Grkrz Play Store, and you have to have a Google account.

Aurora downloads from Google's servers, so it won't serve you malware (at least not malware that is not already on the Play Store). The issues with Aurora is that (1) it uses a throwaway account from a potential different country/language/device, which may trigger a download of a version that would not have been served to you otherwise and (2) apps can detect if they have been installed via the Play Store app or from some other one, and act differently.

For 99% of the apps Aurora is just fine, but for something as finicky as MitID that stops working for whatever bogus reason I suggest doing things in the most standard/boring way possible, in this way you minimize the chance of the app flagging your installation as being "rooted".

      lbschenkel Unfortunately for us, Denmark is a small country. Were this app essential to life in US or another country of comparable importance, it would be such a deal breaker for any distro that the willingness to make it work (despite its faults) would be different.

      I'm not sanguine that the U.S. government would leave room for the right outcome to happen (based on living here)--I can easily imagine they would turn on full attestation and then game over. Regardless, here is a wild idea produced by somebody who lives in a large country and has a hopeful fantasy about what might be possible in a small country:

      1. Find an existing Danish non-profit organization with an interest in Internet privacy.
      2. Offer to donate one low-end Pixel device per year, plus technical expertise.
      3. Have the non-profit approach the Danish government and/or the MitID app developers, offering to donate one device per year plus N hours per month of technical expertise. Now it's not two strange people named @Grkrz and @lbschenkel complaining at them about phones running some weird OS they've never heard of and getting lost in the complaint stream, but instead an official problem report from the official liaisons of the Danish Internet Privacy Alliance (or whatever).
      4. If that works, explain what you did to somebody in another country. Maybe Estonia? Maybe Germany? If another country can replicate this, great! It will increase the likelihood that Denmark will keep the cooperation going.
      5. Maybe it will be possible to convince European governments in general that this is the civilized European thing to do (not like those boorish Americans with their giant duopoly tech system). Maybe some influential press organ could do a piece documenting the cooperative software-diversity-tolerating European approach (perhaps after being fed the story idea).
      6. Then perhaps you have a cousin in Canada who might convince Canada?
      7. Eventually, if Europe and Canada are doing something sensible, maybe it will be possible for the U.S. to realize it's a sensible thing too.

      Just an idea!

        Word of warning:

        Yesterday MitID got updated to version 3.0.2 (version code 75). Then the app got permanently stuck in the initial blue / logo screen. I was not able to get the app "unstuck" (force stop, rebooting phone, changing permissions). Note that there is no error, no "rooted" message, nothing — the app simply doesn't load.

        I thought that something might have gone wrong with the data migration, so I tried revoking the authenticator, uninstalling the app, and installing it again. That didn't solve it. Whatever is wrong, has nothing to do with the data but a more general app issue.

        I recommend that anybody who didn't update yet go to Play Store and disable automatic updates for this app. If you did update, just wait for a new update that might fix the app — uninstalling/wiping won't work and you will need to revoke and set it up again in the future.

        I have another, non-GOS backup phone, in which I updated the MitID to this same version. It did not get stuck at the loading screen. I'm theorizing that MitID misbehaviour might be related to either some difference in GOS or being unable to cope with sandboxed Play Services with a reduced set of permissions. I only have granted Play Services the following permissions: Location, Network, Notifications and Sensors.

        I used Aurora to manually download version 73 (3.0.1) — 74 was not available. That worked, and the app is not stuck at the loading screen. Whatever broke, it was due to a change in version 75.

        Since I need to re-activate my authenticator now, I may try updating to 75 again and check if giving more permissions to Play Services changes anything.

          lbschenkel I was about to post it that after the update the app stopped working. The same issue as described upper.

            I tried played around with 75 and giving more permissions to Play Services and all permissions to MitID. Still stuck.

            This is what I'm going to do from now on: I'm going to manually install version 73 via Aurora, and disable automatic updates in Google Play. I will only update to newer versions when I see evidence that the new version works in GrapheneOS.

            Maybe we have to find someone who does not have a connection to Denmark (who doesn't care if the app breaks or not) to be our guinea pig and once in a while install the app and report if it shows the welcome screen or if it shows the "rooted" message or does not load at all.

            I wish I had another GOS phone for doing these experiments, but Google phones are expensive and I can't afford to have a spare one.

              Grkrz The app does very little, interacts only with the MitID server, and therefore should not receive any untrusted input. It is a trade-off that I'm willing to take.

                Grkrz perhaps we need to wait for play services go be updated be GOS. I remember before banking up did not want to work with not up to date services. This is just a gues and most probably will not be fixing the problem.

                  I'm going to periodically summarize the status of the MitID app, for the sake of others.

                  As of 2023-03-18:

                  • 3.0.2 (75): stuck in loading screen
                  • 3.0.1 (73): works

                  I will re-post this list as new versions are released and tested.

                  To mods/admins: can you please rename this thread to "Status of MitID app" to make it more discoverable?

                    • [deleted]

                    • Post #84

                    MitID

                    Everyone has freewill - probably;)

                    It hearts me deeply when I read "privacy" oriented people install GOS and then install proprietary stuff, the worst... governmental garbage. This can be considered split personality.:)

                    If you desire to have governmental garbage app with you or other proprietary apps just buy cheap Android phone and stop poisoning GOS.

                      [deleted]

                      Be respectful: Based on the posts in this thread, this is an issue with the Danish Government thinking its a good idea to develop and run their own app that all Danish citizens are required to use to read their MAIL and log into any bank account. This isn't something we can even comprehend as being a necessity in the United States because you can use GrapheneOS with nothing but F-Droid apps and not have any aspects of your life impacted.

                      This is why the work of the EFF and GNU are so important because they're able to lobby the government that not supporting open source and security-driven computing is a necessity in today's society.

                          • [deleted]

                          • Post #87
                          • Edited

                          BalooRJ
                          First of all you're spreading disinformation:

                          BalooRJ that all Danish citizens are required to use to read their MAIL and log into any bank account.

                          This app is not obligatory. I posted the link in my previous post which is now hidden - Read this please

                          Secondly, why my post is hidden? What is going on here? Was it @matchboxbananasynergy who implements censorship not only on this forum?

                                [deleted] It has nothing to do with censorship. I removed your post because it was disrespectful, off-topic and contributed nothing to the discussion. Please keep the conversation focused on the actual topic at hand, instead of telling other people how to use their devices.

                                    • [deleted]

                                    • Post #89
                                    • Edited

                                    matchboxbananasynergy

                                    I do not agree with you. This post was about fundamentally approach to privacy.
                                    Disrespectful? In which part of my sentences?

                                    You often give in your posts "right' advices...

                                        [deleted] I have unhidden your post, which can be found here, lest I be accused of censorship, of all things.

                                        Now, as for why I think it is off-topic and not relevant to the discussion. Do you think that people who live in that country and want to use this app don't know of the alternative? They've chosen to use the app regardless, and there's a community effort to document when it works, when it doesn't, and what the overall status with it is. They didn't ask to be told whether they should use the app or not.

                                        This is not the first time you've made similar comments, so please try to keep things productive and on-topic.

                                        And as for "right" advice, which I assume means you don't agree with what I've posted in other threads - that's completely fine. I don't preach to people, and I don't expect people to take my advice as gospel. I try to stick to the facts of the matter and arm people with as much accurate information as I can so that they can make educated choices that suit their needs, even if that means that they go with a path that I would advise against.

                                        I hope that this can be the end of this discussion, so that this thread can get back to its primary purpose, which is not about whether people should be using a particular app or not according to your opinion, but rather about whether the app will work for them with GrapheneOS.

                                          [deleted]: You are not owed any explanation, but I will engage with you for a single time.

                                          Do you live in Denmark? Have you ever considered your suggestions?

                                          Everybody here knows about the code display. I have one, and I have mentioned it since the very beginning of this thread. However, it's wise to have more than one authenticator to prevent you from being locked out: they can break, run out of battery, be lost, or stolen.

                                          If you are completely locked out, you need an appointment to activate your MitID again in person; this might take weeks and you cannot do anything in the meantime, not even pay bills or use government/banking websites (and some other ones). Most banks are only providing services via phone or website, and if you call you need to authenticate yourself — using MitID.

                                          And you cannot have more than one code display: if you order a new one the first one is automatically revoked. So you're forced to have a backup authenticator in app form.

                                          A second phone, even though it might be a cheap one, is not free. You have to buy one, and it has to be stock Android with Play Services and all the privacy issues that come with it. You don't want to be carrying this device around with you. If we didn't care about that, we would not be using GrapheneOS.

                                          But fine, let's say you have a different device only for MitID and always leave it at home. Then you carry the code display. You know what? That is exactly what I was doing. And then you know what happens? You need to pay while you're in the street via an online payment (imagine having to do a transfer or topping up a public transport balance), and then you need to authenticate via MitID to approve the transaction, and the bank UI defaults to using the app and it does not offer a way to change to the code display. It will only allow the code display if there's no app registered in your account. This should not be happening, it's probably a UI bug, however that does not help you, does it? What if now you need to make that approval to go home, and to be able to go home you now need that authenticator that is at home?

                                          If we could have two authenticator dongles, or have paper codes as the previous system (NemID), then I wouldn't be bothering with this app. But you can't, and the government retired the old system for this one, which is "more secure".

                                          And I absolutely despise the idea that to be a citizen of your own country, your government is imposing on you that you have to have an account with a foreign conglomerate such as Apple or Google, and accept their abhorrent terms of service and "privacy" policies — to be able to interact with your own local bank or government. And if some rogue algorithm from those conglomerates in a different jurisdiction that is not yours decides one day that you have broken some unspecified rule that they won't tell you, your account gets banned for life with no possibility of recourse and you get permanently locked out of the store, and from those apps. Daily life is not going be fun for you.

                                          At least MitID has the code dongle as an option. Consider now the analogous system from neighbour Sweden called BankID, which is as essential (if not more) and only exists in app form, there is no dongle — you must have iPhone or Android with Play Services.

                                          Most people are actually fine with this. Some of us, like me, are strongly against it. But it doesn't matter, we're a minority and the government is "digitizing" everything and we have no option but to cope with the means at our disposal. So I'm here trying to help others fellow GrapheneOS users who are stuck in the same crappy boat, and if you are not here to help as well then at least get off your high horse and go importunate someone else.