Recently, I sent messages to Revolut's customer support. My first email said:

Dear Revolut Support Team,

I am writing to express my concern regarding the recent update to the Revolut Android application, which has rendered it inaccessible on my device. I am using a Google Pixel 9 Pro XL running GrapheneOS, a security-focused operating system. It appears that the latest update employs the Play Integrity API to verify device security, resulting in the app's incompatibility with GrapheneOS.

This situation poses a significant inconvenience, as it restricts access for users who prioritize enhanced security through alternative operating systems. Notably, Android's hardware attestation API offers a more robust attestation method than the Play Integrity API and allows for the whitelisting of keys from alternate operating systems. GrapheneOS not only adheres to the app security model but also substantially reinforces it. Therefore, restricting its use cannot be justified on grounds of security or fraud prevention.

I kindly urge your development team to consult GrapheneOS's Attestation Compatibility Guide to implement a verification method that accommodates the security integrity of systems like GrapheneOS.

Thank you for your attention to this matter.

Sincerely,
YYY

Got reply:

Hi there,

Thank you for waiting for our response! We appreciate your kind patience

I understand that you need help with a concern related to your account. Unfortunately, we could not find any account with the email address you are contacting us from. Would you be so kind as to confirm the email address and phone number (along with the country code) associated with your Revolut account? Also, if you have access to that email address, we can send you an email there and continue.

You can also reach out to us via chat. How?

To initiate the in-app support chat please follow these steps:

Revolut app home screen → Profile picture or initials/name → Help → Select the topic of your inquiry → Scroll down to "Help with something else" → Press “Chat with us" → type “Live agent” to connect with an agent.

If you are not logged into the Revolut app on your phone, you can chat with us anonymously. How?

Enter your mobile number that’s associated with your Revolut account → Click "Continue" → on the "Enter your password" screen, tap the "FORGOT?" bottom → Tap "Support" in the top right corner → tap "New Chat".

Thank you for your cooperation!

Best Regards,
XXX

My last email said:

Hi XXX,

Thank you for your response.

Unfortunately, it seems there is some misunderstanding. The issue I am reporting is not related to account access or incorrect account details. It is about a technical limitation with the Revolut app itself after a recent update.

Specifically, I am unable to log in or sign up at all on my device. When I tap the Login button, I immediately receive the following error message:
"Sorry, Revolut is not supported on devices with custom firmware."
At this point, the app becomes entirely unusable, preventing any further actions, including starting an anonymous chat through the app.

For context, I am using a ZZZ running GrapheneOS, a security- and privacy-focused Android distribution. The firmware in GrapheneOS is identical to the stock firmware provided by Google for Pixel devices, ensuring full system integrity. In fact, GrapheneOS enhances Android's app security model, making it a highly secure environment.

The issue seems to be caused by Revolut's recent implementation of the Play Integrity API for device verification. However, Android’s hardware attestation API provides a more robust and flexible alternative, allowing for the secure whitelisting of trusted systems like GrapheneOS. Excluding GrapheneOS users based solely on Play Integrity checks cannot be justified on security grounds, as this environment is at least as secure as the stock operating system.

I kindly request that this issue be escalated to the Revolut development team for review. Adopting a more inclusive attestation method would help avoid unnecessary inconvenience for security-conscious users. The Attestation Compatibility Guide from GrapheneOS offers clear recommendations on verifying the security integrity of such systems.

Thank you for your time and understanding. Please let me know if you need further details or clarification about this issue.

Best regards,
YYY

I received the following final reply:

Hi there !

We really appreciate your feedback! We are always trying to improve our product to provide you with a better experience. I will be sure to pass your suggestion onto our team for their consideration as we move forward with Revolut.

While I cannot provide a timeline, please check back on our website periodically for any updates. If you have any further questions please let me know.

Thank you,
Kind Regards,
Revolut Customer Support

It seems like this is just a perfunctory conversation and won't actually achieve anything.

    I also reached out to customer support and this is the response I got:

    Hello,

    Our application might work on phones running MicroG, GrapheneOS or other operating systems however, we do not officially support it or conduct any compatibility tests. This means the application may have limited functionality or might not be usable at all.

    As of now, we have no plans to support those systems in the foreseeable future.

    Thank you for understanding and sorry for the inconvenience caused.

    Kind Regards

    Revolut Customer Support

    And they completely ignored my suggestions to use hardware attestation...

      krysor
      Chase
      Starling
      Both work on GOS, have no fees (why pay fees to use your money?), are based in GBP with zero exchange fees, and a commission rate that is close enough to the day trading rate that you need not be concerned

        rigel24

        PGOSUW2P9

        Your described process with version 10.54 worked also for me. I was not successful with any higher version. Thank you!

            hungrily6100 Yeah, I personally always feel slightly frustrated when CSRs send me canned replies. On the other hand, in this case they did agree to forward it to developers (I hope that's what they meant by "team"), which is more than most CSRs usually do, in my experience. I try to keep in mind that the canned responses are usually lines (or variations of them) that they are obligated to provide, so I'll usually be receiving them anyway.

            Ramojus

            Yeah, that's verbatim the response I received from the CSR I chatted with a few days ago. However, when I kept pushing the matter the CSR agreed to forward my feedback to the development team. Here's what I wrote after receiving their first canned response. Note that I might've just got lucky in that the CSR was slightly more customer-oriented in general. And also, if someone's contacting Revolut about this, please don't use this text verbatim, as they might get suspicious that we are (or that I am) spamming them on the matter:

            I am aware that GrapheneOS is not officially supported. However, it has never been officially blocked, up until now. It appears that the Android app version 10.56 is now blocking new sign-in attempts. This is not only my observation but is being observed by all GrapheneOS users I have talked with who have attempted to sign in. They have been locked out of your service.

            For background: GrapheneOS is not an
            operating system that's certified by Google but is still closely based on Android. The Revolut app works fine on GrapheneOS when already signed in, and has always worked fine for me, except that the app is now blocking new sign-in attempts. I use GrapheneOS because it focuses extensively on users' privacy and security, and builds on Android's own security and privacy features while also strengthening them. I very much care about the security of my device and I'll be unable to use your product if you block GrapheneOS.

            Your developers can allow GrapheneOS specifically by following this guide:
            https://grapheneos.org/articles/attestation-compatibility-guide

            To summarise: GrapheneOS is keeping fully up to date with the latest Android patches and versions, and has pioneered security features that Apple has now integrated into iOS, such as auto-reboot and contact scopes. There's no reason that the app should allow users to run it on Android 7 - which has not received security updates for years - but block an OS that's recognized for its security features and implements the full Android security patches each month.

            Kindly asking that my feedback be forwarded to the
            development team for consideration.

                Good news!
                I got a reply to my 1-star review from Revolut:

                "Hi XXX. We are sorry to hear that you are not able to use our app on the Graphene OS. Please note that you will soon be able to use Revolut again on your device, as our team is already working on it. Thanks."

                So it seems, that we were loud enough!

                  Just left my 1 start review, even though at the moment I'm currently on stock.

                  " Stopped working on GrapheneOS which has a stronger security model than Google's Play Integrity API.
                  Time to move on from Revolut if you don't revert your decision.

                  Thank you "

                    stfn that's great, I'll wait then because I quite like Revolut.

                      cdflasdkesalkjfkdfkjsdajfd Not too hopeful. These are usually comments that just hope that customer service will react quickly. I hope I'm wrong...

                      I hope it's not just some customer service representative that has misunderstood some feedback they received from a developer, and assuming wrongly that they are allowlisting GrapheneOS. They seem to have been given stock replies that they are handing out to us almost verbatim, and this is the first time they've said that it'll start working again. But we'll see!

                      Since they sent me a case ID I already sent them an email about it (adding info to my previous contact with them; I was honest about already having been in contact with Revolut support via the app, so I don't think they'll see it as spam). No harm in us continuing to push this, as long as they don't see it as spam.

                        aurocha

                        Just go their answer in the form of a reply to my review:

                        " We appreciate you reaching out to share the problems experienced when trying to access the Revolut app on GrapheneOS. Please note that, GrapheneOS is presently not supported and if we do have any plans to introduce this later on, we'll be sharing the news via our official social media channels."

                            fid02 There is one thing I don't understand and that is why I can log in regardless of the version on a phone with LineageOS, without rooting, and I can't do it on GrapheneOS

                                cdflasdkesalkjfkdfkjsdajfd If you want to, you can check those two other apps without logging in our signing up. Just press the "Log in" button and you should see the message immediately. Would be interesting to hear how they behave on that LineageOS setup.

                                    fid02 Hmmm, I have installed it and are not working. Also, I have installed normal app (10.56.2) in other LineageOS profile then tried to login into then also received the same error. Seems to me LineageOS isn't compatible yet.

                                      I emailed help@revolut.com this morning and this was their reply

                                      Thank you for reaching out to us!

                                      I understand where you are coming from.

                                      Our application might work on phones running MicroG, GrapheneOS or other operating systems however, we do not officially support it or conduct any compatibility tests. This means the application may have limited functionality or might not be usable at all. We have no plans to support those systems in the foreseeable future.

                                      Doesn’t sound very promising that they will sort out the issue.