hungrily6100 Yeah, I personally always feel slightly frustrated when CSRs send me canned replies. On the other hand, in this case they did agree to forward it to developers (I hope that's what they meant by "team"), which is more than most CSRs usually do, in my experience. I try to keep in mind that the canned responses are usually lines (or variations of them) that they are obligated to provide, so I'll usually be receiving them anyway.

Ramojus

Yeah, that's verbatim the response I received from the CSR I chatted with a few days ago. However, when I kept pushing the matter the CSR agreed to forward my feedback to the development team. Here's what I wrote after receiving their first canned response. Note that I might've just got lucky in that the CSR was slightly more customer-oriented in general. And also, if someone's contacting Revolut about this, please don't use this text verbatim, as they might get suspicious that we are (or that I am) spamming them on the matter:

I am aware that GrapheneOS is not officially supported. However, it has never been officially blocked, up until now. It appears that the Android app version 10.56 is now blocking new sign-in attempts. This is not only my observation but is being observed by all GrapheneOS users I have talked with who have attempted to sign in. They have been locked out of your service.

For background: GrapheneOS is not an
operating system that's certified by Google but is still closely based on Android. The Revolut app works fine on GrapheneOS when already signed in, and has always worked fine for me, except that the app is now blocking new sign-in attempts. I use GrapheneOS because it focuses extensively on users' privacy and security, and builds on Android's own security and privacy features while also strengthening them. I very much care about the security of my device and I'll be unable to use your product if you block GrapheneOS.

Your developers can allow GrapheneOS specifically by following this guide:
https://grapheneos.org/articles/attestation-compatibility-guide

To summarise: GrapheneOS is keeping fully up to date with the latest Android patches and versions, and has pioneered security features that Apple has now integrated into iOS, such as auto-reboot and contact scopes. There's no reason that the app should allow users to run it on Android 7 - which has not received security updates for years - but block an OS that's recognized for its security features and implements the full Android security patches each month.

Kindly asking that my feedback be forwarded to the
development team for consideration.

      Good news!
      I got a reply to my 1-star review from Revolut:

      "Hi XXX. We are sorry to hear that you are not able to use our app on the Graphene OS. Please note that you will soon be able to use Revolut again on your device, as our team is already working on it. Thanks."

      So it seems, that we were loud enough!

        Just left my 1 start review, even though at the moment I'm currently on stock.

        " Stopped working on GrapheneOS which has a stronger security model than Google's Play Integrity API.
        Time to move on from Revolut if you don't revert your decision.

        Thank you "

          stfn that's great, I'll wait then because I quite like Revolut.

            cdflasdkesalkjfkdfkjsdajfd Not too hopeful. These are usually comments that just hope that customer service will react quickly. I hope I'm wrong...

            I hope it's not just some customer service representative that has misunderstood some feedback they received from a developer, and assuming wrongly that they are allowlisting GrapheneOS. They seem to have been given stock replies that they are handing out to us almost verbatim, and this is the first time they've said that it'll start working again. But we'll see!

            Since they sent me a case ID I already sent them an email about it (adding info to my previous contact with them; I was honest about already having been in contact with Revolut support via the app, so I don't think they'll see it as spam). No harm in us continuing to push this, as long as they don't see it as spam.

              aurocha

              Just go their answer in the form of a reply to my review:

              " We appreciate you reaching out to share the problems experienced when trying to access the Revolut app on GrapheneOS. Please note that, GrapheneOS is presently not supported and if we do have any plans to introduce this later on, we'll be sharing the news via our official social media channels."

                  fid02 There is one thing I don't understand and that is why I can log in regardless of the version on a phone with LineageOS, without rooting, and I can't do it on GrapheneOS

                      cdflasdkesalkjfkdfkjsdajfd If you want to, you can check those two other apps without logging in our signing up. Just press the "Log in" button and you should see the message immediately. Would be interesting to hear how they behave on that LineageOS setup.

                          fid02 Hmmm, I have installed it and are not working. Also, I have installed normal app (10.56.2) in other LineageOS profile then tried to login into then also received the same error. Seems to me LineageOS isn't compatible yet.

                            I emailed help@revolut.com this morning and this was their reply

                            Thank you for reaching out to us!

                            I understand where you are coming from.

                            Our application might work on phones running MicroG, GrapheneOS or other operating systems however, we do not officially support it or conduct any compatibility tests. This means the application may have limited functionality or might not be usable at all. We have no plans to support those systems in the foreseeable future.

                            Doesn’t sound very promising that they will sort out the issue.

                            Edited at fid02's request: according to this post Daniel89, this is no longer working.

                            Than you are free to go to to download the older version: https://www.apkmirror.com […]

                            Verifying your Revolut install

                            Installing APKs that are downloaded from "random" websites on the internet is risky, because there's an increased risk that the APK can serve a modified – and potentially malicious – version of the app. For a banking app, that could put you at risk of having your credentials or other sensitive information stolen from you.

                            However, there is a way to verify that the app you have installed is (with reasonable probability*) the genuine, unmodified version of Revolut. Here's how you can do that, using an app called Appverifier (this is assuming that you have already installed Revolut):

                            1. Go to App Store > Accrescent > select Install
                            2. Open Accrescent and install Appverifier
                            3. Open Appverifier > select "App list" > select Revolut

                            Explanation (optional read; feel free to skip to step 4): You will see a screen with the text "Internal database status: not found". That's because Appverifier doesn't include what's called a "signing certificate hash" for Revolut, so it won't automatically confirm its validity; you'll have to obtain the hash for Revolut some other way.

                            I have pasted the hash of Revolut obtained from Play Store here:

                            9C:9B:E0:71:35:E9:72:78:02:82:C2:E5:D2:7D:A0:6E:CB:8E:E3:AD:FC:75:30:39:17:DD:F6:6D:6F:AA:EF:A4

                            1. Copy the "signing certificate hash" (the long string of seemingly random characters) from the Details above
                            2. In Appverifier, select "Verify from clipboard"

                            If all is well, Appverifier should then display "SUCCESS". If it displays "FAILURE", double-check that you copied the entire signing certificate hash. If you did, and it still displays "FAILURE", you have not installed the genuine version of Revolut.

                            Installing Revolut 10.54 using Aurora Store

                            You can also use Aurora Store to download version 10.54 of Revolut. Your download/install of Aurora Store can be verified as genuine by using Appverifier (Aurora Store is included in its internal database) as explained in steps 1-3 above.

                            1. Uninstall any newer version of Revolut you may have installed
                            2. Open Aurora Store and navigate to the Revolut store entry
                            3. In the top-right corner, select the vertical ellipsis > Manual download
                            4. In the text box, enter this: 1005403809
                            5. Select Check
                            6. Wait for the download to complete, and install it
                            7. The installation will take several minutes
                            8. Verify the Revolut install with Appverifier by following the steps above (optional but recommended)
                            9. Open Revolut and log in

                            You can now update Revolut from either Aurora Store or the Play Store.

                            *I'm aware that an attacker could steal developers' signing keys and sign the app with it, then release a malicious version to the internet. This is always going to be a risk. The scope of this post is not to protect against that scenario.

                                For anyone who wants to pressure them, their official complaint channel is formalcomplaints@revolut.com.
                                To be sure it reaches them properly, do it from the email address you registered with them, and put "Formal written complaint" in the email subject.

                                If they don't reply and agree to support GrapheneOS, look to escalate to your country's financial/banking authorities. They may be able to pressure without requiring a lawsuit.

                                A few arguments to keep in mind if you reach authorities:

                                • they don't seem to provide any reply other than "security reasons" (without detailing them even after asking details), and "get a new device"
                                • there was no announcement or notice
                                • users who are logged-in on GrapheneOS can still use the app, so this is clearly not about security or about being dependent on a specific Google service

                                  schklom escalate to your country's financial/banking authorities

                                  Shouldn't one escalate to Lithuanian banking authorities instead, since Revolut is based in Lithuania?

                                    In the first instance, I think we need to officially complain to Revolut.

                                    On https://help.revolut.com/help/more/legal-topics/how-do-i-complain/ and https://cdn.revolut.com/terms_and_conditions/pdf/complaints_policy_89d0fb4d_0.1.0_1702909765_en.pdf, they detail how to complain and where to go after that if they don't solve it. Lithuania authorities are a possibility, but I'm not sure if our national authorities or Lithuania authorities are best. I sent a formal complaint, should get a (non-)reply soon, then will be in touch with my country's financial authorities.

                                    You can always try every avenue and see what works: Revolut formal complaint + your country financial authorities + Bank of Lithuania + Lithuania financial authorities.

                                    In the worst case, someone will have to start a lawsuit.