This will be temporarily solved by our next release until they begin enforcing a Play Integrity API check instead of specifically detecting and banning GrapheneOS via our ro.build.user and ro.build.host properties being set to grapheneos which has been changed to build-user and build-host which is what AOSP uses for reproducible kernel builds. The stock OS sets them to build bot information for the OS builds.

    GrapheneOS Excellent, thank you very much, this will (hopefully) save the day when my new Pixel 8a and Pixel Tablet arrive.

    Have these settings been tested against the Revolut apps? Because as said, it's not that just GrapheneOS has been banned this way. I have no oversight over the build.prop settings of the other ROMs that I have tried, but I assume most (if not all) of them likely had some "lineage" in it.

        I also lost access to Revolut last week - I tried to access the disposable card and that action forced some kind of relog, and I couldn't log in anymore. I've had my issues with Revolut before, so this time I decided to stop using that account, I "only" had to get my money out of Revolut and close the account.

        For anyone else who'd like to follow this path: you can request transfers from your Revolut accounts to your accounts outside of Revolut, but they have to have matching currency and you need to provide Revolut with account statement proving that target account actually belongs to you. In my case, no fees were applied for those statements. And I managed to recover all* my money. You can contact support through browser web app, which you can access using email confirmation.

        For anyone interested, I'm attaching my one-week-long ride with Revolut support
        If you just want to see details of transfering money out of Revolut: it's around the middle. First 1/3 is just generic "your app doesn't work, let's try to fix that".
        * And last 1/3 is all about trying to get rid of my 1 CZK (0.04 EUR) that was blocking my request to close account....

          NoMoreRevolut Unfortunately leaving Revolut is not an option (for me and surely many others), because there is nothing else like there services (at least available to me were I live). I'm actually using all their major services, so not only the regular banking functionality in the personal Revolut app, but also Investing, Revolut for Business and Revolut X (their crypto currency exchange).

          That's why I'm so eager to make this work without having to go back to a stock ROM or the other custom ROM (which I'm obviously not allowed to mention here anymore).

              NoMoreRevolut Also word of advise: web app session only lasts 5 minutes, the you get logged out "due to inactivity", doesn't really matter whether you were actually active or not, so if you want to write a longer message to support, save yourself some of my frustration and copy the message you're typing often, or better yet, write it outside of web app and just copy it to support chat. Trust me....

                MasterOne It has been tested and works fine with these changes. The main issue was that we didn't realize they had specifically banned GrapheneOS via ro.build.user and ro.build.host so previous things we tried didn't work. The app's code dealing with this is a third party party SDK that's heavily obfuscated and we aren't sure if they're checking it locally or with a remote service.

                Please note GrapheneOS is not a "ROM" and we don't use that terminology.

                    • N1b

                      • Post #318
                      • Edited

                      GrapheneOS The main issue was that we didn't realize they had specifically banned GrapheneOS via ro.build.user and ro.build.host so previous things we tried didn't work

                      Thanks for officially clarifying. It's kind of terrifying that Revolut specifically picks on GrapheneOS and publicly defend it in the name of "security".

                      Is there a good (technological) reason a fintech like Revolut doesn't want their apps installed on GrapheneOS? I can only come up with 2 ideas:

                      • They want (or are pushed) to read identifying device data
                      • Somebody there hates GrapheneOS and tries to bully users away

                          GrapheneOS

                          Just to clarify, did they specifically blacklist GrapheneOS (and presumably others like LineageOS) that way or did they just whitelist whatever string normal Android uses with everything else not allowed? If the former it would be very concerning that they go such lengths to block GOS.

                              N1b Revolut is the only company we've seen specifically banning GrapheneOS so far, but some other apps might start working based on the changes we made to work around this.

                                  Viewpoint0232 They specifically check for ro.build.user / ro.build.host being set to grapheneos which was the arbitrary value we chose for reproducible builds. We've changed them to build-user and build-host. Setting them to arbitrary strings other than grapheneos works fine. It is not because there's any special case for build-user and build-host which are not what the stock Pixel OS or other operating systems use, which varies a lot and has changed over time so it clearly wouldn't be safe to hard-wire checks for them. They aren't doing that but rather specifically banning GrapheneOS. Revolut likely had nothing to do with this themselves. They use several third party SDKs and are likely querying those to check if the device runs an alternate OS, so the detection is based on these poorly made checks by third parties. They aren't using hardware attestation and if they use the Play Integrity API, it isn't enforced by the their service beyond basic integrity yet.

                                      Lopicl great find! I don't use Revolut but this thread has been topping the charts lately and I've been following it. Sounds like this "lead" has resulted in at least a temporary fix! Props to you.

                                        Thanks grapheneos team for this and others who persevered in solving the problem

                                          SilverCat38 It's not really solved since they'll likely start enforcing the Play Integrity API device integrity level soon from their service and that will end having any realistic way to work around it long term.

                                            akc3n Wouldn't it have been better not to publicize this notice outside of here to avoid the "problem" being quickly corrected by the Revolut developers?

                                              GrapheneOS are there any hints what those 3rd party "security SDKs" are called? Perhaps it is possible to reach out to the company that created it and try to find out why are they blacklisting graphene?

                                              • zzz replied to this.

                                                  grapheneos-enthusiast I have it installed on my Pixel 6 and it works. I'm just unable to upload my ID because "the device doesn't meet the security requirements".

                                                  IO version 2.80.0.9
                                                  GrapheneOS 15 build 2025011500