lbschenkel
Thank you for the update. I use MitID both private and in my company, so that would be cumbersome to switch permanent to the code display unit.
Have a great weekend.

Sorry if the question will sound stupid. Does the app at least work with a profile setup with sandboxed Google Play?

    garret Unfortunately not. Everything being discussed here is with Google Play installed.

    2 months later

    Another update: I decided to give it a new shot and MitID is now working again for me. I have it set up for 2-3 weeks now without triggering the "rooted" alert, and I'm sure there was at least one OS update in that time frame.

    I'm not getting my hopes up that it will stay working for too long, but maybe the developers improved the detection logic to be more resilient.

      Grkrz @"lbschenkel are you using Aurora or google play store? I am wondering if using Aurora for such apps like MitID or banking apps is secure?
      I have heard that Aurora might provide outdated apps or there are another issues with this app.
      Please let me know how you have done it?
      If you use Play Store do you need to have google account to download apps?

        Grkrz Play Store, and you have to have a Google account.

        Aurora downloads from Google's servers, so it won't serve you malware (at least not malware that is not already on the Play Store). The issues with Aurora is that (1) it uses a throwaway account from a potential different country/language/device, which may trigger a download of a version that would not have been served to you otherwise and (2) apps can detect if they have been installed via the Play Store app or from some other one, and act differently.

        For 99% of the apps Aurora is just fine, but for something as finicky as MitID that stops working for whatever bogus reason I suggest doing things in the most standard/boring way possible, in this way you minimize the chance of the app flagging your installation as being "rooted".

          lbschenkel Unfortunately for us, Denmark is a small country. Were this app essential to life in US or another country of comparable importance, it would be such a deal breaker for any distro that the willingness to make it work (despite its faults) would be different.

          I'm not sanguine that the U.S. government would leave room for the right outcome to happen (based on living here)--I can easily imagine they would turn on full attestation and then game over. Regardless, here is a wild idea produced by somebody who lives in a large country and has a hopeful fantasy about what might be possible in a small country:

          1. Find an existing Danish non-profit organization with an interest in Internet privacy.
          2. Offer to donate one low-end Pixel device per year, plus technical expertise.
          3. Have the non-profit approach the Danish government and/or the MitID app developers, offering to donate one device per year plus N hours per month of technical expertise. Now it's not two strange people named @Grkrz and @lbschenkel complaining at them about phones running some weird OS they've never heard of and getting lost in the complaint stream, but instead an official problem report from the official liaisons of the Danish Internet Privacy Alliance (or whatever).
          4. If that works, explain what you did to somebody in another country. Maybe Estonia? Maybe Germany? If another country can replicate this, great! It will increase the likelihood that Denmark will keep the cooperation going.
          5. Maybe it will be possible to convince European governments in general that this is the civilized European thing to do (not like those boorish Americans with their giant duopoly tech system). Maybe some influential press organ could do a piece documenting the cooperative software-diversity-tolerating European approach (perhaps after being fed the story idea).
          6. Then perhaps you have a cousin in Canada who might convince Canada?
          7. Eventually, if Europe and Canada are doing something sensible, maybe it will be possible for the U.S. to realize it's a sensible thing too.

          Just an idea!

          Word of warning:

          Yesterday MitID got updated to version 3.0.2 (version code 75). Then the app got permanently stuck in the initial blue / logo screen. I was not able to get the app "unstuck" (force stop, rebooting phone, changing permissions). Note that there is no error, no "rooted" message, nothing — the app simply doesn't load.

          I thought that something might have gone wrong with the data migration, so I tried revoking the authenticator, uninstalling the app, and installing it again. That didn't solve it. Whatever is wrong, has nothing to do with the data but a more general app issue.

          I recommend that anybody who didn't update yet go to Play Store and disable automatic updates for this app. If you did update, just wait for a new update that might fix the app — uninstalling/wiping won't work and you will need to revoke and set it up again in the future.

          I have another, non-GOS backup phone, in which I updated the MitID to this same version. It did not get stuck at the loading screen. I'm theorizing that MitID misbehaviour might be related to either some difference in GOS or being unable to cope with sandboxed Play Services with a reduced set of permissions. I only have granted Play Services the following permissions: Location, Network, Notifications and Sensors.

          I used Aurora to manually download version 73 (3.0.1) — 74 was not available. That worked, and the app is not stuck at the loading screen. Whatever broke, it was due to a change in version 75.

          Since I need to re-activate my authenticator now, I may try updating to 75 again and check if giving more permissions to Play Services changes anything.

            lbschenkel I was about to post it that after the update the app stopped working. The same issue as described upper.

            I tried played around with 75 and giving more permissions to Play Services and all permissions to MitID. Still stuck.

            This is what I'm going to do from now on: I'm going to manually install version 73 via Aurora, and disable automatic updates in Google Play. I will only update to newer versions when I see evidence that the new version works in GrapheneOS.

            Maybe we have to find someone who does not have a connection to Denmark (who doesn't care if the app breaks or not) to be our guinea pig and once in a while install the app and report if it shows the welcome screen or if it shows the "rooted" message or does not load at all.

            I wish I had another GOS phone for doing these experiments, but Google phones are expensive and I can't afford to have a spare one.

              Grkrz The app does very little, interacts only with the MitID server, and therefore should not receive any untrusted input. It is a trade-off that I'm willing to take.

              Grkrz perhaps we need to wait for play services go be updated be GOS. I remember before banking up did not want to work with not up to date services. This is just a gues and most probably will not be fixing the problem.

              I'm going to periodically summarize the status of the MitID app, for the sake of others.

              As of 2023-03-18:

              • 3.0.2 (75): stuck in loading screen
              • 3.0.1 (73): works

              I will re-post this list as new versions are released and tested.

              To mods/admins: can you please rename this thread to "Status of MitID app" to make it more discoverable?

                • [deleted]

                MitID

                Everyone has freewill - probably;)

                It hearts me deeply when I read "privacy" oriented people install GOS and then install proprietary stuff, the worst... governmental garbage. This can be considered split personality.:)

                If you desire to have governmental garbage app with you or other proprietary apps just buy cheap Android phone and stop poisoning GOS.

                  [deleted]

                  Be respectful: Based on the posts in this thread, this is an issue with the Danish Government thinking its a good idea to develop and run their own app that all Danish citizens are required to use to read their MAIL and log into any bank account. This isn't something we can even comprehend as being a necessity in the United States because you can use GrapheneOS with nothing but F-Droid apps and not have any aspects of your life impacted.

                  This is why the work of the EFF and GNU are so important because they're able to lobby the government that not supporting open source and security-driven computing is a necessity in today's society.