market Lineage compatible phone.

                Theoretical security is cute, but it has to be adjusted to practical feasibility. The most secure computer in the world is useless to you if you can’t boot it up.

                • Security-wise you’re better off using whatever OS comes with your device than downgrading to LineageOS. At least most smartphone vendors (except for Fairphone) manage to ship their Stock OS with a locked bootloader and somewhat working Verified Boot.

            • Killercat103@slrpnk.net
              link
              fedilink
              arrow-up
              0
              ·
              edit-2
              13 days ago

              Is swiftphone its own thing or did you mean shiftphone? I kinda want the shiftphone 8 myself even if they only ship to neighboring countries of mine.

            • SeekPie@lemm.ee
              link
              fedilink
              arrow-up
              0
              ·
              13 days ago

              I don’t think LOS has any privacy/security improvements over the stock android?

              (IIRC) it’s even worse than stock because you can’t lock the bootloader after installation.

              Though if your phone isn’t getting official updates, it’s probably safer with LOS.

                • SeekPie@lemm.ee
                  link
                  fedilink
                  arrow-up
                  0
                  ·
                  edit-2
                  13 days ago

                  Yeah, I myself am using CalyxOS, because DivestOS doesn’t support the Fairphone 5 unfortunately. CalyxOS also has relocking.

              • Venia Silente@lemm.ee
                link
                fedilink
                English
                arrow-up
                0
                ·
                12 days ago

                (IIRC) it’s even worse than stock because you can’t lock the bootloader after installation.

                That’s a problem with the phone manufacturer, not with Lineage.

                • Not with GrapheneOS, since you can entirely disable the USB controller from the settings on a driver level, making it impossible to connect the phone to a forensic data extraction device. GrapheneOS also has a convenient auto-reboot feature, which (together with their patches to the Linux kernel and Fastboot recovery OS to include memory zeroing) erases the encryption keys from memory, putting the device in BFU state and requiring the PIN/password to unlock. This is additionally secured by the Titan M2 secure element, which makes use of the Weaver API and drastically throttles brute-force unlock attempts. https://grapheneos.org/faq#encryption

          • zerozaku@lemmy.world
            link
            fedilink
            English
            arrow-up
            0
            ·
            13 days ago

            Xiaomi has the biggest custom ROM scene out there btw despite them trying their hardest to stop bootloader unlocking. You really don’t need to have a company supporting unlocking to make ROMs for them. If they outright block it then that’s an issue.

          • ryannathans@aussie.zone
            link
            fedilink
            arrow-up
            0
            ·
            edit-2
            13 days ago

            Someone installing graphene os for security shouldn’t be trusting random second/third/etc hand hardware lol

              • XTL@sopuli.xyz
                link
                fedilink
                arrow-up
                0
                ·
                13 days ago

                Hypothetically the hardware could have been modified, but that would take some insane level of a determined attacker to be fabricating modified pixels just to sell them on the used market.

                • OrganicMustard@lemmy.world
                  link
                  fedilink
                  arrow-up
                  0
                  ·
                  13 days ago

                  It also comes with a hardware auditor, although you need another trusted graphene phone to use it. I don’t know about the details, but sounds very hard to mess with it.

                • Venia Silente@lemm.ee
                  link
                  fedilink
                  English
                  arrow-up
                  0
                  ·
                  12 days ago

                  Nothing too hypothetical nor an “insane” level of work. Didn’t Israel do just that with some beepers to blow up children?

                • Anivia@feddit.org
                  link
                  fedilink
                  arrow-up
                  0
                  ·
                  13 days ago

                  Yes, this would only be a concern for targeted attacks by state actors, in which case not even buying new would be safe.

                  Thinking about it, in such a scenario buying used may even be safer

            • Auli@lemmy.ca
              link
              fedilink
              English
              arrow-up
              0
              ·
              13 days ago

              Shouldn’t trust anything then. They could intercept your new phone and modify it. They did it for switches. But your not worth it for “them”.

      • Realitaetsverlust@lemmy.zip
        link
        fedilink
        English
        arrow-up
        0
        ·
        13 days ago

        It’s only officially supported on google phones because sadly those are the only ones that are not modified to fuck which makes installing and supporting other OS’es way too much work.

        Giving google money once for a device is not a problem from a privacy or security standpoint.

        • Samsy@lemmy.ml
          link
          fedilink
          arrow-up
          0
          ·
          13 days ago

          That’s correct, but not the reason grapheneOS chooses only pixel phones. It’s the level of hardware security features.

          • XTL@sopuli.xyz
            link
            fedilink
            arrow-up
            0
            ·
            13 days ago

            Also unlockable and presumably has well working builds. It’s not just graphene, but just about every Android project it there that’s best supported on pixels. Other manufacturers have a crazy variety of locking schemes and required tools. Each one is a nightmare to support.

            • orange@communick.news
              link
              fedilink
              arrow-up
              0
              ·
              13 days ago

              For GrapheneOS, it’s primarily that it’s re-lockable. That’s why other unlockable phones aren’t supported.

              The GrapheneOS install process sets new OS signing keys so you can lock the phone again and get full verified boot. However, most manufacturers haven’t implemented this feature.

              • fuzzzerd@programming.dev
                link
                fedilink
                English
                arrow-up
                0
                ·
                13 days ago

                What do you get, app/feature wise for verified boot vs. Play integrity app? Does it increase the amount of apps that work on it?

                • orange@communick.news
                  link
                  fedilink
                  arrow-up
                  0
                  ·
                  9 days ago

                  No, Play Integrity intentionally checks if it’s a Google-approved key. Android itself has an API to check verified boot and gives info on the signing key - most devs just want to know verified boot is working.

                  I feel Play Integrity has a short life ahead of if competition authorities realise how exactly it works. “Anti-competitive” is the first thing policy-minded folks think when I explain the API to them.

        • Irelephant@lemm.ee
          link
          fedilink
          arrow-up
          0
          ·
          13 days ago

          In the EU almost every phone has an unlockable bootloader, there just isn’t any roms or custom recoveries for a lot of them.

        • HiddenLayer555@lemmy.ml
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          13 days ago

          Wish they’d at least support Fairphone.

          If Graphene reached out to them I bet Fairphone would even actively work with them to make it an official OS option.

  • HiramFromTheChi@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    14 days ago

    I can’t prove it, but I’m 99% sure Lyft did the same thing. Had a perfect rating (and was even a driver at one point), and they banned me without explanation right after I switched to GrapheneOS.

    Emailed them a few times asking for the season, and they refused to tell me.

    _"Legally, we cannot release any additional information except that we found your account to be violating our Terms of Service.

    We will be in touch if we are able to reopen your account in the future."_

    There’s absolutely nothing else that they could’ve misconstrued as “violating the Terms of Service.”

    If Uber’s going down the same path, no more ride-sharing for me I guess. ¯_(ツ)_/¯

    • jagged_circle@feddit.nl
      link
      fedilink
      English
      arrow-up
      0
      ·
      13 days ago

      Its machine learning fingerprinting. They lost the ability to fingerprint you, a flag was raised, and you’re b&

      When this happens to half your accounts, that’s when you know you’re winning at not being tracked

    • UntitledQuitting@reddthat.com
      link
      fedilink
      arrow-up
      0
      ·
      14 days ago

      Do the web apps not still work? I’ve booked Uber eats from a computer in the past, I’m imaging the phone browser version might still function. I don’t have lyft in my country to know tho.

    • NotMyOldRedditName@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      13 days ago

      There’s no reason a company couldn’t release the info legally unless it was under something like AML (anti money laundering) laws and you were flagged as a criminal. They legally can’t disclose why in that case.

      Using a different OS isn’t reason enough, if they were telling the truth about the legal restrictions.

    • kalpol@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      14 days ago

      Uber still works under Lineage. Can’t imagine what the heck they are trying to block

      • HiramFromTheChi@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        13 days ago

        No idea. Gonna try to stick to the web app instead and hold off updating the native mobile app for as long as possible.

  • Churbleyimyam@lemm.ee
    link
    fedilink
    arrow-up
    0
    ·
    14 days ago

    If a business makes it too difficult to use them I just use someone else. I’m sure they understand that but are making a killing at the expense of other people.

    • jagged_circle@feddit.nl
      link
      fedilink
      English
      arrow-up
      0
      ·
      13 days ago

      There will come a day when there are no alternatives. Ive hit this in many places (EU banks, dating sites, etc)

    • jagged_circle@feddit.nl
      link
      fedilink
      English
      arrow-up
      0
      ·
      13 days ago

      Oh yeah that’s an insta-ban. And even the waydroid app devs say their security is atrocious and you shouldn’t use it for banking.

  • shortwavesurfer@lemmy.zip
    link
    fedilink
    arrow-up
    0
    ·
    14 days ago

    Use the websites whenever you can. That’s what I do at least. Although I had to stop using Lyft entirely, because they stopped supporting rides from their website apparently. And that leaves just Uber. I actually left my bank for a similar reason. It supported my phone just fine, and it worked without Google Play Services, but the website wouldn’t let me do everything that the app would, and the app required that I have Aurora Store to download their banking app from the Google Play Store, and I wanted to get away from that, so I switched banks so that I could use the bank website instead. From what I can tell, you run into this kind of stuff a lot with FinTech apps. But if you use older banks, like Discover or Wells Fargo or things like that, they tend to work better. Maybe because they’re not up with the newest technology, LOL.

    • LiveLM@lemmy.zip
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      14 days ago

      lol, I’ve observed the same.
      Fancy “Digital Wallet” thingy is absolutely decked out in Root detection, meanwhile my older, physical bank’s app doesn’t give a fuck.

      I’ve never been too fond on the idea of a 100% digital bank so no loss for me!

    • Sips'@slrpnk.netOP
      link
      fedilink
      arrow-up
      0
      ·
      14 days ago

      Yeah Revolut is also the kinda app that is almost only a mobile app, not much you can do with their website, last i checked.

  • AnEilifintChorcra@sopuli.xyz
    link
    fedilink
    arrow-up
    0
    ·
    14 days ago

    Lol I spent a week going back and forth with Revolut support in august. I could sign into the app but it would always ask me for a “selfie” verification and every time support would say its a super dark selfie.

    Eventually I decided to try a stock ROM and it just worked and I realised what was happening so I transferred all of my money out and deleted my account.

    Most local banks here are terrible at making apps, some even require a separate device that looks like a calculator to use online banking, so hopefully they wont follow suit anytime soon

    • kevincox@lemmy.ml
      link
      fedilink
      arrow-up
      0
      ·
      14 days ago

      require a separate device that looks like a calculator to use online banking

      To be fair this actually provides a very high level of security? At least in my experience with AIB (in Ireland) you needed to enter the amount of the transactions and some other core details (maybe part of the recipient’s account number? can’t quite recall). Then you entered your PIN. This signed the transaction which provides very strong verification that you (via the PIN) authorize the specific transaction via a trusted device that is very unlikely to be compromised (unless you give someone physical access to it).

      It is obviously quite inconvenient. But provides a huge level of security. Unlike this Safety Net crap which is currently quite easy to bypass.

      • Aceticon@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        14 days ago

        Those little boxes are just a bit of hardware to let the smartchip on the smartcard do what’s called challenge-response authentication (in simple terms: get big long number, encode it with the key inside the smartchip, send encoded number out).

        (Note that there are variants of the process were things like the amount of a transfer is added by the user to the input “big long number”).

        That mechanism is the safest authentication method of all because the authentication key inside the smartchip in the bank card never leaves it and even the user PIN never gets provided to anything but that smartchip.

        That means it can’t be eavesdropped over the network, nor can it be captured in the user’s PC (for example by a keylogger), so even people who execute files received on their e-mails or install any random software from the Internet on their PCs are safe from having their bank account authentication data captured by an attacker.

        The far more common two-way-authentication (log in with a password, then get a number via SMS and enter it on the website to finalize authentication), whilst more secure that just username+password isn’t anywhere as safe as the method described above since GSM has security weaknesses and there are ways to redirected SMS messages to other devices.

        (Source: amongst other things I worked in Smart Card Issuance software some years ago).

        It’s funny that the original poster of this thread actually refuses to work with some banks because of them having the best and most secure bank access authentication in the industry, as it’s slightly inconvenient. Just another example of how, as it’s said in that domain, “users are the weakest link in IT Security”.

        • jagged_circle@feddit.nl
          link
          fedilink
          English
          arrow-up
          0
          ·
          13 days ago

          You had me until banks are secure. Most banks use 2FA over SMS. All banks in the EU require a phone number for PSD2 requirements.

          With GPG and TOTP support, its been easier to secure s Facebook or google account better than 99% of bank accounts

          • Aceticon@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            0
            ·
            13 days ago

            I literally said 2FA over SMS is not secure because of weaknesses in the GSM protocol.

            It’s still more secure than username + password alone, but that’s it.

            • jagged_circle@feddit.nl
              link
              fedilink
              English
              arrow-up
              0
              ·
              edit-2
              13 days ago

              Sure, but afaik all EU banks require a phone number so they can send OTPs using your phone for transaction auth. This is a mandate of PSD2.

              My disagreement is with your last paragraph. Because of this regulation, banks are horrendously insecure. If I refuse to enter a phone number when signing up for a bank account, I literally cannot get a bank account in Europe. That’s insecure despite the user, not because of the user.

              • Aceticon@lemmy.dbzer0.com
                link
                fedilink
                English
                arrow-up
                0
                ·
                edit-2
                13 days ago

                It think you’re confusing security (in terms of how easy it is to impersonate you to access your bank account) with privacy and the level of requirements on the user that go with it - the impact on banking security of the bank having your phone number is basically zero since generally lots individuals and companies who are far less security conscious than banks have that number.

                That said, I think you make a good point (people shouldn’t need a mobile phone to be able to use online banking and even if they do have one, they shouldn’t need to provide it to the bank) and I agree with that point, though it’s parallel to the point I’m making rather than going against it.

                I certainly don’t see how that collides with the last paragraph of my original post which is about how the original thread poster has problems working with banks which “require a separate device that looks like a calculator to use online banking” which is an element of the most secure method of all (which I described in my original post) and is not at all 2FA but something altogether different and hence does not require providing a person’s phone to the bank. I mean, some banks might put 2FA on top of that challenge-response card authentication methods, but they’re not required to do so in Europe (I know, because one of the banks in Europe with which I have an account uses that method and has no 2FA, whilst a different one has 2FA instead of that method) - as far as I know (not sure, though) banks in Europe are only forced to use 2FA if all they had before that for “security” was something even worse such as username + password authentication, because without those regulations plenty of banks would still be using said even worse method (certainly that was the case with my second bank, who back in the late 2010s still used ridiculously insecure online authentication and only started using 2FA because they were forced to)

                • jagged_circle@feddit.nl
                  link
                  fedilink
                  English
                  arrow-up
                  0
                  ·
                  edit-2
                  13 days ago

                  Transmitting an OTP to the user is a security risk.

                  Banks in the EU are, in fact, forced to implement 2FA using phone numbers as part of “dynamic linking” requirement of PSD2, which makes more secure methods of 2FA (like TOTP) not allowed

      • jagged_circle@feddit.nl
        link
        fedilink
        English
        arrow-up
        0
        ·
        13 days ago

        That’s pretty typical when its a low level machine learning algorithm that flagged the account. Usually the support rep legitimately doesn’t know, and you’ll get stuck in an infinite loop