Email or username:

Password:

Forgot your password?
Top-level
GrapheneOS

We have a thread with more details on the highly anti-competitive Play Integrity API masquerading as a security feature here:

grapheneos.social/@GrapheneOS/

Play Integrity API forbids a far more secure OS than anything they allow but yet it permits devices with no patches for 8 years.

13 comments
GrapheneOS

United States v. Google LLC (2020) recently found that Google's Android partner system and therefore the Play Integrity API based on it is illegal.

We're in active contact with the EU Commission about the Play Integrity API and are hopeful they're going to do something about it.

Pietro395 :proton: ๐Ÿ‡ฎ๐Ÿ‡น

@GrapheneOS Hope the EU listens and intervenes, the problem also affects European digital identity apps that require Play Integrity API.
Currently with the Italian โ€œIOโ€ app you cannot use the documents section and they are not responding to complaints about this issue

GrapheneOS

@pietro395 @pippopippo13 It's meant to be checked on login and specific actions such as sending a transaction according to Google's intended usage of it. A lot of apps only check it at login and never check again if you never log out.

UnionMammalChewy

@GrapheneOS Finally someone looking into Google's malicious Play Integrity API. I am unable to use many financial apps on GrapheneOS despite it being up-to-date and secure whereas I can use those Apps on a cheap insecure Android 10 phone which does not get updates. I don't think financial app developers have any critical thinking when it comes to security, especially in my country.

GrapheneOS

Here are the Play Store pages where you can leave feedback:

play.google.com/store/apps/det
play.google.com/store/apps/det

Ask them to use the Android key attestation API to perform attestation with the ability to permit GrapheneOS. We linked our guide on using it above and it works well.

hexaheximal

@GrapheneOS I found this reply on the reviews:

> [...] To protect our users and ensure compliance, we implement measures to limit access from devices with custom firmware. This is primarily to safeguard accounts against potential vulnerabilities that can arise from altered operating systems.

That's very generic, and (especially when the review in question mentioned the security benefits of GrapheneOS) very telling.

GrapheneOS

Revolut is misleading users making support requests by falsely claiming there's a compatibility issue with GrapheneOS. It's not true. They're banning using a non-Google-approved OS. If it was a compatibility issue with this widely used app, we'd have worked around it on our end.

GrapheneOS

In some of their responses, they claim they check for a Google-certified OS for security reasons. Can't be true, because they're permitting an OS which hasn't received security patches for the past 8 years. They're disallowing a much more secure OS than anything Google approved.

GrapheneOS

Banning a more secure operating system as part of implementing a fake security feature shows serious anti-security culture at RevolutApp. A company which deliberately permits a device with no patches for 8 years but not a hardened OS does not understand or care about security.

GrapheneOS

Can see it's clearly because they're banning GrapheneOS because they show an error at login about you using an OS they don't support. It is not a compatibility issue. Meanwhile, they support every insecure OEM fork licensing Google apps no matter how long it hasn't been patched.

Go Up