Revolut mobile finance - not supported on devices with custom firmware problem

AlphaElwedritsch

SilverCat38 Guess my only option is a 2nd device :(

No, it's not the only one. You can go back to PixelOS

SilverCat38

AlphaElwedritsch I like grapheneos :) and dont want to give up my privacy just for 1 app

Viewpoint0232

AlphaElwedritsch

Or something like rooted LineageOS with spoofed MEETS_DEVICE_INTEGRITY :)

Security, privacy, working Revolut app - choose 2 of them*

*GrapheneOS = no Revolut app, rooted LineageOS = decreased security, stock OS = decreased privacy

DeletedUser69

Viewpoint0232 or you can adapt to changing conditions in order to survive. Proven many a time in evolution.

876fi

For somebody Revolut is a necessity, here is an idea - you can find any app (a lot of fin apps for instance) that offers Open Banking services, authorize the app to access your Revolut account via its API.

Kindkey4468

876fi Could you give an example of an app that supports offers Open Banking services to manage Revolut? I have searched but none of the banks that support open Banking is able to manage my Revolut account

Eagle_Owl

lbschenkel I really wish EU will step in and stop this madness. But I suspect that when they decide to act, it will be too late already.

You don't really want the stupid EU to interfere, because...
If the EU will step in, then we will all be forced to use an insecure Android phone or an iPhone.
Then we will all need an insecure phone for such services and a GOS phone for secure communication.

grapheneos-enthusiast

Eagle_Owl I think the EU should try to regulate what google is doing with their play integrity API, it's an unfair system intended to support their business and not the security actually

1fexd

grapheneos-enthusiast But how would they achieve that? I know GrapheneOS has a suggested approach (https://grapheneos.org/articles/attestation-compatibility-guide#attestation-compatibility-guide), but it still relies on whitelisting GrapheneOS' fingerprints, which, while improving the situation for GrapheneOS users, does not solve the underlying problem of hardware attestation not necessarily being an indicator of device security - for example, such an approach would still exclude users who wish to build and sign the OS themselves.

Velocity9490

Amk This bullshit sounds so AI generated and makes absolutely no sense...

spl4tt

Upgraded my phone today and can't login to revolut anymore. I can't even cancel my metal sub now??

This is fucking stupid. I just gave a 1star review on google play, and all my friends are doing the same right now (we all use graphene).

I will also write a mail to support to cancel my sub, as I can't use it anymore. I was almost considering an ultra sub, but this pisses me off A LOT.

DeletedUser69

Well done

de0u

1fexd It is unclear bank apps and competitive games will be willing to run on arbitrary self-signed builds.

AlphaElwedritsch

I think the privacy and security community will have a lot to do with this in 2025. It will be an exciting year and a crossroads for many

dc32f0cfe84def651e0e

I don't support Revolut either.

https://i.imgur.com/yPfdJSR.png

AlphaElwedritsch

A purely technical question:
Would these apps that require Google Play integrity run if you installed Lineage OS with full GAPPS? Would the GAPPS work around the problem, or would that not work either?
Thank you

ryrona

AlphaElwedritsch Would these apps that require Google Play integrity run if you installed Lineage OS with full GAPPS? Would the GAPPS work around the problem, or would that not work either?

If it is secure attestation, the signed attestation would either include information that it is running on Lineage OS, or would not have a valid signature. I don't think it is likelier that Google is accepting valid attestations made on Lineage OS than valid attestations made on GrapheneOS for their Play integrity service.

The key point is that you cannot hide what device you have, what OS you are running (OS version and signing keys), or what app you have installed (app version and signing keys). This is for attestation in general, I assume it is the same for Google Play Integrity, but I don't know anything specific about that.

mrspike

I think the biggest pressure we have here is leaving bad reviews with constructive criticism. They care about their app rating (being prominently shown on their landing page, being their central service).

AlphaElwedritsch

mrspike They care about their app rating (being prominently shown on their landing page, being their central service).

Yes, exactly, until it falls below a threshold and is then simply no longer tightened on the side. Honestly, as I said before, they don't give a shit about the few people for whom it doesn't work ;)

brookie229

Yeah, hate to be a Donny Downer but these large financial companies really don't care about 100 or 200 people with GOS not having access via an app. It's just not worth it for them to worry about maintaining an app that isn't Google's android or iOS. Not very likely to happen.

de0u

brookie229 Yeah, hate to be a Donny Downer but these large financial companies really don't care about 100 or 200 people with GOS not having access via an app. It's just not worth it for them to worry about maintaining an app that isn't Google's android or iOS.

That appears to be true for some, but not for others, e.g., Starling Bank in the UK.

schklom

brookie229 Last time I read, it was about 100 000 total GOS users, not 100. I don't think however we can know how many GOS users use Revolut

« Previous Page Next Page »