Comdirect PhotoTAN Bank App bans rootet phones?

Ssh4tr0x · 2025-04-03T11:51:05+00:00

Hi,
I have the latest GrapehenOS stable build installed and want to use the photoTAN App from my Bank "Comdirect".
The App was last updated on 31 Mar 2025.

Now I am not allowed to use the App. The App says
"Due to regulatory requirements, measures were taken to further secure the app and exclude rooted devices." (translated).

The App does not report using the Play Integrity API. Sometimes it opens without issues, but most of the time it now shows this message.

Are there other ways, how the App can recognize that I am not using the official Google certified OS?
I think the App can be added to Apps banning GrapheneOS.

I installed the App via G. Play Store:

Version 9.7.1
com.comdirect.phototan
versioncode 83346

Is there maybe a way for GrapheneOS to somehow spoof the OS state? Perhaps I can open a Github issue for that?

spring-onion · 2025-04-03T12:14:24+00:00

Hey, people have reported it working again if you disable secure app spawning: https://github.com/PrivSec-dev/banking-apps-compat-report/issues/349

Ssh4tr0x · 2025-04-03T19:43:29+00:00

spring-onion

Thanks, that works.

Also, that means if the App is already opened with the message and remains active in the background, it can just be opened again via Home screen or App Menu without the error.
That way, secure app spawning is not used because the App is already opened.

BBeerman · 2025-04-07T07:55:21+00:00

It seems, the are working on a solution:

Playstore review (Translated from german):

comdirect – eine Marke der Commerzbank AG

April 2025
Hello You Tube, good news, we are working on a solution and plan to update it soon. We will keep you up to date. VG Christoph

matchboxbananasynergy · 2025-04-07T20:11:42+00:00

https://github.com/PrivSec-dev/banking-apps-compat-report/issues/349#issuecomment-2784133395

This seems to have been addressed by them.