this post was submitted on 11 Aug 2024
1243 points (99.1% liked)

Technology

59099 readers
3213 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

TL;DR

  • Efforts like Graphene OS face increasing pressure from apps that refuse to run on non-standard Android.
  • The custom ROM project characterizes Google’s approach to device attestation as incomplete and flawed.
  • Graphene OS is prepared to take legal action if Google won’t let it pass Play Integrity checks.
you are viewing a single comment's thread
view the rest of the comments
[–] umbrella@lemmy.ml 227 points 2 months ago* (last edited 2 months ago) (6 children)

yeah. like my manufacturers' 3-year-old, full-o-spyware ROM is more secure than latest clean installed lineage.

they just want control, not security. and with banking apps becoming a necessity, i'm starting to be forced to return to stock.

[–] newproph@sh.itjust.works 50 points 2 months ago (2 children)

graphene sandboxes Google services so they don't run as root on your device. I haven't encountered an app I can't get running on graphene yet and having Google play installed as non root is a far sight better than stock.

my biggest problem with lineage was compatibility with banking apps so I reluctantly switched but graphene is a solid choice in operating system for privacy and security.

[–] umbrella@lemmy.ml 4 points 2 months ago (1 children)

does it hide root/custom roms?

if so im interested.

[–] newproph@sh.itjust.works 9 points 2 months ago (1 children)

not really. after enabling oem unlocking in developer options you just boot it while holding one of the volume buttons and you're able to unlock the bootloader.

root is not typically available and you don't need it for most uses besides development, but even then, I would recommend not using a phone you daily for that.

[–] umbrella@lemmy.ml 12 points 2 months ago* (last edited 2 months ago) (2 children)

sure, but unrooted custom roms also trip the protections.

root can sometimes be used to mask that.

[–] newproph@sh.itjust.works 3 points 2 months ago

you're already over my head but you can talk to the devs. they have a matrix chat they link on their site

[–] HappyRedditRefugee@lemm.ee 1 points 2 months ago

Is has been discussed, I read once here: https://discuss.grapheneos.org/d/475-wallet-google-pay/2 about it, but sadly the tweet is gone and I dont remeber the exact reason.

[–] kspatlas@lemm.ee 3 points 2 months ago (1 children)

Graphene is great, but I'm currently on a Xiaomi phone so I can't run most ROMs, I'll likely run derpfest when I get the bootloader unlocked

[–] newproph@sh.itjust.works 3 points 2 months ago (1 children)

that's one I haven't heard of. how is it functionally?

[–] kspatlas@lemm.ee 2 points 2 months ago

I haven't tried it yet, but it seems to have a lot of pixel features ported, I realized crDroid supports my phone so I might try that

[–] TheLastOfHisName@lemmy.world 35 points 2 months ago (1 children)

Myself, I use my bank's web portal via my mobile browser. Not as instant as an app, but it gets the job done.

[–] MSugarhill@discuss.tchncs.de 62 points 2 months ago (3 children)

Culprit is: I need the phones app as second factor to log in to the web interface.

[–] pdxfed@lemmy.world 34 points 2 months ago (1 children)

Yep been seeing more of that. Will just refuse to use it on my phone.

It's been clear for at least 10 years that apps are about data harvesting not making something more useful or easier to use or more universal than a mobile website.

[–] MSugarhill@discuss.tchncs.de 9 points 2 months ago

AFAIK that's the way it has to be done in the EU...

[–] vividspecter@lemm.ee 3 points 2 months ago

I'd just leave for a different bank at that point, although I get that it's not always practical.

[–] HappyRedditRefugee@lemm.ee 1 points 2 months ago

Graphene os + a work profile + sandboxed play services allows you to have some baking apps. Ive got 3 and they all work without a hitch.

[–] Cyyy@lemmy.world 23 points 2 months ago (2 children)

same bs with apps not running jidt because root or apps not being visible in playstore because of it. Netflix isn't even showing up as existing in playstore just because i have root. it's nuts. and there are tons of apps like this.

[–] x00z@lemmy.world 12 points 2 months ago

Netflix and their DRM is so extremely stupid it's incomprehensible. It only hurts normal users while the rippers have no issues getting the content.

[–] ReveredOxygen@sh.itjust.works 6 points 2 months ago (1 children)

You can fix most apps with the Play Integrity Fix module and denylist. You might have to hide the magisk app too. It doesn't get 100% of them though, I still can't figure out how my bank app is catching it. Plus I've had RCS stop working with that setup, so I have to keep it disabled to avoid missing messages

[–] numanair@lemmy.ml 3 points 2 months ago

The apple music app checks for a specific binary. Could be something like that.

[–] aquinteros@lemmy.world 7 points 2 months ago (1 children)

I have been using stock for a while, but I remember using magisk root to hide root to the bank app and I never had an issue

[–] umbrella@lemmy.ml 7 points 2 months ago

i do that but sadly it aint working anymore. they implemented a new google sanctioned way of blocking it that hasnt been cracked yet.

[–] Wildly_Utilize@infosec.pub 1 points 2 months ago (1 children)

What's changed to make banking apps more necessary?

[–] umbrella@lemmy.ml 2 points 2 months ago (1 children)

you cant use banks without at least their 2fa app on your phone

[–] Wildly_Utilize@infosec.pub 2 points 2 months ago

Ohh wow that's wild

Thanks for the answer

[–] Wildly_Utilize@infosec.pub -2 points 2 months ago (2 children)

Second phone just for these things wouldn't work for what you need?

[–] AnUnusualRelic@lemmy.world 40 points 2 months ago (1 children)

That's not exactly a great solution. It works, but it's a shitty workaround at best.

[–] Wildly_Utilize@infosec.pub 8 points 2 months ago* (last edited 2 months ago) (2 children)

Not disagreeing I was genuinely asking.

For me it wouldnt be too inconvenient but I barely use banks so my perspective is atypical

[–] the_post_of_tom_joad@sh.itjust.works 6 points 2 months ago* (last edited 2 months ago) (1 children)

Two phones no sweat and no use for banks... Can i get a sack? 🤣

[–] Wildly_Utilize@infosec.pub 4 points 2 months ago* (last edited 2 months ago)

Dont know what you mean sorry

I did pull $600 out my sock at the best buy to buy my pixel recently tho lol

[–] Manalith@midwest.social 2 points 2 months ago

I do basically that, but with aSamsung tablet, then my phone can be for phone things, calls, messages, emails. Then if I'm out and about and need to check my bank, mobile hotspot to my phone and go from there.

[–] umbrella@lemmy.ml 3 points 2 months ago* (last edited 2 months ago)

thats what i do atm, but its a shitty solution when i have a perfectly good phone. it defeats the purpose.

the irony is, my second phone is probably less secure, because its stuck in an ancient version of android.