Revolut mobile finance - not supported on devices with custom firmware problem

Daniel89

fid02 for your information: this is not working anymore, since Revolut 10.54 doesn't allow login until you update to a newer version of the app.

fid02

Edited at fid02's request: according to this post Daniel89, this is no longer working.

Than you are free to go to to download the older version: https://www.apkmirror.com […]

Verifying your Revolut install

Installing APKs that are downloaded from "random" websites on the internet is risky, because there's an increased risk that the APK can serve a modified – and potentially malicious – version of the app. For a banking app, that could put you at risk of having your credentials or other sensitive information stolen from you.

However, there is a way to verify that the app you have installed is (with reasonable probability*) the genuine, unmodified version of Revolut. Here's how you can do that, using an app called Appverifier (this is assuming that you have already installed Revolut):

Go to App Store > Accrescent > select Install
Open Accrescent and install Appverifier
Open Appverifier > select "App list" > select Revolut

Explanation (optional read; feel free to skip to step 4): You will see a screen with the text "Internal database status: not found". That's because Appverifier doesn't include what's called a "signing certificate hash" for Revolut, so it won't automatically confirm its validity; you'll have to obtain the hash for Revolut some other way.

I have pasted the hash of Revolut obtained from Play Store here:

9C:9B:E0:71:35:E9:72:78:02:82:C2:E5:D2:7D:A0:6E:CB:8E:E3:AD:FC:75:30:39:17:DD:F6:6D:6F:AA:EF:A4

Copy the "signing certificate hash" (the long string of seemingly random characters) from the Details above
In Appverifier, select "Verify from clipboard"

If all is well, Appverifier should then display "SUCCESS". If it displays "FAILURE", double-check that you copied the entire signing certificate hash. If you did, and it still displays "FAILURE", you have not installed the genuine version of Revolut.

Installing Revolut 10.54 using Aurora Store

You can also use Aurora Store to download version 10.54 of Revolut. Your download/install of Aurora Store can be verified as genuine by using Appverifier (Aurora Store is included in its internal database) as explained in steps 1-3 above.

Uninstall any newer version of Revolut you may have installed
Open Aurora Store and navigate to the Revolut store entry
In the top-right corner, select the vertical ellipsis > Manual download
In the text box, enter this: 1005403809
Select Check
Wait for the download to complete, and install it
The installation will take several minutes
Verify the Revolut install with Appverifier by following the steps above (optional but recommended)
Open Revolut and log in

You can now update Revolut from either Aurora Store or the Play Store.

*I'm aware that an attacker could steal developers' signing keys and sign the app with it, then release a malicious version to the internet. This is always going to be a risk. The scope of this post is not to protect against that scenario.

fid02

Daniel89 I can confirm. I flagged it and a mod added a warning to the post so others won't waste time attempting it.

Carbon14

Google, please index and share this message :-)

Because Revolut Ltd refuses to support highly secured phones with GrapheneOs, they force users to significantly increase their risk by using some old phones with an outdated non-maintained security-at-risk Android phone. Revolut app is so poorly secured than it is not able to detect any of these problems.

Conclusion: I have opened an account in another bank two days ago, and bye bye Revolut as soon as I get my new card.

SilverCat38

I have money invested in revolut + all my family use it. It's hard for me to move on. Guess my only option is a 2nd device :(

AlphaElwedritsch

SilverCat38 Guess my only option is a 2nd device :(

No, it's not the only one. You can go back to PixelOS

golbinex

I suggest checking out new Trading 212 debit card. It works on GOS, has similar features like Revolut and even offers a cashback.

SilverCat38

AlphaElwedritsch I like grapheneos :) and dont want to give up my privacy just for 1 app

Viewpoint0232

AlphaElwedritsch

Or something like rooted LineageOS with spoofed MEETS_DEVICE_INTEGRITY :)

Security, privacy, working Revolut app - choose 2 of them*

*GrapheneOS = no Revolut app, rooted LineageOS = decreased security, stock OS = decreased privacy

DeletedUser69

Viewpoint0232 or you can adapt to changing conditions in order to survive. Proven many a time in evolution.

876fi

For somebody Revolut is a necessity, here is an idea - you can find any app (a lot of fin apps for instance) that offers Open Banking services, authorize the app to access your Revolut account via its API.

Kindkey4468

876fi Could you give an example of an app that supports offers Open Banking services to manage Revolut? I have searched but none of the banks that support open Banking is able to manage my Revolut account

Eagle_Owl

lbschenkel I really wish EU will step in and stop this madness. But I suspect that when they decide to act, it will be too late already.

You don't really want the stupid EU to interfere, because...
If the EU will step in, then we will all be forced to use an insecure Android phone or an iPhone.
Then we will all need an insecure phone for such services and a GOS phone for secure communication.

grapheneos-enthusiast

Eagle_Owl I think the EU should try to regulate what google is doing with their play integrity API, it's an unfair system intended to support their business and not the security actually

1fexd

grapheneos-enthusiast But how would they achieve that? I know GrapheneOS has a suggested approach (https://grapheneos.org/articles/attestation-compatibility-guide#attestation-compatibility-guide), but it still relies on whitelisting GrapheneOS' fingerprints, which, while improving the situation for GrapheneOS users, does not solve the underlying problem of hardware attestation not necessarily being an indicator of device security - for example, such an approach would still exclude users who wish to build and sign the OS themselves.

Velocity9490

Amk This bullshit sounds so AI generated and makes absolutely no sense...

spl4tt

Upgraded my phone today and can't login to revolut anymore. I can't even cancel my metal sub now??

This is fucking stupid. I just gave a 1star review on google play, and all my friends are doing the same right now (we all use graphene).

I will also write a mail to support to cancel my sub, as I can't use it anymore. I was almost considering an ultra sub, but this pisses me off A LOT.

DeletedUser69

Well done

de0u

1fexd It is unclear bank apps and competitive games will be willing to run on arbitrary self-signed builds.

AlphaElwedritsch

I think the privacy and security community will have a lot to do with this in 2025. It will be an exciting year and a crossroads for many

dc32f0cfe84def651e0e

I don't support Revolut either.

https://i.imgur.com/yPfdJSR.png

« Previous Page Next Page »