GrapheneOS What exactly were the changes that made PlayIntegrity, EnvChecks & Revolut pass again?
That might be very useful for other custom OS for phones not supported by GrapheneOS.

      11 days later

      I'm having pixel 4 (5g), which is discontinued, but with extended support. Revolut version from Aurora 10.61, works until yesterday, don't know if I install newer version with auto update, but now Revolut complains that it's not supported on custom firmware. I delete that new version and install old 10.61 again, but message is the same, can someone explain if I'm losing some kind of emulation that Graphene is recognized as stock Android OS any more, shortly don't know what is the source new Revolut app, or not supported pixel 4

        otpisani Why are you installing an old version? The most recent is 10.66.

          Because it's not working, and I didn't do anything, and not sure if it's regarding app or GrapheneOS is not supported any more for mine device, can you share if it's 10.66 works for you.

          The changes that work around Revolut's ban are only available to devices we support fully.

          Thanks, that explains, although Revolut where working for some time, maybe even two months after I receive first notification that my phone is not supported any more. Some cheat sheets that I need to look if I change to another alternative Android OS in that grace period before buying new pixel device would be great.

          I switched to Graphene on Dec 2024 and the app would not let me login.
          Last month I believe, I did an update on Revolut from the Play Store and it started working.

          17 days later

          Dumdum Thanks!
          I wasn't able to reproduce the success in a LineageOS build. From what I gathered what was done:

          • Set ro.build.user/host to official-looking values
          • Set ro.boot.verifiedbootstate=green for all apps, including user apps
          • Disable reloading constants of the Build class which looks rather like an optimization as it would be a no-op if I'm not mistaken

          There are likely a few more changes involved as making SafetyNet and PlayIntegrity pass might require marking hardware key attestation as unsupported and changing a few properties. The latter doesn't seem to be required as it looks like (official?) fingerprints and user-builds with release-keys are already used. And does the hardware-backed attestation really work in GrapheneOS? AFAIK that isn't possible after bootloader unlocking.

          So there might be something else being done in GrapheneOS that I missed or isn't possible with LineageOS as even after fixing all properties (via the .prop files on device) Revolut/DexProtect detects the "insecure" device.
          If anyone has some ideas I'd be grateful.

          In any case: Hats off to the GrapheneOS team!