Recently, I sent messages to Revolut's customer support. My first email said:
Dear Revolut Support Team,
I am writing to express my concern regarding the recent update to the Revolut Android application, which has rendered it inaccessible on my device. I am using a Google Pixel 9 Pro XL running GrapheneOS, a security-focused operating system. It appears that the latest update employs the Play Integrity API to verify device security, resulting in the app's incompatibility with GrapheneOS.
This situation poses a significant inconvenience, as it restricts access for users who prioritize enhanced security through alternative operating systems. Notably, Android's hardware attestation API offers a more robust attestation method than the Play Integrity API and allows for the whitelisting of keys from alternate operating systems. GrapheneOS not only adheres to the app security model but also substantially reinforces it. Therefore, restricting its use cannot be justified on grounds of security or fraud prevention.
I kindly urge your development team to consult GrapheneOS's Attestation Compatibility Guide to implement a verification method that accommodates the security integrity of systems like GrapheneOS.
Thank you for your attention to this matter.
Sincerely,
YYY
Got reply:
Hi there,
Thank you for waiting for our response! We appreciate your kind patience
I understand that you need help with a concern related to your account. Unfortunately, we could not find any account with the email address you are contacting us from. Would you be so kind as to confirm the email address and phone number (along with the country code) associated with your Revolut account? Also, if you have access to that email address, we can send you an email there and continue.
You can also reach out to us via chat. How?
To initiate the in-app support chat please follow these steps:
Revolut app home screen → Profile picture or initials/name → Help → Select the topic of your inquiry → Scroll down to "Help with something else" → Press “Chat with us" → type “Live agent” to connect with an agent.
If you are not logged into the Revolut app on your phone, you can chat with us anonymously. How?
Enter your mobile number that’s associated with your Revolut account → Click "Continue" → on the "Enter your password" screen, tap the "FORGOT?" bottom → Tap "Support" in the top right corner → tap "New Chat".
Thank you for your cooperation!
Best Regards,
XXX
My last email said:
Hi XXX,
Thank you for your response.
Unfortunately, it seems there is some misunderstanding. The issue I am reporting is not related to account access or incorrect account details. It is about a technical limitation with the Revolut app itself after a recent update.
Specifically, I am unable to log in or sign up at all on my device. When I tap the Login button, I immediately receive the following error message:
"Sorry, Revolut is not supported on devices with custom firmware."
At this point, the app becomes entirely unusable, preventing any further actions, including starting an anonymous chat through the app.
For context, I am using a ZZZ running GrapheneOS, a security- and privacy-focused Android distribution. The firmware in GrapheneOS is identical to the stock firmware provided by Google for Pixel devices, ensuring full system integrity. In fact, GrapheneOS enhances Android's app security model, making it a highly secure environment.
The issue seems to be caused by Revolut's recent implementation of the Play Integrity API for device verification. However, Android’s hardware attestation API provides a more robust and flexible alternative, allowing for the secure whitelisting of trusted systems like GrapheneOS. Excluding GrapheneOS users based solely on Play Integrity checks cannot be justified on security grounds, as this environment is at least as secure as the stock operating system.
I kindly request that this issue be escalated to the Revolut development team for review. Adopting a more inclusive attestation method would help avoid unnecessary inconvenience for security-conscious users. The Attestation Compatibility Guide from GrapheneOS offers clear recommendations on verifying the security integrity of such systems.
Thank you for your time and understanding. Please let me know if you need further details or clarification about this issue.
Best regards,
YYY
I received the following final reply:
Hi there !
We really appreciate your feedback! We are always trying to improve our product to provide you with a better experience. I will be sure to pass your suggestion onto our team for their consideration as we move forward with Revolut.
While I cannot provide a timeline, please check back on our website periodically for any updates. If you have any further questions please let me know.
Thank you,
Kind Regards,
Revolut Customer Support
It seems like this is just a perfunctory conversation and won't actually achieve anything.