Someone with Pixel 8 please report if version 3.2.2 works with 20131023. Given that this particular version was released to address issues with Pixel 8, I am assuming that it should work.

    lbschenkel

    Pixel 8 UD1A.230803.041.2023102300

    Mitid 3.2.2

    Works totally fine. I do not have a Danish ID so I didn't proceed too far into the app but I can confirm that the app opens and seems to behave quite nicely.

      lbschenkel I can also confirm 3.2.2 fully works on the Pixel 8 with build UD1A.230803.041.2023102300

        9 days later

        is it just me that cannot get it to sign in?
        pixel 7 pro
        when scanning the passport it just fails after a minute or two.

        tried from aurora aswell as google play store.
        gps has network access.

        everything is updated to latest as of now, which according to the gist should work?

        Version 23.35.14 (190400-561707045)

          LGXerxes I just to point out that if you can reach the point of scanning the passport without the app complaining that you are rooted, the app is "working" in the sense that it would have behaved the same way as stock Android and it is not refusing to work due to detecting something different with GrapheneOS.

          That said, which country's passport are you trying to read? Is it failing to read it at all or does it give an error after reading? Can you try to read your passport using ReadID Me to see if that works?

          Although MitID claims to support any biometric passport, I have multiple citizenships and the app just works for one passport but does not work for another: it reads the passport but then it shows an error and does not proceed. I know it is the app rejecting the passport and not the passport failing to read because the passport can be read successfully via ReadID.

              lbschenkel thanks for your input!

              it seems theat it is just not working for pixel7pro?

              as on my xiaomi mi9t pro on the same mitid version scanning of the passport works.

              it is a Danish passport.

              and reading with ReadID me, works fine :(

                  lbschenkel
                  it scans, the dots fill up. but it is thinking.
                  then at some point it complains about to many tries and i have to start over again.

                  my thought was that it tries to validate some data somewhere but it is not able to reach it. but i think I've removed all hardening on mitid and give alot of accesses to GPS and play store.

                    11 days later

                    Just a FYI: new MitID version 3.2.3 works in GrapheneOS versions 20231031 and 20231115.

                    I had the same issue with MitID on GrapheneOS. It said my device is rooted, but it's not. I updated GrapheneOS recently, so maybe that's the prob. Can someone with an older GrapheneOS version check if MitID works for them It seems like there might be a hiccup with the MitID app on GrapheneOS. The message about the device being rooted popped up, but the phone isn't rooted. Could be an update thing. Maybe someone with an older GrapheneOS version can check if the app works without showing that message? If it's just happening after the recent update, might be a bug. Could really mess things up for folks in Denmark if it's not sorted out.

                      I am no longer able to login to the site with MitID. I can enter the code of MitID but nothing happen afterwards.

                        Grkrz mitID works but it is not possible to login to any sites on Vanadium.
                        Something is not allowing to continue to enter the site after conformation from MitID.
                        I have tried with Firefoks and works.

                          I can confirm that MitID login flow is currently broken in Vanadium: the MitID app itself works but when control is back to Vanadium, it does not redirect to the post-login page.

                          I could reproduce this when trying to login in mitid.dk and when trying to login in my bank app. Switching default browser to either Firefox or Chrome fixed the issue.

                          I tried to relax every possible setting in Vanadium but I could still not make it work.

                          Note that I am 100% certain that Vanadium used to work months ago. In fact, to login to my bank app I was forced to change default browser from Firefox to Vanadium because with Firefox it always got stuck in the post-login phase, in a similar way that it is happening now. Now the situation has reversed.

                          I am not quite sure if this is due to something changing in Vanadium, or due to the changes that happened with the MitID login flow when the barcodes were introduced. It used to be that you could login by entering your name and manually switching to the MitID app to authenticate; now you are forced to push the button to open the app from the login form. This change might have been the one that stopped working in Vanadium for whatever reason. I'm inclined to say that either way, this is a Vanadium bug.

                            • [deleted]

                            • Post #198

                            lbschenkel This may be because of some Vanadium patch for privacy

                              I can only confirm that last week everything was working with Vanadium.

                              a month later

                              @lbschenkel Every issue reported with this app has been a bug in the app. The same thing applies to the compatibility issues with Vanadium. They're doing completely broken security theater as they've always been doing. The solution is reporting the problems to them persistently and getting them to fix it as they've done for past issues. They expect the browser to leak information about the OS including the device model or they'll ban it as fraud. It doesn't make any sense and is broken. Security checks should always be server side, not client side, and these kinds of checks are not security. The developers of these apps take security theater nonsense to whole new levels. They may be violating competition laws in the EU by unnecessarily breaking the app with alternate operating systems and browsers. Please raise these issues with them.

                              @[deleted] Vanadium stopped telling websites the device model, etc. via high entropy client hint headers. This doesn't break anything that's not inherently broken. Only Chromium-based browsers have the client hints. The app is buggy and is hard-wiring checks to see if the browser resembles one they allow.

                              Vanadium isn't going to provide a toggle to enabling giving sites the device model, etc. via headers that are not even implemented by non-Chromium-based browsers. This app is extremely buggy and poorly written. They need to cut out the security theater of hard-wiring checks for the browser providing metadata matching a browser/OS they allow. It's nonsense and doesn't improve security in any way. They almost certainly do this as part of broken bot / fraud detection. They simply need to fix it to permit Vanadium. Ask them to fix their buggy software again. They seem to be willing to do that since they fixed all the other issues in the past eventually.

                              @lbschenkel This app is consistently broken on different browsers, operating systems, etc. due to their security theater and buggy code. There has never been a case where it was broken due to a bug in GrapheneOS. It's incredibly strange to start blaming something you say happened in Firefox with it before on Vanadium now. It's their app which is consistently the problem. Removing the high entropy client hints was a publicly announced change in Vanadium which doesn't break compatibility with anything that's not already broken and non-portable. They need to fix their site, and you need to report their bugs to them rather than to us. Blaming Vanadium for this is wrong, just as blaming GrapheneOS for the earlier issues was wrong. Every issue has proven to be a bug they ended up fixing later. There has yet to be a single issue reported here which was anything else but a bug on their end. Report them problem to them and emphasize that supporting only specific browsers is anti-competitive. Whitelisting browsers based on their advertised OS/version/hardware metadata is wrong.

                              An actual bot would simply send the headers that Chrome does without doing anything special by simply doing automation via scripted Chrome, invalidating their broken checks.

                                The app developers explicitly say that they only support Chrome and Safari. They deliberately break it in other browsers. They likely added hard-wired checks for Firefox's headers at some point so that temporarily works, until it changes slightly and stops working again for months. Entirely useless security theater and is going to keep breaking with each new OS release, browser changes, etc. It doesn't mean anything is broken about those OS releases, browser changes, etc. This app is broken, and will keep breaking over and over even on the stock OS until they stop doing this broken bot detection nonsense.

                                GrapheneOS I'm a developer myself, so I completely agree with you on technical matters. That said, let me clarify.

                                What I wrote before:

                                I'm inclined to say that either way, this is a Vanadium bug.

                                Mea culpa. Re-reading this now, what I should have written to express what I had in mind was either way, this is a regression likely triggered by a Vanadium change. I did not really meant to lay the blame on Vanadium, I just wanted to express that:

                                • I'm completely sure that Vanadium used to work
                                • Then at some point it stopped working (not sure when, I re-tested when I saw the reports here)
                                • Other Chromium-based browsers still work
                                • I checked the commit log in Vanadium and I seemed possible that some of the changes from when it used to work may have upset MitID

                                I'm happy that you finally clarified that additional hardening in Vanadium regarding the headers is what triggered the change in behaviour from the MitID side. This proves that my hunch was right.

                                It's incredibly strange to start blaming something you say happened in Firefox with it before on Vanadium now.

                                No, it's not "incredibly strange". It's exactly what was happening:

                                • In the past, it was not possible to log in with MitID inside any app if Firefox was the default browser in the phone (as it becomes the default in-app browser as well). After authentication, when the control was sent back to the app, the app couldn't detect that the log-in succeeded. Note that this was only for apps; authentication in Firefox itself (for websites) was working.
                                • Changing the default browser to Vanadium (which became also the default in-app browser) fixed the authentication issue for apps. Authentication for websites also worked.
                                • At some point, Firefox started working, both in websites and as the in-app browser inside other apps.
                                • Now Vanadium no longer works, neither in websites, nor inside other apps.

                                This is not laying blame. I was just stating the facts: for authenticating with MitID, Firefox used to be broken and Vanadium used to work, and now the situation has reversed and Firefox works but Vanadium doesn't.

                                I have enough experience with MitID that 99% of the time the problem is with MitID. But more often than not, it's also true that changes elsewhere trigger some overzealous security theater MitID checks. When that's the case, even though the blame almost always lies with MitID, it's often important to understand what changed and how it upset MitID (to report it to them and to see what's the best workaround).

                                Ask them to fix their buggy software again. They seem to be willing to do that since they fixed all the other issues in the past eventually.

                                Report them problem to them and emphasize that supporting only specific browsers is anti-competitive.

                                I have done this multiple times and I am still doing it. But to get the message across, each time MitID stops working we need to understand (1) what broke this time and (2) why it broke now so we can formulate in some way that hopefully they can understand. Hence the discussions here.

                                To conclude, @GrapheneOS, I would like to express a few extra points:

                                • We all love GrapheneOS, that's why we use it and that's why we're here.
                                • This thread is for the community to find solutions, not a support request towards GOS developers, so please assume good intentions by default. Nobody is trying to blame GOS (even if poorly worded, see above) — and we do understand that almost every change made to GOS is to improve privacy for users — but at the same time I am trying to understand any GOS changes that may start tripping MitID: (1) because I'm a curious technical person and (2) to document this for other users.
                                • No matter how brain-dead MitID is (and I do completely agree with you regarding all technical points), it's very difficult for someone not living in Denmark to grasp how essential MitID is to daily life. It's not an app that you use simply for convenience. This is basically a digital version of your ID and you need it to authenticate with virtually every important local service, even offline ones (for example, if you try to call your bank they will not do anything before they validate your identity with MitID). The Nordic countries have almost completely moved towards a society that is cashless and almost every service is digital only, and you must be authenticated via a government-mandated authentication solution that is tied to your real identity (MitID in the case of Denmark).
                                  So it's not a question of stopping to use apps, or changing banks, or changing services, because all of them use MitID. That is why we're so eager to discuss any breakages here, because it impacts us strongly and at the same time we love GOS and want to keep using it if we can without having to carry an alternative device for the sake of MitID only.
                                  P.S.: Don't shoot the messenger, I'm just stating how things are, not that the should be this way. Unfortunately, I'm powerless to change this status quo and I have to live within these parameters.