- Edited
Grkrz https://www.mitid.dk/en-gb/help/mitid-support/
I already filed a support case 2 days ago, but I have no false hope of it going anywhere.
Grkrz https://www.mitid.dk/en-gb/help/mitid-support/
I already filed a support case 2 days ago, but I have no false hope of it going anywhere.
Some tidbits of information that I discovered by experimentation:
This latest lock-out of the app after today's GOS update happened without tripping server-side: the state is in "good standing" server-side, differently than before. But the app still refuses to work: "device rooted".
After a clean reinstall and with an un-enrolled app (*), just flipping "exploit protection compatibility mode" was enough to trigger "device rooted". Note that I tried this multiple times and it did not matter what the initial state was: the app did not complain until the switch was flipped. This makes me believe that what is happening is that the app is calculating some "stable" hash from the device state, and tripping when that hash changes because it interprets that as tampering. Maybe the recent kernel security and address randomization improvements (which go above and beyond what Google/AOSP does by default) is actually influencing some ill-implemented device hashing algorithm in MitID. New releases might be causing enough perturbation to trip it, in a way that "regular" Google/AOSP releases don't.
Once I get a new activation code I will try yet another experiment: I am going to leave 'OEM unlocking' disabled and 'Exploit protection compatibility mode' enabled and set it up again, and see if/when it trips again.
(*) Even waiting for 24h was not enough to revert the "temporary deactivation" of the authenticator once it trips; in my experience once you get "device rooted" there's no other recourse and you have to revoke it and start over.
Can I ask where you are all downloading the app from?
Aurora or Play Store? Another user on the Twitter Community had an issue with their bank not working when installed with former but worked with the latter.
One of the Core dev team confirms apps can see what was used to install the app and refuse to work if the source is not whitelisted or recognised.
MetropleX Play Store in my case
Aurora in mine :-)
Based on the reviews on the Play Store and discussion elsewhere, this app appears to have serious issues with Android 13 operating systems in general. It previously had issues with Android 12 operating systems before they fixed them. They're likely to start using Play Integrity attestation eventually to forbid using anything other than a Google certified OS. They simply aren't competent enough to do that yet. I wouldn't expect much unless you convince them that this is incredibly misguided and harming users.
FYI: I'm forwarding the response I received from MitID support:
Thank you for your e-mail.
We are aware about the issue you are experiencing, our supplier are working to solve this.
There are scheduled an update monday 7th of november, the update should fix this problem.
lbschenkel great job! Thanks for sharing that info.
Another data point:
GOS has once again updated to latest version (TP1A.221005.002.2022110600) but this time MitID didn't break, and kept working. The combination that seems to be stable is "OEM unlock" disabled and "exploit protection compatibility mode" enabled.
This is on MitID 2.3.4, I delibetary did not update the app because I wanted to check if this problematic version would trip agan on a new GOS update.
lbschenkel thanks for keeping everyone up dated.
After reinstaling the APP and setting again the user the app worked. I did a test and removed all the google play store services. MIT Id have worked, no issue ,nem id did not want to start saying app needs play services etc.
I did restarted the phone and after the reset mitid did not worked. "Device is rooted".
After installing the play services etc as it was before the app still did not worked.
I had to once more reinstall the app to make it work.
Next day the APP worked but in aurora I got google play update , could not make it update the system did not allowed I think.
I reinstalled the app and did the same as @lbschenkel . will see how long it will take till it breaks again.
Grkrz just re-checked and now mine did as well. Damn.
lbschenkel I am on the fence on installing GrapheneOS, as I am also a user of the MitID app.
Are the issue resolved or have you found a workaound?
No workaround. The app appears to work, then it stops working and claims that the device is rooted... it might happen minutes or days/weeks later. I have resigned myself to using the dongle.
lbschenkel Is there any acknowledgement from their development team as to whether that's expected or not, and if they're planning to do anything about it?
I'm asking because the topic of this app comes up from time to time, so I would like to be able to give as much current information as possible to assist them.
Their support said the next release (now current) would fix it but nothing changed. Given the reviews on Play Store it seems to be a widespread issue, and they simply don't care.
Given that they are a goverment mandated monopoly, it is not like you can choose a competitor's implementation...
lbschenkel Funnily enough, in an old phone that I use for experimentation (rooted with Magisk) I can fake it enough to make the app work, but in a non-rooted, hardened device like GOS it refuses to work and falsely claims that it is rooted.