TL;DR

  • Efforts like Graphene OS face increasing pressure from apps that refuse to run on non-standard Android.
  • The custom ROM project characterizes Google’s approach to device attestation as incomplete and flawed.
  • Graphene OS is prepared to take legal action if Google won’t let it pass Play Integrity checks.
  • umbrella@lemmy.ml
    link
    fedilink
    English
    arrow-up
    228
    arrow-down
    1
    ·
    edit-2
    3 months ago

    yeah. like my manufacturers’ 3-year-old, full-o-spyware ROM is more secure than latest clean installed lineage.

    they just want control, not security. and with banking apps becoming a necessity, i’m starting to be forced to return to stock.

    • newproph@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      51
      ·
      3 months ago

      graphene sandboxes Google services so they don’t run as root on your device. I haven’t encountered an app I can’t get running on graphene yet and having Google play installed as non root is a far sight better than stock.

      my biggest problem with lineage was compatibility with banking apps so I reluctantly switched but graphene is a solid choice in operating system for privacy and security.

        • newproph@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          9
          ·
          3 months ago

          not really. after enabling oem unlocking in developer options you just boot it while holding one of the volume buttons and you’re able to unlock the bootloader.

          root is not typically available and you don’t need it for most uses besides development, but even then, I would recommend not using a phone you daily for that.

      • kspatlas@lemm.ee
        link
        fedilink
        English
        arrow-up
        3
        ·
        3 months ago

        Graphene is great, but I’m currently on a Xiaomi phone so I can’t run most ROMs, I’ll likely run derpfest when I get the bootloader unlocked

          • kspatlas@lemm.ee
            link
            fedilink
            English
            arrow-up
            2
            ·
            3 months ago

            I haven’t tried it yet, but it seems to have a lot of pixel features ported, I realized crDroid supports my phone so I might try that

      • Markus Sugarhill
        link
        fedilink
        English
        arrow-up
        62
        ·
        3 months ago

        Culprit is: I need the phones app as second factor to log in to the web interface.

        • pdxfed@lemmy.world
          link
          fedilink
          English
          arrow-up
          34
          ·
          3 months ago

          Yep been seeing more of that. Will just refuse to use it on my phone.

          It’s been clear for at least 10 years that apps are about data harvesting not making something more useful or easier to use or more universal than a mobile website.

        • vividspecter@lemm.ee
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          1
          ·
          3 months ago

          I’d just leave for a different bank at that point, although I get that it’s not always practical.

        • HappyRedditRefugee@lemm.ee
          link
          fedilink
          English
          arrow-up
          1
          ·
          3 months ago

          Graphene os + a work profile + sandboxed play services allows you to have some baking apps. Ive got 3 and they all work without a hitch.

    • Cyyy@lemmy.world
      link
      fedilink
      English
      arrow-up
      23
      ·
      3 months ago

      same bs with apps not running jidt because root or apps not being visible in playstore because of it. Netflix isn’t even showing up as existing in playstore just because i have root. it’s nuts. and there are tons of apps like this.

      • x00z@lemmy.world
        link
        fedilink
        English
        arrow-up
        12
        ·
        3 months ago

        Netflix and their DRM is so extremely stupid it’s incomprehensible. It only hurts normal users while the rippers have no issues getting the content.

      • ReveredOxygen@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        6
        ·
        3 months ago

        You can fix most apps with the Play Integrity Fix module and denylist. You might have to hide the magisk app too. It doesn’t get 100% of them though, I still can’t figure out how my bank app is catching it. Plus I’ve had RCS stop working with that setup, so I have to keep it disabled to avoid missing messages

        • numanair@lemmy.ml
          link
          fedilink
          English
          arrow-up
          3
          ·
          3 months ago

          The apple music app checks for a specific binary. Could be something like that.

    • aquinteros@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      ·
      3 months ago

      I have been using stock for a while, but I remember using magisk root to hide root to the bank app and I never had an issue

      • umbrella@lemmy.ml
        link
        fedilink
        English
        arrow-up
        7
        ·
        3 months ago

        i do that but sadly it aint working anymore. they implemented a new google sanctioned way of blocking it that hasnt been cracked yet.

        • Wildly_Utilize@infosec.pub
          link
          fedilink
          English
          arrow-up
          8
          ·
          edit-2
          3 months ago

          Not disagreeing I was genuinely asking.

          For me it wouldnt be too inconvenient but I barely use banks so my perspective is atypical

            • Wildly_Utilize@infosec.pub
              link
              fedilink
              English
              arrow-up
              4
              ·
              edit-2
              3 months ago

              Dont know what you mean sorry

              I did pull $600 out my sock at the best buy to buy my pixel recently tho lol

          • Manalith@midwest.social
            link
            fedilink
            English
            arrow-up
            2
            ·
            3 months ago

            I do basically that, but with aSamsung tablet, then my phone can be for phone things, calls, messages, emails. Then if I’m out and about and need to check my bank, mobile hotspot to my phone and go from there.

      • umbrella@lemmy.ml
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        3 months ago

        thats what i do atm, but its a shitty solution when i have a perfectly good phone. it defeats the purpose.

        the irony is, my second phone is probably less secure, because its stuck in an ancient version of android.