Hello,
First off, I'm really grateful for the GrapheneOS developers and the community for the amazing work that they do. Love everything about the OS so far and the installation was smooth.
I am using a Pixel 9a and the latest build of stable release of the system software, app stores and apps as of this date(22 Apr 2025).
I typically resort to just one UPI payment app where you can usually link all your bank accounts. In my case, I use PhonePe and based on PrivSec-dev's compat report, it supposedly works just fine without Play Services.
Refer: https://github.com/PrivSec-dev/banking-apps-compat-report/issues/295
So, I decided to install it in my tertiary profile (through Aurora Store) allowing Phone/SMS access to that profile.
I have to login using my phone number on PhonePe and I did so without an issue as the SMS OTP was successfully read by the app. I didn't even have to manually enter it.
// I've to note here that the SMS notification on the secondary/tertiary profiles do not seem to show the contents of the message in the notification drawer. You'd have to open the SMS app in that profile to read it. This might be another thing to solve if it deems to be necessary in other cases where an app wouldn't let you continue entering the OTP if the active window is changed or something like that, but I just thought I'd point this out. //
Now, when I try to register for UPI access and activate my existing bank accounts on the app(and I'd have to do this separately for each bank as usual), the app sends an SMS and waits for an OTP to confirm registration. I get this OTP, but the app wouldn't read it automatically just like it did with the login SMS.
I then got blocked for 24 hours for security reasons because I tried registering 3 or more times.
Now, there's no shortage of UPI apps and even individual banking apps have their own UPI baked into it albeit restricting it only to their bank account.
So, I started off with the YONO SBI app, which is present in the list of compatible banking apps as seen here: https://privsec.dev/posts/android/banking-applications-compatibility-with-grapheneos/#india.
Again, here too, I can login to my bank account, seemingly access all parts of it, but when I try to register for UPI, it fails to auto-read the SMS OTP even though I receive it.
I switched to my owner profile and noticed something fishy. I saw these bunch of so-called 'Class 0' or 'flash messages' from my network provider notifying me of my SMS & cash balance for each time an SMS was sent from my phone. I suspected that it could be these flash/Class-0 messages that might be preventing the apps from auto-reading the SMS.
In the process of getting to stop them, I learnt that there seem to be two possibilities to stop these flash messages. Either by stopping it on the SIM toolkit app the network provider forcefully installs in your phone when you insert a SIM or by sending an SMS to a particular number asking the service to be stopped. I tried the latter but that didn't seem to be particularly successful.
I noticed that these flash messages stop for a while, but appear sooner again and I'd have to go to the SIM toolkit app to disable them again. Since I disable the SIM when they're not in use and re-enable them when needed, I suspect that this flash message service gets enabled at this point and I'd have to stop this service every time I re-enable the SIM/network.
I've not confirmed this yet. Someone can shed light on this.
I then tried HDFC banking app as it has an in-built UPI access too(again, limited only to this bank). Lo and behold, UPI services got registered somehow. I can't tell if it's because there was no flash message at this point or it worked despite that.
I tested by sending a few bucks to a friend and it works.
But the issue with the other apps still remain. I then thought I'd try this in the owner profile despite the fact that I'm compromising my privacy a little bit and chose YONO SBI first because it is one of the apps(of what I need) that seem to have the least trackers based on Exodus Privacy report, compared to others. PhonePe seems to have like 10 trackers as opposed to YONO SBI which just had 1.
Having the app in the owner profile would also immediately let me know if I'm receiving the class 0/flash message.
In the meantime, some of the interweb forums suggested that using just 3G/2G services could help while also disabling VoLTE. So, I did that and I still got something like a flash message in the middle of the screen, but it didn't claim itself to be a class-0 message.
So, I went to the SIM toolkit app, disabled the flash message service and tried registering UPI on Yono SBI. I've noticed that even when I didn't get the flash messages on both exclusive 3G/2G and exclusively 5G, YONO SBI still wouldn't auto-read the SMS OTP for UPI registration.
I've also tried using Fossify SMS app replacing the stock one and it doesn't work even then. I will soon try to create a profile with sandboxed play and test if it works, but so far, I tried to avoid them because the app compatibility report claims that they work just fine without Play services.
All of these have been done over the past 3 days because I'm rate limited by these banks/National Payments Corporation.
Anyone who has gotten these apps to work for UPI services, please help. Thanks in advance.