Hello community, My wife is a diabetes type1 patient and uses an application known as CamAPS on her phone which connects via Bluetooth to the insulinepump. This application basically regulates her glucoselevel through an algorithm. And since she is home alone, it is critical for me to be able to get notifications when she gets into a hypo (low glucose level). For this I will also need to install this CamAPS application. However, since I installed grapheneOS I can't install this application.

I know that this CamAPS is very carefull with security. Which makes sense. But how come I can't install this app? And what can I do to fix this?

Thanks!

    Aksec What's happening when you try to install the app? Do you get any error message?

      Try to go into the Settings app –> Apps –> See all (number) apps –> app name –> scroll down and enable the exploit protection compatibility mode. Report if you still have issues. If not you may want to try disabling compatibility mode and fiddling with the other exploit settings below it to still get some security benefit.

      Also see the stickied thread regarding app compatibility.

        Watermelon Try to go into the Settings app –> Apps –> See all (number) apps –> app name –> scroll down and enable the exploit protection compatibility mode.

        That would perhaps have been something to try if there was a problem with an already installed app. According to the OP, the app is not installed. Although not clear where the OP is trying to install the app from, or what "can't install" means here.

          Aksec I'm assuming it's this app? https://play.google.com/store/apps/details?id=com.camdiab.fx_alert.mmoll

          myLife CamAps FX? The Play Store entry says it's incompatible with my device, which in most cases means that the app developers is blocking installs from the Play Store for OSs that are not licensed by Google, by using the Play Integrity API. It's one of the few cases where you'll have to install the app from the, less secure, Aurora Store. That worked for me, although I don't have an account and didn't try to sign in within the app. You can also contact the app developers to ask them to please stop using the Play Integrity API.

            6 days later

            Hi guys,
            @fid02 Yes, that is the correct app. I am trying to install this app from the google play store. The message I am getting is: Your phone is not compatible with this app. I used to have this app on my same pixel 7 phone before installing grapheneos.

            The reason why they they are using Play Integrity API is because they want to block any 'unsecure' connections with their application. Since, any incident with this app may get people killed. I don't think they will listen to my request of stop using play integrity api.

            It would be really tragic if can't install this app because it would I have to go back to the original pixel OS

              Aksec Make sure you're not sending them a message with an accusatory or angry tone, and don't curse them. Invoking a negative emotional response in them might lead them to not consider you. Although you could emphasize that you need help, maybe also explain the situation with your wife the same way you explained here. Besides that, a few recommendations:

              1. Tell them that they depend on Play Integrity, and emphasize first-and-foremost that the dependency is unnecessary and that Play Integrity is anti-competitive.
              2. Tell them you have an operating system which is both hardened and focused on security (hardened because focus on security doesn't mean the devs are serious about hardening, and focused on security because the hardening is the explicit purpose of the project).
              3. Tell them that the devs of the operating system are security professionals rather than hobbyists.
              4. Emphasize that the bootloader is locked and that there's no root at all.
              5. Emphasize that they don't have to sacrifice the existing restriction against root users at all, that you're not trying to lobby them to support root users (which are insecure), and point them to this link.

                Aksec The reason why they they are using Play Integrity API is because they want to block any 'unsecure' connections with their application. Since, any incident with this app may get people killed. I don't think they will listen to my request of stop using play integrity api.

                If the app authors have decided to use hardware attestation to enforce that their app will run on only certain operating systems, then it will run on only those operating systems.

                At present, Play Integrity approves of some fairly old devices, some of which may be fairly cheap. So it might be possible to dedicate a device to running just the one app.

                  10 days later

                  Hello,
                  I have the exact same problem. I need to install and run CamAPS FX on my grapheneOS phone.
                  I am able to install the app through Aurora store, but the problem occurs when I try to connect the pump. It's seems the dev are trying to do some verification once the pump is connected to the app. At this moment, the app generate an alert, and it is impossible to administrate a bolus (error message with key security appairing, something like that..)
                  The error message is not clear, but I'm pretty sure it's because I have installed the app through Aurora store on GrapheneOS.
                  It would be great if someone is able to convince the devs of the app to allow the app to work on GrapheneOS...
                  Or if someone had the same issue and was able to find a solution... I would be happy to have a solution to continue to use grapheneOS despite my condition.
                  I would like to avoid to have 3 phones on me (pro + perso + dedicated for camaps).
                  Thank you !

                    grapheosftw

                    I just check again, the error message is :
                    "Your pump is not accessible because the security key exchange has failed.
                    Please connect to the internet
                    Then reconnect your pump to be able to connect to it"

                    Sorry, it's not the original message in english, it's a translation from my langage to english.

                    • thmf replied to this.

                        • Tthmf

                          • Post #11

                          grapheosftw Please connect to the internet

                          Does the app have Internet permission? You can check if you long tap on the app -> select info ("i" symbol) -> Permissions.

                          If this doesn't help, you could also try (temporary) enabling Exploit protection compatibility mode toggle on the same app App info page to check of this helps.

                          Are you using a VPN?

                              thmf

                              I've given all permission requested without any limit. I've alo tried enabling exploit protection compatibility mode.
                              No, I'm not using a VPN. I have tested on both SIM + through wifi connection.
                              None of this test worked for me...

                              I've send an email to the dev to ask them to work to allow GrapheneOS. I've also linked this page to them.
                              I hope we will find a solution.

                                  grapheosftw If they are using Integrity API, until they stop, there is no real solution. Tbh its questionable why an application that if something went wrong, someone could die, is ran on a users normal android device in the first place.

                                  Why isn't this some kind of separate device by the manufacturer

                                      a month later

                                      raccoondad Tbh its questionable why an application that if something went wrong, someone could die, is ran on a users normal android device in the first place.

                                      Tbh its questionable why an application that if something went wrong, someone could die, depends on a Google service that can go down.