[admin: misinformation about SafetyNet Attestation API deprecation]
missing-root "Can someone list the issues that actively prohibit GrapheneOS from being a Google Certified OS?"
Because Google has to sign off on that
- Edited
missing-root
The OS would need to pass the Compatibility Test Suite, which it does not as some GrapheneOS changes are not compatible with some of those tests. If you are interested you can run CTS to find out what tests fail.
Also privileged Play Services and some other Google apps would have to be included in the OS.
Unless Google significantly change their requirements GrapheneOS will never be a Google certified OS.
missing-root Can someone list the issues that actively prohibit GrapheneOS from being a Google Certified OS?
Fundamentally it's up to them.
I think so far they certify only OS stacks which meet a very long list of requirements including branding, pre-installing the Play infrastructure, pre-installing specific Google apps, etc. -- and those things must be enforced by a contract signed by a company (so far, that is a company building a device).
missing-root just use a profile with play services. Problem solved
After encountering an error (solved) earlier today with Google Authenticator app, I want to use non-Google apps especially if it is an account that can not be duplicated. (email, photos, password managers, authenticator app) I only use Maps now because I can not find an alternative maps navigation app that is as good as Maps or Waze.
tacobearman8 Sadly I don't think we will ever get a replacement for Maps/Waze because the only thing we really have for nav data is open street maps
tacobearman8 magic earth
I am trying Magic Earth now. So far, it is terrible and I hate it. I can not even figure out how to start using it. I'm sure it is ok but I definitely see why people love google or apple when their stuff just works. I hate spending time learning something that should be intuitive, but all the Open Street Maps software I have tried so far has equally confusing user interface.
Thanks to Overture Maps, high quality map data is being developed outside Google.
It doesn't mean that we will have great Maps/Waze alternatives soon, but it is at least a huge step towards this goal.
Resurr no this doesnt work like that.
@matchboxbananasynergy @Carlos-Anso thanks for the clarification.
Google sucks, I hope the EU acts quick. For that we need to get loud!
This is just ridiculous, controlling what devices and OS' the app can run on. For now call banks or maybe website.
soupslurpr It makes sense for bank apps NGL, they are held responsible if something happens. Even if it's user error
They shouldn't be using an anti competitive technology and it doesn't really result in a security benefit
- Edited
soupslurpr The attestation is a form of insurance I imagine, similar to why a lot of DRM won't work on certain operating systems.
Is this a good system? No, but I understand why a bank specifically would do it. Otherwise they are risking themselves to a lot of issues
This isn't to say GOS isn't secure, but rather banks want to verify what operating system the application is running on and sadly GOS isn't on their list of acceptable OSes. Mostly because of play store integrity
Same reason google pay won't work in the states, Google wants a controlled env. or else they might be held responsible if something goes wrong
Again, i'm kind of guessing here
Are there plans (if technically possible) to spoof any software-based Play Integrity checks? Otherwise, banking apps might stop working soon, now that Safetynet is finally dead.
Elk9877 I'd suggest reading this comment by the project account: https://discuss.grapheneos.org/d/10650-drm-provisioning-and-internet-access-pinning-why-choose-gos-servers/14
It's not possible to spoof the strong checks for a Google certified OS. The non-strong checks can be spoofed by pretending to be an obsolete device without hardware attestation, but they're cracking down on this spoofing in different ways and it's eventually going to be entirely ruled out by requiring hardware attestation across the board. It's pointless for a production OS to mess around with this. GrapheneOS needs to be something people can depend on rather than knowingly hacking around something we know is guaranteed to stop working.
In the words of Michael Scott, explain this to me like I'm five: what becomes the next best way to have a secure phone if massive amounts of apps stop working in the future?
I know I can get by just on FOSS apps. Banking would be a pain and I'd likely end up having to return to actually making physical deposits, but there's nothing I NEED that can't be replicated on F-Droid or GitHub. The problem is other people. Ticketmaster will not issue tickets that aren't tied to Google Wallet or Apple Pay. People look at me like i have 3 heads when I suggest Signal/Wire/etc instead of WhatsApp/Discord etc. Work and my graduate program expect me to have certain apps on my phone and they don't care that I have objections to certain software.
I'm starting to wonder if iPhone is the best bad option
5rlyn I'm starting to wonder if iPhone is the best bad option
Yeah when the bankocalypse comes I'm seriously considering buying the cheapest used iPhone with cracked screen I can find just to use it for that. Basically treat the iPhone like one of those physical TAN generators (that you put your debit card into) that most banks used to give you though nowadays most banks here have replaced them with mandatory apps.
- Edited
5rlyn You are assuming every single application is going to stop working, or at least a lot of them
Banking may become an issue, but you can still login through the website, Ticketmaster has its website as well.
"Work and my graduate program expect me to have certain apps on my phone", some people don't have a cellphone (or a dumbphone), I would recommend asking what to do in a situation like that
Discord/WhatsApp also works, I don't think they use any integrity checks anyways
The main issue is going to be apps that want a controlled env, like banking and DRM content (Netflix)