undefined | Better HN

0 pointsarmadyl1mo ago0 comments

GrapheneOS phones are still an option, it’s unaffected by these rules.

0 comments

If they manage to expand their lineup a bit, that'll be my next phone. Or, if a company makes a phone with GrapheneOS preinstalled, I'm giving them my money.

Fuck Google for doing this, and Play Integrity making me unable to use banks is even worse.

utopiah1mo ago

> if a company makes a phone with GrapheneOS preinstalled, I'm giving them my money.

FWIW you can buy a Pixel (new or 2nd hand) and install GrapheneOS via the Web https://grapheneos.org/install/web with nothing (genuinely nothing) installed on your computer and get it working in ~15min (depending on your connection to download the ROM) out of which maybe ~2min will be your interacting with the setup process.

I initially bought an /e/OS precisely with your requirement, namely I "just" want a phone that works when I receive it, no tinkering, but having installed GrapheneOS myself few days (or weeks?) ago I can tell you, it's really straightforward.

goda901mo ago

> with nothing (genuinely nothing) installed on your computer

Not 100% accurate. You need a browser that supports WebUSB[0] which are just Chromium based ones, not Safari or Firefox.

[0]https://developer.mozilla.org/en-US/docs/Web/API/WebUSB_API

utopiah1mo ago

Agreed but that's in the requirements. I meant to say assuming your setup matches the requirements but that's indeed a shortcoming. Thanks for clarifying.

armadylOP1mo ago

They're actually partnering with Motorola and have phones coming out next year! It sounds like they'll be the Motorola Signature, Razr and Fold (iirc).

stavros1mo ago

That's great news, thanks! I can keep my phone for another year.

goodpoint1mo ago

It's pretty crazy to trust such project to run your phone.

egeres1mo ago

They have terrible support for banking apps and any app that needs play integrity

armadylOP1mo ago

And what kind of support do you think a Linux phone will have? While also having trash tier security. I don’t see that as an issue (for Americans at least since most banks here don’t use NFC/wallets in their apps), just use the web browser to access your bank.

Also GrapheneOS has in my experience decent banking app support outside of a handful of apps (including, ironically, my main bank which disabled GrapheneOS support a week or two ago). There is a maintained list of working apps that you can see for yourself: https://privsec.dev/posts/android/banking-applications-compa...

jjulius1mo ago

Does/do your bank/s absolutely always require you to use an app? Is there a desktop/website that you can use? Do they have a brick and mortar location?

utopiah1mo ago

Typically the website requires you to use the mobile app as 2FA. Typically also there are less and less brick and mortar locations.

jjulius1mo ago

Help me follow.

Which bank, specifically, requires an app for the purpose of 2FA? Further, what is the 2FA process for logging in to the app itself - wouldn't you need a second form of authentication that's not the app in that instance? If so, is that form of 2FA not allowed when logging in via desktop/laptop?

I inquire because I use multiple different banks, CC providers and financial services, but have never once been required to use an app, even with "mobile" banks like Simple or One.

1 more reply

MrDresden1mo ago

You are badly informed.

GrapheneOS has full support for Play Integrity[0].

[0]: https://grapheneos.org/articles/attestation-compatibility-gu...

odo12421mo ago

The link you link literally explains how GrapheneOS doesn’t support Play Integrity and apps should use the Hardware Attestation API instead.

microtonal1mo ago

I think you are both kind of wrong :). There are different Play Integrity levels. GrapheneOS passes the basic level, which is enough for many apps, including a bunch of European banking apps. GrapheneOS does not pass the strong level, which does remote attestation, but Google does not want to add the GrapheneOS signing key fingerprints.

My European banking and credit card apps work fine on GrapheneOS because they don't require the strong integrity level.

Google is using Play Integrity at the strong level to shut down competition. It's kinda ironic, since GrapheneOS is much more secure than the many phones out there with abysmal device security and slow updates that Google does accept with strong integrity.

MrDresden1mo ago

Yeah you're right, serves me right for writing that while busy doing other things this morning.

The intent of the comment stands though.

I meant to point out that GrapheneOS has perfectly good support for verifying device integrity via Hardware Attestation, just not the method which requires Google to acknowledge the OS signing keys.

imhoguy1mo ago

Then keep Google crapphone for banking purposes in your drawer, like auth scratch code cards in the past. I don't get that idea of carrying device with bank access in your pocket constantly. Moreover, at least in EU, there is more and more banks which publish their apps in non Google app stores too.

lawn1mo ago

All Swedish banking apps work without issue and many apps that use play integrity works well regardless. It's just some apps that use play integrity that in a certain way that doesn't work.

goda901mo ago

I've had multiple apps attempt to use Play Integrity on my GrapheneOS phone(it tells you when they try), and then just work anyway. Not sure why.

drnick11mo ago

Then don't use those apps. I know it's easier said than done sometimes, but freedom is more important than convenience.

deaux1mo ago

Yeah, just like, move to a country where banks still offer web banking, bro. Move banks. Got a locked down mortgage on good rates? Tough luck man.

Etc

Hackbraten1mo ago

What are you trying to do with your mortgage using a mobile phone?

gib4441mo ago

"Terrible" is incorrect. Yes quite a few don't work but many many do . See:

https://privsec.dev/posts/android/banking-applications-compa...

sneak1mo ago

Used Graphene as a daily driver for a year. It’s an unserious toy.

yoavm1mo ago

Can you elaborate? Why? I think many of us were hoping we could switch to it if/when Android becomes intolerable.

microtonal1mo ago

I have no idea what they are talking about. I have been daily driving GrapheneOS for almost two months now (coming from iPhone, but I have tested Pixels and Samsung phones on the side for a while) and there is no material difference in daily use from running the stock Pixel OS in daily use if you install Play (Services) and a bunch of apps. Of course, it is more secure and comes with no crap pre-installed, which is nice.

The only thing I have really found missing is Google Pay support for contactless payment (because Google doesn't want to allow GrapheneOS, but there are alternatives like Curve).

lawn1mo ago

I'm using GrapheneOS as my daily driver you couldn't be more wrong.

uncognic1mo ago

If it really was, you wouldn't have used it for a year

j / k navigate · click thread line to collapse

0 comments

stavros1mo ago

If they manage to expand their lineup a bit, that'll be my next phone. Or, if a company makes a phone with GrapheneOS preinstalled, I'm giving them my money.

Fuck Google for doing this, and Play Integrity making me unable to use banks is even worse.

utopiah1mo ago

> if a company makes a phone with GrapheneOS preinstalled, I'm giving them my money.

goda901mo ago

> with nothing (genuinely nothing) installed on your computer

Not 100% accurate. You need a browser that supports WebUSB[0] which are just Chromium based ones, not Safari or Firefox.

[0]https://developer.mozilla.org/en-US/docs/Web/API/WebUSB_API

utopiah1mo ago

Agreed but that's in the requirements. I meant to say assuming your setup matches the requirements but that's indeed a shortcoming. Thanks for clarifying.

armadylOP1mo ago

They're actually partnering with Motorola and have phones coming out next year! It sounds like they'll be the Motorola Signature, Razr and Fold (iirc).

stavros1mo ago

That's great news, thanks! I can keep my phone for another year.

goodpoint1mo ago

It's pretty crazy to trust such project to run your phone.

egeres1mo ago

They have terrible support for banking apps and any app that needs play integrity

armadylOP1mo ago

jjulius1mo ago

Does/do your bank/s absolutely always require you to use an app? Is there a desktop/website that you can use? Do they have a brick and mortar location?

utopiah1mo ago

Typically the website requires you to use the mobile app as 2FA. Typically also there are less and less brick and mortar locations.

jjulius1mo ago

Help me follow.

I inquire because I use multiple different banks, CC providers and financial services, but have never once been required to use an app, even with "mobile" banks like Simple or One.

1 more reply

MrDresden1mo ago

You are badly informed.

GrapheneOS has full support for Play Integrity[0].

[0]: https://grapheneos.org/articles/attestation-compatibility-gu...

odo12421mo ago

The link you link literally explains how GrapheneOS doesn’t support Play Integrity and apps should use the Hardware Attestation API instead.

microtonal1mo ago

My European banking and credit card apps work fine on GrapheneOS because they don't require the strong integrity level.

MrDresden1mo ago

Yeah you're right, serves me right for writing that while busy doing other things this morning.

The intent of the comment stands though.

I meant to point out that GrapheneOS has perfectly good support for verifying device integrity via Hardware Attestation, just not the method which requires Google to acknowledge the OS signing keys.

imhoguy1mo ago

lawn1mo ago

All Swedish banking apps work without issue and many apps that use play integrity works well regardless. It's just some apps that use play integrity that in a certain way that doesn't work.

goda901mo ago

I've had multiple apps attempt to use Play Integrity on my GrapheneOS phone(it tells you when they try), and then just work anyway. Not sure why.

drnick11mo ago

Then don't use those apps. I know it's easier said than done sometimes, but freedom is more important than convenience.

deaux1mo ago

Yeah, just like, move to a country where banks still offer web banking, bro. Move banks. Got a locked down mortgage on good rates? Tough luck man.

Etc

Hackbraten1mo ago

What are you trying to do with your mortgage using a mobile phone?

gib4441mo ago

"Terrible" is incorrect. Yes quite a few don't work but many many do . See:

https://privsec.dev/posts/android/banking-applications-compa...

sneak1mo ago

Used Graphene as a daily driver for a year. It’s an unserious toy.

yoavm1mo ago

Can you elaborate? Why? I think many of us were hoping we could switch to it if/when Android becomes intolerable.

microtonal1mo ago

The only thing I have really found missing is Google Pay support for contactless payment (because Google doesn't want to allow GrapheneOS, but there are alternatives like Curve).

lawn1mo ago

I'm using GrapheneOS as my daily driver you couldn't be more wrong.

uncognic1mo ago

If it really was, you wouldn't have used it for a year

j / k navigate · click thread line to collapse