lbschenkel it is ok. Tested some time ago.
Status of MitID app
Grkrz I meant the activation: if it is possible to activate the app. The app has been checking the status of Play Integrity during activation, I want to double check if this is still the case.
15 days later
@lbschenkel My pixel 5 died and I am now on a pixel 8. Just tried to install mitID with no luck. I can go all the way through the setup proces but I get the "rooted" fault at the end. So no luck so far. I am having the error, even though I have installed GPS via the Apps app in GOS. So I guess it will not work from now on on GOS.
I haven't fickled with settings so far, but I assume that it will make no difference, since the app otherwise functions as expected, and change in settings will nok change this
It truly sucks, but I guess there is no option to fix this unless the developer changes their perspective, which they will not.
- Edited
lbschenkel Grkrz
would it be possible to do anything on the phone to make it pass integrity, option/settings wise?
Or maybe install an older version of the app instead, eg. via aurora store? Tech gods, help me out here :)
Duckduck You could try progressively older versions of the app via Aurora store (see the version codes in my gist) but I doubt they still work; they are probably blacklisted on the server side by now. Other than that, there's nothing to be done.
Regarding the new version, it was just a shot in the dark to see if they somehow relaxed this requirement but I had no expectations that they changed course.
I guess we GOS users in Denmark will now have to sport the sexy authenticator :/
Duckduck
Or a lawsuit. An official government app that requires the use of an Apple or Google account (iOS and Play Store respectively) is a potential discrimination issue.
You would need to talk to a lawyer in Denmark but you might have a case. And if so, you might just get to put Play Integrity on trial as the government will claim its used for security and you get to go after them and Google for that lie.
19 days later
JollyRancher could be a way to go, maybe a bit extreme. For now we keep spamming them and hope maybe a newer version will change the way the OS is verified
lbschenkel i tried this with no luck. Maybe it should be removed from the github with working banks app list?
But you can make it to the very last part of the setup. But it always fails. Will try when a new version is released.
7 days later
After latest update to GOS, changes to google play stuff have made it work worse. Now you cannot make it past the app boot screen? Others that can verify this? I hoped maybe the changes somehow to make it work
- Edited
Duckduck what GOS build are you using?
I'm using the latest alpha (2025012700) and the app works, but of course I am one of the lucky ones to have it activated before they turned on Play Integrity.
Actually I was going to ask here if anybody is willing to install the alpha and try to activate MitID with Play Integrity blocked (new GOS feature) and report what happens.
lbschenkel im on stable 2025012700 and have tried both 116 and the current one, 118.
Before 2025012700 i could make it all the way to final step in setup, but now it just loads forever on the initial connecting screen
Duckduck I installed MitID on a secondary profile, it does not freeze and I can attempt to do the activation flow.
The flow ends up failing with an error message, as expected. Unfortunately, since this is a secondary profile, I don't get the notifications nor the settings related to Play Integrity so I cannot test what happens if I block it. I don't expect it to work, but it would be interesting to see what the error message is nonetheless...
As my working MitID in the primary profile, I can't/won't mess with it to test that out.
lbschenkel Unfortunately, since this is a secondary profile, I don't get the notifications nor the settings related to Play Integrity so I cannot test what happens if I block it.
I think the notification should work in secondary profiles? At least it works fine in Private Space.
The settings only appear for the app if Sandboxed Google Play has detected Play Integrity API usage.
fid02 I know for a fact they use Integrity (they said it themselves from the very beginning), I even see in the logs, but I only get the error from the app and no notification from GOS and the setting does not appear in GOS.
But this is only during the activation flow, which I'm not going to do in the primary profile as I'll permanently lock myself out.
I will test some other apps that use Integrity in this same secondary profile to see what happens.
The plot thickens. I have used the Android Integrity Checker app in the secondary profile and I can see the notification and setting. So I was too fast to assume that the secondary profile was an issue here.
But no sort of thing shows up with MitID. Therefore it is "lying" when claiming it's checking Integrity, or perhaps it's doing some other ad-hocs checks that fail before getting to the point that does an Integrity check?
I will try again and pay more attention to the logs. I have tried the "ID scan" flow but I will also try a different flow as well.
- Edited
OK, so I have tried again. My problem in the 1st attempt was that I already had 3 authenticators enrolled, which is the limit, so they were not letting me enrol another one (but the error message was a generic error which had no mention of this).
I removed one of my authenticators and tried again. Now I got the Integrity popup, as expected. I got the error message from the app, as expected. I then tried to block Integrity API but I get the exact same error message. Therefore blocking Integrity does not work as a workaround, unfortunately.
I checked the logs but nothing useful there. Basically the same thing gets logged if Integrity check fails or it's blocked.
GOS users remain out of luck and will keep needing the dongle.
lbschenkel many thanks for your time, knowledge and testing. A bit more advanced that i would be able too.
Too bad this didnt change anything, i had my hopes up. But also very interesting that the check isnt actually the check they say they do.
But also very interesting that the check isnt actually the check they say they do.
But it is. Why do you say that?
lbschenkel very weird i cannot get past the boot screen. I assume you didnt fickle with the app settings, such as the compabality thing?
But as you found out, for now i doesnt make it work either way
I assume you didnt fickle with the app settings, such as the compabality thing?
I had to, didn't you get the notification? You have to change the default.
lbschenkel nope just an endless load.
lbschenkel maybe i misunderstood what the changes are to the gps api then. Anyways, thanks for the clarification
We have another app in Denmark that also is using play Integrity API, I'm guessing that is the same as MitID is claiming to use. Or maybe I have misunderstood it. At least when I use Mobil-pay and this Play Integrity API pops up, It is still possibly to use Mobil-pay without any problems.
If GOS with Mobil-pay works with play integrity, shouldn't MitID be able to do the same. I have read the whole tread, but itś possible that I have misunderstood something due to my lack of full technical insight :-)
toddvarg Play Integrity is a Google API. The app uses it and it will return a result. In GOS the result will be that it passes "basic" integrity, but it fails "strong" integrity. What happens next is up to the app. They might be using this API just to gather information and report back to the server but without really enforcing anything, or they might be happy if it just passes "basic" integrity. Nothing that enforces "strong" integrity will work on GOS as it won't pass. Only devices certified by Google can pass this integrity level.
lbschenkel OK, thanks. I didn't know it was different levels of integrity.
13 days later
So coming to graphene about 14 days ago. Been using the mitid token for quite a while prior together with the app.
I am wondering if an already logged in mitid app could be transferred from my old android with apk, meta data and user data and all to have an activated mitid app?
My thoughts are that the app most have some key somewhere that the server somewhere associates to my real identity.
If that key can be transferred then the app should be an active app?
Secondly: is it anywhere remotely possible to install and app from my old android google play store directly onto the new pixel through USB? The app would then use the old android phones OS for activation?
I am thinking something similar to having a remote server license authenticating my access to a local program?
Or am I complete in the dark for some of these things?
Digitaliseringsstyreksen was quit nice and polite in their answer and forwarded my letter of improve to feature request hardware attestation directly instead of play api.
Next up is getting DR to explain this issue with mitID app to truly be able to get more freedom of choice and choose European alternatives if one wants to..........
a month later
Just writing this in case someone needs a recent update on this issue. I tried activating MitId both by transferring from another device and by using my passport. None of the methods work. I get the Play Integrity notification and then the error screen. Have ordered the hard token.
toddvarg think you are mixing play integrity and play services. Mobilepay will work with play services enables. Actually Mitid, kørekort and sundhedskort does not require play services, and passes the basic integrity. This means you do not nedd all the google bloat on your phone. But as said, MitID has another (not nedded) check that GOS does not pass.
Mobilepay will only work with alle the google bloat