Rabobank app no longer available

Nibble0289

Recently decided to try out GrapheneOS. Did some research to check if everything I need on my phone works on Graphene or has alternatives available, all seemed good so went ahead and bought a Pixel 9 Pro and put GrapheneOS on it.
I have been tinkering with profiles and installing open-source apps through Obtanium. Now when it came time to install apps like banking apps and government apps it seems the Rabobank app can no longer be installed. In this GitHub issue it said that it was available, but just a few hours ago it was updated with a comment stating this exact problem.
What is the chance that this will be fixed, will it even be fixed, how long will that take? Not having that app is a major headache and will probably mean that I'll have to go back to the stock OS.

other8026

Nibble0289 Complain to the bank about them disabling listing their app for certain devices. This is not something GrapheneOS can do anything about.

Tell them to change this to either no integrity checks or I believe basic integrity checks should work too https://support.google.com/googleplay/android-developer/answer/13857328#visibility&zippy=%2Cstore-listing-visibility (under "Store listing visibility").

Using Aurora isn't advised, but it's not possible to install the app from Google Play now. Aurora is better than other options in this case.

Nibble0289

other8026 hey thank you for the reply. I've heard that Aurora store isn't adviced before, but why is that. Should I use it for this instance or no?

other8026

First of all, to other people here on the forum, please don't turn this into another thread where people discuss Aurora.

Nibble0289 I've heard that Aurora store isn't adviced before, but why is that.

Here's a quote from the project account on why that is:

Whether people have a high threat model or not, we recommend using the sandboxed Play Store rather than Aurora Store for installing apps from the Play Store. Play Store itself is much more secure and avoids the compatibility issues of Aurora Store. Aurora Store doesn't provide Play Asset Delivery or Play Feature Delivery along with installing the wrong variants of apps by default.

https://discuss.grapheneos.org/d/12286-how-many-times-did-you-want-to-quit-grapheneos/4

The post is from over a year ago, so I think the part about installing wrong variants by default is no longer the case, but it was then. Basically, there are both security and app compatibility concerns. There are a lot of discussions about Aurora here on the forum. If you're still curious about it you can find one by searching. The topic is a bit controversial.

Nibble0289 Should I use it for this instance or no?

I'd say that's up to you. Like I said earlier, it's better than other options if installing from Google Play isn't an option. It's unfortunate that Google is doing things this way. There's no real good reason for them to be blocking apps from being listed on GrapheneOS under the guise of "security".

Nibble0289

other8026 I have complained about the issue to the bank. They claim to have sharpened their security policy, which means that GrapheneOS is no longer supported because it is not from Google. Besides looking for a new bank, what would be the best thing to do here?

cupcake-alibi

Nibble0289 You can send them more detailed information about https://grapheneos.org/articles/attestation-compatibility-guide.

It's in their interest as well to support GrapheneOS, since they'll lose customers using GrapheneOS otherwise.

de0u

Nibble0289 You could try telling them that Starling Bank in the UK banned GrapheneOS for a while and then changed their mind. Maybe your bank's people might feel comfortable talking to another bank's people.

phws

GOS21606 The app still works indeed, but it is no longer listed in the Google Play Store and will (presumably?) no longer be updated that way.

Nibble0289 have they commented on this somewhere public? I'd like to reach out to a popular newsblog and see if they can cover this, hoping it might help some...

brookie229

Nibble0289

Use a webapp version for your device if the bank can be accessed properly through your browser. I realize that is not an ideal solution (since the web app may lack several features) but there really is no other way. I hate to be a Donny Downer but very few banks (financial institutions etc) will change their minds regarding allowing GOS onto their app once they have updated the app. I can tell the OP, however, that I successfully downloaded and used one of my banking apps from Aurora when I could not do so from the Google Play Store. That was a few years ago and may not have been related to the integrity check per se.

GOS21606

You did not tried the app yourself?

Rabobank app works fine for years on GOS and it still works even without Google play service.

GOS21606

phws You mean the app is no longer listed in de "Sand boxed Google play store" on GOS?
Have you tried different accounts or maybe your real Google account?

If you have no other choice you can use the webapp or use Aurora (still works)

phws

GOS21606 that's indeed what I mean. This is my main, "real" Google account and it's still allowing me to install on other (stock) Pixel devices, plus it seems I'm not the only one with the issue. As long as they don't make a formal statement somewhere, though, I guess there is hope it's a bug.

Thank you for suggesting alternatives and I will be able to work around it. The biggest annoyance is that this bank (and more and more "official" institutions in the Netherlands) are pushing apps as a secure way to log in, which would become problematic now.

Overall I think it's worth trying to persuade them to change their minds, as unlikely as that may be.

phws

An update: I have also reviewed the app and complained about this, and their response is that they do not currently support this "unofficial" OS but might do so in the future if I send them feedback in private. (The latter somewhat contradicts their response to Nibble0289 .)

I have now also sent in a request to Tweakers.net, asking if they might cover this like they have similarly covered non-standard operating systems on Android phones and possible Google Play Integrity API integration in EU apps. With that, I think I have reached the limits of what I can try, at least for now.

Nibble0289

phws Rabobank has not excplicitly told me that they will not ever support GrapheneOS again in the future. But I feel like that will either not happen or will take a (very) long time as the percentage of their customers who use GrapheneOS is probably to low for them to care about.

I will probably be going back to the stock OS for a bit. Not only because of the Rabobank app, but I also have issues with other apps and battery life being so bad on my new Pixel 9 Pro that it is worse than my 3 year old budget Motorola.

phws

Another update: tweakers.net ended up publishing! https://tweakers.net/nieuws/238036/rabobank-app-werkt-niet-meer-op-alternatieve-android-roms-vanwege-integrity-api.html

Rabobank's response is not fully accurate from a technical perspective, but what I find interesting is that they mention having to "make choices" as they would need to establish the security of "every unofficial Android version separately".

Not very hopeful, unfortunately, but that was to be expected.

Bti

Just in case anyone stumbles on this post as I did:

I bought a new Pixel 9, which was delivered, updated and fitted with Graphene OS a few days ago (1 december).

I was unable to find the Rabobank app in the Google Play Store, as it is officially incompatible. However, I was able to download and install from Aurora without a hitch. I activated using the Rabo scanner and that worked perfectly.

At the time of writing, the app appears fully functional.

I did not attempt activation with an ID card, so I can't say anything about if that works.