this post was submitted on 16 Aug 2024
285 points (95.8% liked)

Privacy

32120 readers
341 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

After using LineageOS for long time, I have finally moved to GrapheneOS. I use a lot of banking and financial apps which I never felt comfortable using on LineageOS due to lack of proper sandboxing, unlocked bootloader etc.

GrapheneOS works flawlessly just like Android. You don't even notice there's hardening underneath. Also it protects from Google's evil location tracking using WiFi/Bluetooth or even when the Location is turned off. I don't understand how people in general are comfortable with Google tracking all the time. You can use Google Play and Play Services in a sandbox that works just like regular installation, but without deep tracking.

If you haven't tried GrapheneOS, try it. You won't go back to regular Android.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 7 points 3 months ago (5 children)

People contemplating moving to graphene, do be aware that banking etc. absolutely can be a major PITA on graphene as well. Several official apps used where i live cannot work in graphene, even with sandboxed play services installed, making day-to-day life functionally impossible with graphene. Luckily reverting to stock android is easy, although I probably wouldn't have bought a pixel phone if I was planning on using stock OS.

[–] [email protected] 20 points 3 months ago (1 children)

"Making day to day life functionally impossible" is a bit drastic. I think that depends on each individual person, their needs both in terms of banking and privacy.

My banking app doesn't work on Graphene but I also couldn't care less. I can just as easily log in to my account via my browser on my phone if I need to do something and it isn't exactly hard, it takes all of 30 seconds more than using an app.

I realise in some other countries you don't have that option but were I in the same situation for me that would be enough to change banks, I don't want to be forced to use an app for anything.

Everyone has different lengths they are willing to go to to protect their privacy and I'm willing to make my life slightly harder where as others may not but I think saying it makes life functionally impossible is a bit of an overstatement and it needs to be judged based on individual needs.

There is a list of what banking apps work and what don't.I'll post it in a top level comment for visibility.

[–] [email protected] 4 points 3 months ago* (last edited 3 months ago) (2 children)

The thing is, I'd need the government 2FA app (which doesn't work in graphene) when logging in to my bank on a browser as well, so that doesn't change anything.

And I can't do anything, I can't check my digital mailbox (not email, we have something specifically for official communication with bank, government etc.), I can't log in to check messages from my kids school, I can't order a doctors appointment...you get the picture.

[–] [email protected] 4 points 3 months ago (1 children)

Sounds like more of a problem with your government than GrapheneOS.

[–] [email protected] 1 points 3 months ago (1 children)

it's a problem because graphene os doesn't pass google play safety check, or whatever it is called. They are apparently not able to make the sandboxes play services good enough to pass so the app accepts it's validity.

[–] [email protected] 4 points 3 months ago

It's actually a problem with Google, because the only reason GrapheneOS doesn't pass the Play Integrity API check is that Google enforces a whitelist of allowed operating systems. Even though GrapheneOS is 10x as secure as the stock OS, Google doesn't allow it. Since this is a highly monopolistic practice, the GrapheneOS team is talking to regulators to finally stop this: https://grapheneos.social/@GrapheneOS/112916691727814901

[–] [email protected] 3 points 3 months ago

Yeah i understand what you are saying and that is why everyone's individual needs come into play.

I don't know what country you are in and that can obviously affect things, my banks 2FA is an SMS. I have options in terms of the other things you mentioned, where as you may not have.

[–] [email protected] 12 points 3 months ago* (last edited 3 months ago)

Well, I never really missed being able to pay via NFC on a phone, but I also never done it. My NFC chip in my card works fine.

When my baking app started detecting my rooted phone, I just switched to using their web-app via Firefox, which allows you to create a direct link to it as an "App". Which is probably better anyway, than installing random proprietary apps on a phone. And logging into it every time is also easy with a password manager.

So I guess, as long as the banks still offer a website, I am good.

[–] [email protected] 5 points 3 months ago (2 children)

Isn't it only Google Wallet that doesn't work? I actually cancelled a bank account I had because their app only worked with Google Wallet. Some banks roll their own NFC payment thing.

I'm on CalyxOS btw, not Graphene.

[–] [email protected] 4 points 3 months ago

Some banking apps won't run without SafetyNet (technically now Play Integrity). Pure AOSP doesn't have it, and AOSP distributions with sandboxed play services or whatever usually fail the hardware attestation requirements. There are some other reasons banking apps won't work, but a lot of it is similar stuff.

[–] [email protected] 3 points 3 months ago* (last edited 3 months ago) (1 children)

No that doesn't work either, but we use a 2FA app to enable mobile banking access, SS access, school communications/message board etc., basically anything that requires you to prove your identity. That app doesn't work in graphene at all, it flat out refuses and states the OS isn't secure or the app isn't installed from a valid source, so all things dependant on this doesn't work on graphene.

Edit: a lot of other things also fail because graphene apparently doesn't pass the google play safety check either.

[–] [email protected] 2 points 3 months ago

Ah interesting. All my 2FA things work on CalyxOS. But maybe that app is the problem

[–] [email protected] 3 points 3 months ago

Banking compatability by country. In my experience even banking apps not mentioned also work. https://privsec.dev/posts/android/banking-applications-compatibility-with-grapheneos/