Email or username:

Password:

Forgot your password?
GrapheneOS

Unfortunately, Revolut has banned GrapheneOS users from logging into the app because of an incorrectly implemented device integrity check based on the anti-competitive Play Integrity API. Our users need to put pressure on apps like this to get them to whitelist GrapheneOS.

35 comments
GrapheneOS

How you can help solve it:

1) Open a support request explaining they've incorrectly banned a secure operating system with a link to grapheneos.org/articles/attest with how to fix it.
2) Contact their management on LinkedIn and other platforms with the same thing.
3) Play Store review.

GrapheneOS

We have a thread with more details on the highly anti-competitive Play Integrity API masquerading as a security feature here:

grapheneos.social/@GrapheneOS/

Play Integrity API forbids a far more secure OS than anything they allow but yet it permits devices with no patches for 8 years.

GrapheneOS

United States v. Google LLC (2020) recently found that Google's Android partner system and therefore the Play Integrity API based on it is illegal.

We're in active contact with the EU Commission about the Play Integrity API and are hopeful they're going to do something about it.

Pietro395 :proton: ๐Ÿ‡ฎ๐Ÿ‡น

@GrapheneOS Hope the EU listens and intervenes, the problem also affects European digital identity apps that require Play Integrity API.
Currently with the Italian โ€œIOโ€ app you cannot use the documents section and they are not responding to complaints about this issue

GrapheneOS

@pietro395 @pippopippo13 It's meant to be checked on login and specific actions such as sending a transaction according to Google's intended usage of it. A lot of apps only check it at login and never check again if you never log out.

UnionMammalChewy

@GrapheneOS Finally someone looking into Google's malicious Play Integrity API. I am unable to use many financial apps on GrapheneOS despite it being up-to-date and secure whereas I can use those Apps on a cheap insecure Android 10 phone which does not get updates. I don't think financial app developers have any critical thinking when it comes to security, especially in my country.

GrapheneOS

Here are the Play Store pages where you can leave feedback:

play.google.com/store/apps/det
play.google.com/store/apps/det

Ask them to use the Android key attestation API to perform attestation with the ability to permit GrapheneOS. We linked our guide on using it above and it works well.

hexaheximal

@GrapheneOS I found this reply on the reviews:

> [...] To protect our users and ensure compliance, we implement measures to limit access from devices with custom firmware. This is primarily to safeguard accounts against potential vulnerabilities that can arise from altered operating systems.

That's very generic, and (especially when the review in question mentioned the security benefits of GrapheneOS) very telling.

GrapheneOS

Revolut is misleading users making support requests by falsely claiming there's a compatibility issue with GrapheneOS. It's not true. They're banning using a non-Google-approved OS. If it was a compatibility issue with this widely used app, we'd have worked around it on our end.

GrapheneOS

In some of their responses, they claim they check for a Google-certified OS for security reasons. Can't be true, because they're permitting an OS which hasn't received security patches for the past 8 years. They're disallowing a much more secure OS than anything Google approved.

GrapheneOS

Banning a more secure operating system as part of implementing a fake security feature shows serious anti-security culture at RevolutApp. A company which deliberately permits a device with no patches for 8 years but not a hardened OS does not understand or care about security.

GrapheneOS

Can see it's clearly because they're banning GrapheneOS because they show an error at login about you using an OS they don't support. It is not a compatibility issue. Meanwhile, they support every insecure OEM fork licensing Google apps no matter how long it hasn't been patched.

banjo
Thanks for bringing this our attention.
Joey H.

@GrapheneOS
For those interested, there is a complaints form:
revolut.com/legal/complaints-p
A complaints e-mail address:
formalcomplaints@revolut.com
And a feedback e-mail address:
feedback@revolut.com

GrapheneOS

@ronwithmusic The response is incorrect. First of all, microG is not an OS and has nothing to do with this. Their app fully works on GrapheneOS and has no compatibility issues with it. The issue is that they're going out of the way to use the anti-competitive Play Integrity API to ban using anything other than an OS partnered with Google. Keep replying and keep filing issues. Users need to put a lot of pressure on them and burn lots of their resources. Can contact management on LinkedIn too.

mbl007
Change the bank and tell them ๐Ÿ–• because it's pretty not a bad luck, they are targeting privacy users
IrishMASMS

@GrapheneOS could you please stop using the term "whitelist" as it has racist connotations

AlexTECPlayz

@Irishmasms seattlecollegian.com/op-ed-bla

With all due respect, but they're still ultimately metaphors, regardless if their background is racist. To put something on the blacklist (black, not as in skin color, but undesirable, like putting something in a void) versus a whitelist (white, as in desirable, like putting something in the light, or to favour something).

Plus, black and white / good and evil has existed since like forever. I think there's terms that can be substituted (and rightfully so, like master and slave), but I don't think these two should.

@Irishmasms seattlecollegian.com/op-ed-bla

With all due respect, but they're still ultimately metaphors, regardless if their background is racist. To put something on the blacklist (black, not as in skin color, but undesirable, like putting something in a void) versus a whitelist (white, as in desirable, like putting something in the light, or to favour something).

IrishMASMS

@alextecplayz you are showing your bias and racism

Go away fascist

Martin Kroul

@alextecplayz @Irishmasms Ban chess and Go too! ๐Ÿ‘ฟ

(yes, I am trolling)

Perivi Yohanesburgo ๐Ÿ

@GrapheneOS At this point I can expect Google to start excluding every non-certified OS from using all their services.

I guess it's time to close my Revolut account. I can't use it as much as I want because Google prevents GOS from using Google Pay so I won't miss it so much. Sure, I still have my old Nokia with a certified OS, but I don't want to use a far less secure device for bank apps.

I only used #GrapheneOS for two months and I already can see the OS and its development team are far more reliable and trustworthy than everything else on the Android ecosystem. The fact that Google still refuses to whitelist GOS baffles me.

@GrapheneOS At this point I can expect Google to start excluding every non-certified OS from using all their services.

I guess it's time to close my Revolut account. I can't use it as much as I want because Google prevents GOS from using Google Pay so I won't miss it so much. Sure, I still have my old Nokia with a certified OS, but I don't want to use a far less secure device for bank apps.

GrapheneOS

@iviyohane Google's behavior has already been found to be illegal and they're unlikely to start walling off their own services in a completely indefensible way. They're already going to be facing serious consequences for what they're doing. It's unfortunate they're doubling down on pretending the Play Integrity API has anything to do with security and convincing more and more apps to adopt it though. They think they'll get away with it because they claim it's about security but it's clearly not.

h3artbl33d :openbsd: :ve:

@iviyohane

Like the official @GrapheneOS account has already indicated - this has nothing to do with security. If it was, they would have already allowed the GrapheneOS signatures.

I only used โจ#GrapheneOSโฉ for two months and I already can see the OS and its development team are far more reliable and trustworthy than everything else on the Android ecosystem.

Totally. I have been using GrapheneOS since before the Pixels (Nexus era) and it has been a bliss. Every single day.

Plus they've already shown they can be trusted - wiping the signing keys when those were under threat to make sure malicious actors couldn't hurt the userbase. Mind you: this was before the foundation existed and AFAIK now impossible to happen again.

@iviyohane

Like the official @GrapheneOS account has already indicated - this has nothing to do with security. If it was, they would have already allowed the GrapheneOS signatures.

I only used โจ#GrapheneOSโฉ for two months and I already can see the OS and its development team are far more reliable and trustworthy than everything else on the Android ecosystem.

Marcel

@GrapheneOS same for Techniker Krankenkasse APP :-/

Kratos
๐Ÿ–•๐ŸฟRevolut ๐Ÿ˜€
IrishMASMS

@GrapheneOS @stefano

Could we not use the term whitelist, which has racist connotations and origins

Fazal Majid

@GrapheneOS ok, I will close my Revolut account and tell them this is the reason

Go Up