Singpass having issues

sibu12345

As title states. I'm having issues with Singpass. It's a government issued digital identification app for multiple government services, including banking login or checking tax etc.

App starts up just fine with a message "Device may not meet compatibility requirements" after intro page. Bootloader locked during installation process.

After keying in one time pin, shows this error code: 88-S15-EG-20.

Tried allowing all permissions from all google related settings (google play services, google play store, GmsCompatConfig, unspoofing location from sandboxed google play). Also tried installing firefox as default browser to transfer information (if logging in somehow uses default browser for some part of the login process). App permissions for Singpass fully enabled too.

I've also tried the workarounds from here:
https://discuss.grapheneos.org/d/8330-app-compatibility-with-grapheneos

Compatibility mode within the app itself, secure app spawning, all to no avail.

This really puts me off using grapheneos. On one hand, I'd like to use it solely for the security (therefore rooting to bypass the check is not an option). On the other hand, it puts me in a tough choice of either:
1.relinquishing grapheneOS for stock android or

Purchasing a separate phone just for apps related to Singpass.

While I could simply buy another phone for the sole purpose of having Singpass, it gives me a comfort of mind if I could use it with grapheneOS. I intended to include all my sensitive apps like banking with Singpass to one profile.

I saw a thread where someone claims to be able to use Singpass on grapheneOS:
https://forums.hardwarezone.com.sg/threads/anyone-with-a-pixel-phone-and-flashed-with-grapheneos.6446248/#post-153486797

However, that was a year/two ago. It doesn't seem like many people in Singapore care that much about privacy or security. I can't seem to find further discussions on having Singpass to work with.

Any advice or suggestions would be welcome. As stated, all permissions were granted to Singpass and all Google apps/services(potential Singpass dependencies?) as well as steps 1-3 for the workaround/compatibility guide.

Any advice would be welcome

tinky

sibu12345 Hi, there is atleast one more person in Singapore who does care deeply about privacy. You're deffinitely not alone.

Any chance you got this to work?

Nick3

Facing the same issues can one can assist?

jarell

The app has been working fine for me on a work profile. Play Store and Services installed.

Alison

jarell Hi Jarell, Do you mean you can log in Singpass on Dec 2024?

Crimson

Source: https://ask.gov.sg/singpass/questions/cm1q8ihgv009xwdnwpjufrcqc

I encountered error 88-S15-EG-20 on the Singpass app. What should I do?

Updated by SINGPASS 2mo ago

Please ensure that your device uses Certified Google Play services. If you continue to encounter Error XX-XXX-EG-20 (such as 88-S15-EG-20), your device may not meet the minimum security requirements to run the Singpass app. For the safety of your Singpass account, you will not be able to set up the Singpass app on this device.

Alternatively, you can set up the Singpass app on a different smart device or log in to services with your Singpass ID and password.

jarell

Alison yes.

Ppoo

Alison hi have you fixed this? Also I can't seem to find singpass on apkpure anymore, looks like its been taken down

Ppoo

jarell hi did you download from official play store or apk pure? What version of the apo do you have, and if its an old version, could you please send it to us so we could download

Ppoo

jarell apk pure doesn't have singpass anymore

jarell

Ppoo I downloaded it off the Play Store. Perhaps Singpass doesn't allow side loading. You could test in another profile first if you don't already have Play Store.

Ppoo

jarell I tried all sorts of methods and nothing works, including downgrading through aurora store. What's your pixel model and when was the last time you updated it? Maybe this problem only occurs for older models

Ppoo

jarell Tried this did not work

pweo2

Anyone got it working? The singpass app still showing the same error 88-S15-EG-20 in 2025-03-01. Have tried compatibility mode as well and still failing

tinky

I have the same issue. All banking apps work. HSBC, OCBC etc but not Singpass. I dont understand why a goverment like Singapore would make their apps incompatible on the most secure Mobile OS. Makes no sense. Has anyone gotton this to work? Any tips?

DeletedUser313

tinky

The mobile guardian scandal might have informed you that the government is not as tech-literate as it'd like to seem. In addition, the city ranked highly in govt surveillance would most likely be opposed to the wants of privacy-seeking citizens

OCBC has had its fair share of controversy. It also blocked Bitwarden users who toggled a certain permission, I think it was related to autofill

akc3n

tinky Suggest taking a look in these related closed issues that mention 'Singpass' as some users have added their workaround tips in the description of their reports, others have added comments.
https://github.com/PrivSec-dev/banking-apps-compat-report/issues?q=is%3Aissue%20state%3Aclosed%20Singpass

Perhaps you may find your answer there.

hydraraptor81

Hi everyone, I would like to detail my experience with Singpass since 2022.
I originally installed Singpass through the Aurora store on owner profile and I did not enable Exploit protection Compatibility mode. Google Play Services was installed. Though I had to permit native code debugging and Webview JIT, and later on Dynamic code loading from memory/storage as well and all was fine for the last 2 years+

When Graphene started to show Play Integrity API usage, I tested it by blocking Singpass from using it and sure enough it breaks the app. I later allowed it and it works fine. I subsequently moved all my apps to the Google Play Store as it is more secure, including Singpass and it was working fine as well for at least 3 other users, all using Pixel 6a as well. Whereas others with the exact same configuration and even exploit protection compatibility mode enabled failed to register Singpass.

Recently with the Android 16 update(2025070800) I received the T13 error from Singpass which was resolved for most users who had Singpass working and installed beforehand when Singpass updated on 15th July 2025. This is possibly due to the login token being preserved. However for myself, I reinstalled the app and lost the configuration, as a result I am also facing the same 88-S15-EG-20 error and based on logcat I do not see any significant difference between devices that have Singpass working on GrapheneOS Android 16. Right now when I try to register the Singpass app, I will receive the SMS OTP but the app will not even attempt to verify that I actually keyed in the correct OTP when I submit it, GrapheneOS will indicate that Play Integrity API was used and the 88-S15-EG-20 error will appear at this point.

I don't really have an explanation on why the 88-S15-EG-20 error occurs in the first place other than it being linked to Play Integrity API, but then again it doesn't explain why it was working for me for more than 2 years and there are still users who have not experienced a single issue up to this point which probably means Singpass has a broken implementation of Play Integrity.

I have written to my MP which of course just referred it to the Singpass team with a standard template reply "To ensure consistent standards of security, reliability, and protection for all users across millions of devices, the Singpass app requires platform-level certifications - including Google Play Protect certification. Devices that do not meet these requirements, such as those running custom ROMs like GrapheneOS, are not supported.

Currently, there are no plans to support alternative operating systems that do not meet these established requirements. " "Alternatively, the Singpass app remains fully functional on supported Android and iOS devices that meet the necessary certification standards."

In anyways, I have already explained the hardening by GrapheneOS and how it meets and exceeds security requirements except passing strong integrity checks and that "by using the standard Android hardware attestation API instead and permitting our official release signing keys. Android's hardware attestation API provides a much stronger form of attestation than the Play Integrity API" from https://grapheneos.org/articles/attestation-compatibility-guide to the Singpass helpdesk and they didn't comment on it anyways. I also highlighted how anti-competitive Play Integrity API is.

My suggestion to anyone encountering the 88-S15-EG-20 is to write in to your MP about this and hopefully with enough "appeal letters" we can get Singpass to drop Play Integrity API entirely.

chinook

hydraraptor81 or maybe also request them to be consistent and explicitly block all the Android devices that are not at the latest OS version and latest security patchlevel?

"as you are certainly concerned about users' security, here's a list of 150 critical security vulnerabilities that have been identified since 2023; additional 100 between 2022 and 2023; additional 100 between 2021 and 2022; etc.
Google certifying these devices puts the safety, security and privacy of the Singpass users at the GRAVE RISK. I appeal you take action by requesting Singpass to immediately drop support to critically vulnerable devices"

Of course that would require substantial effort, I know.
Of course I know that won't achieve anything, but will make clear to your MP you know he's a moron.

Maybe we should start sending this sort of the letters?

hydraraptor81

Facts, should start blocking anything that is more than 2 months off the security patch level