Strappazzon thank you but that's exactly the feature I was referring too (sorry that I didn't make it explicit). the app already worked except such feature.
Also the new OS release is not yet available so it's early to test
Revolut mobile finance - not supported on devices with custom firmware problem
From Mastodon:
https://docs.seon.io/ is one of them. We don't know all of them or which one is directly responsible for specifically banning GrapheneOS but it's a high chance it's that one.
https://grapheneos.social/@GrapheneOS/113869616034352093
Also
It appears to be used to ban using any aftermarket OS in a very poorly done way but we think it's https://www.appsflyer.com/ that's specifically banning GrapheneOS since it's what's getting passed ro.build.user which they seem to check for it being grapheneos. We've worked around all of it for now but Revolut is likely going to adopt more of this nonsense including the Play Integrity API. [...]
Revolut doesn't run these checks in a userdebug build of the OS. That's potentially why people found it works on certain other operating systems.
GrapheneOS Revolut doesn't run these checks in a userdebug build of the OS.
That is definitely a novel security approach! π€π
I was considering becoming client of Revolut, but I've discarded it after reading this info.
Our next release successfully works around their ban on using GrapheneOS.
We've changed ro.build.host and ro.build.user (the build hostname and username) from grapheneos to other values. Nearly any other values work for those fields. Likely the only ones that are banned are ones consistently used by other aftermarket operating systems at least if they set them to a constant value as we do for reproducible builds. We chose to set them to android-user and r-0123456789abcdef-0123 to match the format currently used for the stock Pixel OS builds, which is specific to Google's build syste, and has changed multiple times over the years. Other devices do it differently. We don't expect any more issues from those.
Revolt also bans having ro.boot.verifiedbootstate set to yellow indicating using an aftermarket OS with the device locked and verified boot enabled. For some reason, they do permit ro.boot.verifiedbootstate being orange which means an unlocked device likely running a modified or aftermarket OS without security intact since at the very least verified boot and attestation are disabled, but likely much more security is lost too. They also don't use their checks on a userdebug build. To handle this, we're using standard infrastructure for setting compatibility values for properties for apps, which we've limited to user installed apps. In the future, we can also use this to match the stock OS build number, build hostname and other values if it ever proves necessary. We could do that proactively before we find apps banning GrapheneOS based on it in case some exist, but they probably don't so we probably won't do it without a known app requiring it.
It's incredibly strange that Revolut does this kind of nonsense. It's not clear what they're trying to achieve beyond harming GrapheneOS users. They haven't banned having a highly insecure device with no patches for 10 years and haven't even banned having the device unlocked with any aftermarket OS on it. They specifically banned having the device locked with an aftermarket OS or specifically having GrapheneOS. They also specifically banned several other aftermarket operating systems including LineageOS but those don't preserve the standard security model or set an honest security patch level so at least that could be weakly justified. Even that doesn't hold up to scrutiny when they permit a stock OS with no patches for 10 years and clearly unlocked devices. It's a complete joke.
GrapheneOS Do you think this will be a solution in the medium term or will it be a cat and dog game from now with Revolut?
cdflasdkesalkjfkdfkjsdajfd Revolut doesn't have an understanding of what they're doing. It's the closed source third party libraries they use which are banning GrapheneOS. It's possible Revolut will start using the Play Integrity API device or strong integrity level which will end compatibility with GrapheneOS unless they implement https://grapheneos.org/articles/attestation-compatibility-guide. Don't stop leaving 1 star reviews and making support requests just because we ship a workaround. Keep doing it because their intention is still to ban GrapheneOS until this is removed.
- Edited
Just assumptions, but I suspect that Revolut isn't purposely ignoring the complaints from GrapheneOS users; rather, they seem to be deferring these issues to avoid addressing them. They likely need someone within the company to take a broader look at the situation and grasp whatβs really going on, but they may be reluctant to invest the time needed for that, so they just push back the easy way by ignoring or saying that they don't support GrapheneOS.
You are wrong. In particular, I made a formal written complaint, which is a mandatory requirement for filing a complaint with the regulator, and the response was (explicitly) that GrapheneOS did not meet their security standards and that they had no intention of supporting it in the future ("no hay planes para introducir soporte para GrapheneOS, tanto como el hecho de que las decisiones sobre los sistemas operativos compatibles estΓ‘ relacionado con la seguridad.")
- Edited
cdflasdkesalkjfkdfkjsdajfd
In that case, indeed that's even worst.
I was having this assumption because I had the impression that they don't really know what they are doing
GrapheneOS If I have a Pixel 5, could I implement this part of the update on my own without affecting the security of my device?
cdflasdkesalkjfkdfkjsdajfd It doesn't make any sense and is a generic response they're giving about aftermarket operating systems to pretend they care about security. In reality, they permit devices with no security patches for 10 years. Forbidding GrapheneOS is forbidding using an OS far more secure than anything they permit. Their device checks this are done in an incredibly ridiculous way and we've solved the problem for our next release. They permit an unlocked device running a malicious OS as long as it doesn't have the build username set to grapheneos. It's a complete joke.
Franco They do not know what they're doing. Their response is a generic one they came up with about aftermarket operating systems. They do not really understand what GrapheneOS is and it's only being banned via closed source libraries they didn't write but just bundled into their app. They're super low quality libraries doing things in an incredibly insecure and ridiculous way. Revolut is not a secure or well written app.
AlphaElwedritsch If it was obvious people would understand at first glance and nobody would make any question...
thanks a lot for all the work here !
i've got revolut, now for 10 years and it's always a pain in the a**
and NO it's not the security they care about....proof here..because grapheneos is the most secure OS i know.
That's the problem for revolut (and other)..they want to track every movement and the way of life ...and with grapheneos, they can't...and less secure is the OS, better it is..(super for them, the10 years android without security patches :-))
sorry for my poor english..
AlphaElwedritsch How many times do you want to go around in circles with the same old statements? It doesn't get better just because you keep repeating it...,ππ€£
Not all users read every post, tweet, toot, etc. of the GrapheneOS project. That's clear from reading recent posts on this thread. (Completely understandable that not many people want to read through 350 posts).
Makes sense to clarify the subject in case users are not up to date.
@GrapheneOS Did you consider organizing a campaign to stop discriminating custom OS users similar to https://www.stopkillinggames.com/ ?
In EU it could get attention and in case of it getting successfully implemented in EU law it would force banks and other app developers to tolerate GrapheneOS.
GrapheneOS hi, can this solution also apply to other roms other than grapheneos?