Santander bank app fails to work unless 'Secure app spawning' is disabled

DeletedUser315

roamer4223 Just opened a Starling account tonight.
Randomly my Santander app though is now working now and again.. Its in a second profile now and if I end the session or force quit (not found the exact cheat code yet) it sometimes works.

roamer4223

DeletedUser315 By the way, I am not sure if they are actually actively trying to block GrapheneOS with the changes they made in version 5.17.0. It may be unintentional. That's one of the questions I asked in my email. That's why it might occasionally work as the change might not be directed at GOS users.

And I have found Starling to be a much better bank app personally

DeletedUser315

roamer4223 Was kinda thinking the same. I'm interested to see if they will reply you, hope so and thanks for taking your time in writing to them.
Also cheers for the heads up on Starling.

Viewpoint0232

Is there any way in GOS to just disable secure app spawning for one app?

Lilac6044

Viewpoint0232 Nope. Please see feature request: https://github.com/GrapheneOS/os-issue-tracker/issues/2170

GrapheneOS

We've seen apps doing this a few times before and have an idea of why it's happening. It's incredibly rare and caused by a misguided and broken attempt at anti-tampering. It will also likely break in future Android releases and with certain OEM variants of Android. They're likely using some debugging functionality to check the initial call stack and are hard-wiring specific permitted call stacks. Secure spawning has a slightly different initial call stack from how it starts differently. It's possible we can make it align or at least fake it so these apps stop banning GrapheneOS when secure spawning is enabled.

spring-onion

Please help add it to the list of banking apps by filling out the issue form here: https://github.com/PrivSec-dev/banking-apps-compat-report/issues

CoachDom

Hi all, any update on this? I tried turning off Secure app spawning but its still not working
Thanks
Dom

DeletedUser315

CoachDom Only thing I've done to date is open a Starling account and move my money over until I see what happens and in the mean time I can log on via the website and have most functions.
If roamer4223 does not hear back I will try and contact them also. If no luck I will just move on and close the account with Santander.

gentlefrog5168

Sucks, just opened a Santander account, only to find this out. Tried calling, but not much luck - although I can't imagine customer reps are that knowledgeable on this sort of stuff. Has anyone heard back from the developers yet?

Molasses

gentlefrog5168

Just leave a review on their Play Store Apps and tell them supporting GrapheneOS isn't hard at all:

https://grapheneos.org/articles/attestation-compatibility-guide

https://grapheneos.org/usage#exec-spawning

That's probably the best way to reach the actual Developers of those Apps.

gentlefrog5168

Molasses Will try that - also going to exhaust their contact details first though. I called yesterday with no luck, but called again today and the rep told me they've put in an IT ticket internally to get it sorted. I've passed over app logs, error logs and a screen recording (although looking back at it I've realised it doesn't show anything on the app as it's blacked out, oops!)

waynea

DeletedUser315 Nationwide Building Society's app works perfectly on GOS (I moved there from Lloyd's after their arrogant attitude towards GOS)

hodj67

Hello all. I have had the same problem on my P6a. Upgraded the Santander app and it intermittently works. It was running in a separate user account with play services installed as I keep my main user account Google free. Unfortunately my bank account is a joint account so moving to a different bank isn't an option and I need access to my account regularly so I have had no option but to revert to Google stock which I am obviously greatly miffed about. I wrote an email to Santander but I really don't expect them to take any notice. It is a really very disappointing situation. If I could persuade my wife to move to Nationwide I would but it's a tough sell because of the hassle involved. My plan is to give it a few months, wait for them to move on from 5.17 and then flash GOS back on and try again. Not hopeful though and I am really unhappy about losing GOS. Maybe I need a cheapo phone just for running stock just for badly written apps...

DeletedUser315

hodj67 Just use vanadium and log on threw there and add it to your home screen. They don't have a mobile friendly site but its very usable. No need to go back to stock and lower your security.

Viewpoint0232

hodj67 o I have had no option but to revert to Google stock

Why? You can just disable secure app spawning in the GOS settings and the app works again.

hodj67

DeletedUser315 Done as you suggest. It is a little challenging using the web version on a phone screen but it's fine for the odd times I need to use it.

hodj67

Viewpoint0232 Yes, but I don't want to reduce the security of everything else just to accommodate the banking app. The irony of having to reduce security in order to make a "secure" banking app work properly is a bit much.

DeletedUser370

hodj67 Yes, but I don't want to reduce the security of everything else just to accommodate the banking app. The irony of having to reduce security in order to make a "secure" banking app work properly is a bit much.

Turning off 'secure app spawning' reverts to using AOSP's app spawning model. Stock PixelOS does not include GrapheneOS' hardened app spawning. No, it's not recommended to turn it off, but it's objectively more secure to use GrapheneOS with secure app spawning disabled than to use stock OS. If this app works on GrapheneOS with secure app spawning disabled then there really is no reason to return to stock OS. (Unless there is some other feature you also require of course).

hodj67

OK. So having tried different approaches and this is where I have settled:

Reinstalled GOS (and realised how much I prefer it to stock).
Recreated a "Google" user account that has Play installed (most of my day-to-day stuff runs on a non-Google account with apps from F-Droid and Nextcloud for calendar, etc).
Installed Santander UK banking app from Play Store (v5.18) in "Google" account.
Turn off secure app spawning in main account before switching to "Google" account and launching Santander app. When finished return to main account and re-enable secure app spawning.

This works fine as my phone is in main most of the time anyway so I always incur the switching friction. (This has the added benefit of reducing phone use because all the time-waster apps are from Play Store.) Only downside is that I forget to re-enable secure app spawning but that doesn't impact functionality and my threat model is such that I am not running any huge risk if I forget.

gentlefrog5168

hodj67 How can this work for someone who doesn't have Secure App Spawning on their phone? I've searched all over the internet for how to disable it on my phone (build 2025050700), but I can't seem to find it anywhere. Not in Settings > Security, not in any place the pages tell me. Is this a feature from older versions?

« Previous Page Next Page »