nat They seem to use at least 3 different approaches to blocking a custom OS. They do not enforce it based on the Play Integrity API though. They were also allowing the orange verified boot state while blocking yellow and explicitly blocking GrapheneOS, meaning they permit having arbitrary unverified code as long as it has no signs of being an alternate OS rather than a modified stock OS but go out of the way to block GrapheneOS. Genuinely mystifying.

    So this is not really "fixed" but rather "delayed". Once they use Integrity API hard mode, we're doomed. Might as well get used to carrying 2 phones, folks

    Is there no way to at least run a VM with stock Android that would pass this?

      deltuzirtu

      Is there no way to at least run a VM with stock Android that would pass this?

      There's no such thing as stock Android, and a VM would be the opposite of helpful.

      It's always assumed that Play Integrity will come next for Revolut, but I don't think so, because wouldn't that prevent the use on old phones as well? I mean, they are currently doing some simple checks, just to prevent that Revolut is usable on phones with custom/rooted ROMs, but that's pretty much it. How many people are using old phones that would not pass Play Integrity? They can't risk the flood of support requests for such a move. Also, what Google does for its own apps (like Google Wallet) is different to what's going on with 3rd party apps. Will they risk that this goes wide spread public with some authority intervening? So many questions and no answers.

        deltuzirtu So this is not really "fixed" but rather "delayed".

        That seems plausible.

        deltuzirtu Once they use Integrity API hard mode, we're doomed. Might as well get used to carrying 2 phones, folks.

        "It is difficult to make predictions, especially about the future."

        This might be a good time to prep a backup device and/or a good time to investigate other banks.

        And perhaps it might be productive for any current customers worried about this to call them up and say you're worried about it.

        deltuzirtu Might as well get used to carrying 2 phones, folks

        I think the solution is to stop being a customer of entities that are hostile towards you. "Vote with your wallet". I'm a Revolut premium customer, and was about to put part of my savings in there when this crap started happening. Now I've rolled back my usage of Revolut to a minimum, and once my annual Premium membership expires, I'll close the account if they haven't corrected course by then.

          GrapheneOS Genuinely mystifying.

          Just a speculation here - those "protection libs" use some shady techniques for anti-reverse engineering protection, that are not working well on Graphene due to hardened runtime and other features you enforce, so they decided to just ban GrapheneOS entirely and call it a day.

            traveller Not plausible, because it's working again since GrapheneOS implemented the necessary changes in build.prop, which means it's now passing the tests of those libs.

            brightjob4495 I think the solution is to stop being a customer of entities that are hostile towards you.

            I worry that all the choices will suck equally in a few years (possibly sooner).

            MasterOne It's always assumed that Play Integrity will come next for Revolut, but I don't think so, because wouldn't that prevent the use on old phones as well?

            Nope. This isn't about security at all but about control. 10-year-old phones with long-abandoned Android versions and no security updates do pass the Integrity check in hard mode. Also, they don't really care, at the end of the day. They will blindly follow whatever practices their Google/Apple masters advertise as "best", and just assume things will work out OK because surely everyone else will also just go with the flow.

            brightjob4495 I think the solution is to stop being a customer of entities that are hostile towards you.

            In an ideal world, I would only use GrapheneOS with FOSS apps from non-Google app store source. However, this proved impossible in the long run. For example I absolutely needed a health-related app for a certain thing regarding my health. There's no way around that really. It will only probably get worse in the future, for example when countries ban cash, or banks transition to virtual-only debit cards, so you will absolutely need some proprietary bank app to be able to live.

            what revolut is doing is counterproductive..with the latest upgrade, it works on GOS..but until when?

            as a result, I've got another old phone just for revolut and nothing else with tethering...and they won't have any more information! ;-)

            I think that in the future, I'm going to gradually boycott these companies that want to know everything under the pretext of security when they don't even run on an ultra-secure OS!

            traveller but yet the app functions just fine for everyone on GOS.

            MasterOne Play Integrity API works fine on older phones. The device integrity passes with the stock OS on a device licensing Google Mobile Services even if it hasn't gotten patches for a decade. The strong integrity level requires hardware attestation which was required for all devices launched with Android 8 or later. They may want to support older devices not launched with Android 8 or later if they don't care at all about security, but that's not something which prevents them checking for the device integrity level which would ban using GrapheneOS. Google uses the device integrity level for tap-to-pay, not the strong integrity level.

            GrapheneOS What exactly were the changes that made PlayIntegrity, EnvChecks & Revolut pass again?
            That might be very useful for other custom OS for phones not supported by GrapheneOS.

              11 days later

              I'm having pixel 4 (5g), which is discontinued, but with extended support. Revolut version from Aurora 10.61, works until yesterday, don't know if I install newer version with auto update, but now Revolut complains that it's not supported on custom firmware. I delete that new version and install old 10.61 again, but message is the same, can someone explain if I'm losing some kind of emulation that Graphene is recognized as stock Android OS any more, shortly don't know what is the source new Revolut app, or not supported pixel 4

                otpisani Why are you installing an old version? The most recent is 10.66.

                Because it's not working, and I didn't do anything, and not sure if it's regarding app or GrapheneOS is not supported any more for mine device, can you share if it's 10.66 works for you.