Considering leaving GOS

grain0615

I've been thinking about this for a long time, but recently another one of my bank apps have become incompatible (through no fault of GOS'). I really liked GOS but I don't think I really have a choice now, so now I have to consider a new phone (or revert this to Pixel UI)

At the very least, I'd hoped that Pixel UI, having Titan M would still have certain benefits like Private Space encryption (with a separate key) and secure wiping of profiles (through weaver key deletion). I'm not sure how much of that was added by the GOS team, though. I was able to find a detailed description of these features in the GOS FAQ but not Google

The latest articles I could find, but they don't mention Private Space or Profile wiping

The second one seemed useful at first, but "Cryptographic identity using Titan" seems to mention nothing about weaver keys. The 'identity' seemed to be about something other than profiles and even if it was about profiles, they didn't really mention the impact of deleting the keys

This is the wording from GOS' FAQ page

Weaver also provides reliable wiping of data since the secure element can reliably wipe a Weaver slot. Deleting a profile will wipe the corresponding Weaver slot and a factory reset of the device wipes all of the Weaver slots. The secure element also provides insider attack resistance preventing firmware updates before authenticating with the owner profile.

I'm not sure if this Weaver stuff is built-in or added by GOS' team. but I managed to find a couple more links about TokenWeaver, which is used for TEEs. It seems very relevant but I have no background in cybersecurity (or even IT), so I couldn't understand the jargon

https://eprint.iacr.org/2022/1691.pdf
https://www.computer.org/csdl/proceedings-article/sp/2025/223600e173/22K50p9xTKo (It's locked behind an account)

Does anyone have any idea if these 2 features (Private Space encryption and secure profile wiping) still exist on stock Pixel OS? I don't think I can stay much longer because there are other government and bank apps that I'm locked out of, it could have serious consequences in the future

fid03

grain0615 Stock OS has private space available in the owner profile only. If you want to put a profile at rest (BFU) you will have to reboot the phone. You can wipe all secondary profiles including private space. Yes, the stock OS makes use of the Pixel's secure element.

DeletedUser733

grain0615 I've been thinking about this for a long time, but recently another one of my bank apps have become incompatible (through no fault of GOS'). I really liked GOS but I don't think I really have a choice now, so now I have to consider a new phone (or revert this to Pixel UI)

May I come at your conundrum from the opposite view. We are poles apart. I have never banked on my phone, I have never felt the need. I feel banking has no business being on a small device that can be grabbed when unlocked etc.
I use an online only bank and don't use their app, they provide me with a pin pad to produce OTTP when needed.
I online bank in the secure environment of my home on a Laptop using the Tor network.
I am always in possession of my bank cards, within a TOCA Faraday cage type pouch, when out and about.
GrapheneOS is without question the best phone operating system bar none.
I cant tell you how to bank that's up to you, I just think its worth trying banking, without an app.

grain0615

fid03 Thanks, I found out about the private space's limitation just now too here but it doesn't say anything about encryption.

I know that GOS makes lots of improvements so I'm not sure if factory resets work the same on stock OS. Is the Weaver system built into Titan M or is it a GOS addition?

Nothing relevant shows up when I search (I used DDG at first but couldn't find anything so switched to Google),

https://www.google.com/search?q=pixel+titan+m+factory+reset
https://support.google.com/android/answer/15341885?hl=en#zippy=%2Clock-your-private-space

They don't mention weaver slots or whether private space is encrypted with a different key. I swear I saw it before but now it's not there. (There was an AI answer but they tend to hallucinate so I don't trust them)

TrustExecutor

I don't know your circumstances but you can maybe change bank. Why should you be loyal to them when they make bad business decisions that affect YOU? Isn't there a workaround? Using PWA maybe?

grain0615

TrustExecutor

SINGPASS FIX FOUND 2026 April 23 (still considering leaving)
https://github.com/GrapheneOS/grapheneos.org/issues/1224#issuecomment-3204499300
https://discuss.grapheneos.org/d/15175-singpass-having-issues/20

TLDR; block access to Play Integrity API under app settings (Block usage attempts). This will make the app work

Many services in my country (hospital, banks, insurance etc.) require a government authentication app to access or log in. It's not a code, it requires the app itself and using a website will not work. Therefore, if the authenticator (SINGPASS) does not work, these essential apps will be blocked

Anyway, I'm really happy to have found this fix, but if they change it one day several apps might break. Losing access to even one of them could be really bad. So I still need to do some research about iOS and the Weaver stuff on stock Android

Also, I'm really grateful to GOS for implementing the ability to block Play Integrity API (was it in Jan 2025?) that was the key to this fix

Orichalcum

grain0615 why should a citizen even own a mobile phone to have business with the state? Sounds Orwellian to me

hydraraptor81

grain0615

I use Singpass as well, so far every (important) Singapore app works well for me, the only huge problem (not specific to Singapore) is if your company forces you to use Company Portal and they enforce play integrity API in their policies as well. This has resulted in someone that I know of having to purchase a $100 cheap Samsung just to comply with "company policies"

It is true that many apps are dependent upon Singpass app login, and the most major disruption to Singpass' functionality was back in July 2025 when GrapheneOS finally received the QPR1 update.
On 8th July 2025, Singpass stopped working on the 2025070800 release.
On 15th July 2025, Singpass started working again on GrapheneOS devices which had a previous login stored.
By 20th Aug 2025, Singpass setup on GrapheneOS was working again with the fix you pointed out.

Other than that Singpass has been working very well from 2022 till now.
I have contacted them myself during that period and I am not sure if its because of my feedback or numerous other users' complaint that resulted in the fix on 20th Aug 2025, but nonetheless nothing official was stated by them on supporting GrapheneOS through the hardware attestation API and as of today, they are still using play integrity API but unofficially "allowing" GrapheneOS to work by using the toggle provided by GrapheneOS.

My personal opinion is that govtech isn't deliberately trying to prevent GrapheneOS users from accessing Singpass, but for whatever reasons they are refusing to let go of Play Integrity API and other things like Native Code Debugging (ptrace). If they were truly trying to block GrapheneOS they could have technically implemented Play Integrity API properly in response to all the complaints by GrapheneOS users in Singapore long ago and block all non certified OSes but they have not done so yet.

I suggest that you write to govtech / Singpass' helpdesk asking them to consider following the guide here https://grapheneos.org/articles/attestation-compatibility-guide. If you're not satisfied with their reply, just go to your MP and relay your concerns, but its unlikely to change the official reply, but at least you registered your concerns with your MP directly. Here is a template that you can use as well, adapt it accordingly to your concerns.
https://github.com/PrivSec-dev/banking-apps-compat-report/issues/342

In anyways in the worst case scenario, if Singpass indeed stops working on GrapheneOS for a prolonged period of time, we still have access to SMS OTP + password login, but the digital ID and digital signing of documents such as for LPA / other types of applications will not be possible. In that case, the simple fix is to get a cheap pixel or samsung device and carry out what you need to do anyways, albeit that is very unfair to us, and no doubt less secure than just using GrapheneOS in the first place.

MineralWater

You could also buy a cheap Android phone and run the official apps you need on that cheap phone, without using it for anything else, and without contacts and email etc.

And for anything else you continue to use your Graphene phone.

I don't know how often you have to use these apps daily, and if it makes sense for you to have a second phone only for the mandatory official apps your government forces on you.

But with an isolated phone for the official stuff that carries zero personal data, it's no loss if it gets stolen and you can wipe it from distance.

DirtyDan

DeletedUser733 Same boat here. Banking for me has always been a browser activity, preferably on a desktop, preferably on my home WiFi. Could this be a generational thing? I understand that apps on phones are technically more secure, but phones are also significantly more prone to being lost or stolen. It's crazy to me that people want to walk around with their most sensitive accounts so accessible like that.

Outside of being able to mobile deposit checks, I also don't really understand why people need these apps on their phones in the first place. I haven't touched a check in years. And it's simple enough to open a brick and mortar checking account at a bank or local credit union to deposit them in person.

I get email alerts sent to a dedicated encrypted email, which also removes the need for push notification alerts.

I don't get it.

raccoondad

DirtyDan I also don't really understand why people need these apps on their phones in the first place.

Realistically, quick transactions, cardless payment (cashapp for example allows you to scan a QR code for cashless transactions in some stores), quick transfers between accounts.

Most bank applications are protected by biometrics/pin/password, and even then the device needs to be unlocked, and even then you can remotely log out of an account and dispute transactions w/ FDIC insurance, especially for credit accounts.

Also, some people don't have access to a desktop environment and need quick access

Murcielago

DirtyDan

Outside of being able to mobile deposit checks, I also don't really understand why people need these apps on their phones in the first place. I haven't touched a check in years. And it's simple enough to open a brick and mortar checking account at a bank or local credit union to deposit them in person.

In some regions, it’s hard to avoid using banking apps. For example, the EU’s PSD2 requires at least two independent authentication methods for online payments and online access to your banking account.

Even though this “strong customer authentication” could be implemented in a technology-neutral way (e.g. TOTP, hardware tokens, SMS), many European banks nowadays tend to handle it through their own proprietary apps.

If you want to do online banking on a computer, you still may need an app as a second factor for login.

fid03

Guys, the OP already explained that they can't do without the apps that are mandated to be run on a phone. PWAs and PCs apparently won't work. https://discuss.grapheneos.org/d/34546-considering-leaving-gos/5

grain0615

My threat model is fairly relaxed, what I want is security to prevent stuff like medical documents or IDs being stolen, which is why I specifically asked about encryption. I'm also wary of using Pixel UI because the play store has admin perms and the government can forcibly install stuff. My government also misused COVID data and handed it to the police despite saying it wouldn't.

Anyway, my medical stuff would be stored in the shared storage for easy access (not within the app sandboxes). That's why I'd prefer to place it within an encrypted sandbox like Private Space or a separate profile. It would stay in BFU unmounted. Unless of course, there's an app like Veracrypt on Android which lets me mount an encrypted folder when I want to

schweizer

@grain0615 What I do not understand is that your important app is currently working on GOS with the right settings. So why this thread now? And in most countries there is more than one bank so i it is unlikely all of them do not work on GOS.

grain0615

schweizer It was solved after the thread was created, there is a timestamp beside every username that says "* hours ago". As you can see, there is a difference of 2 hours between the original post and the comment showing the fix. Unless you have been reading the thread backwards, there should not be any confusion. Also, as it says in this comment https://discuss.grapheneos.org/d/34546-considering-leaving-gos/5, the problem is not with the bank but the government authenticator that is required for access to various services

DirtyDan

Murcielago that's so insane. But it's starting to make sense why many financial institutions have refused to implement TOTP, FIDO2, etc even after 10 years of customers begging them for a a more secure alternative and to SMS. Meanwhile, at the same time, they strongly try to get people to download their mobile app.

So, what happens when someone doesn't have a phone?

Xtreix

DirtyDan They can use a digipass, which is a physical device for 2FA, but not all banks offer it, and since many banks do not comply with regulations by failing to provide an alternative to the banking app and SMS, for a large number of users in the EU, the banking app is often the only option.

SMS-only authentication might be possible depending on the bank, but this method is not secure and regulations aim to phase it out.

DeletedUser733

Orichalcum
Control...

bennyblanco

My bank issued me a code keypad and didn't require the app, until I installed the app to 'try it' that is. Once installed it made the keypad redundant and forced codes through the app instead, even when logging in on desktop. I left that bank. Beware!

This issue with the banking apps is one that's always lurking in my mind tbh.

grain0615

hydraraptor81 I doubt the MPs will do anything, they'll either not know about GOS or ignore as it's an issue that's too small to affect their popularity rating. Besides, wasn't the toggle to block Play Integrity API introduced around 2025? I think that fix was only possible due to the GOS' team, not some blessing from the Singpass developers. If too much attention is brought to it, things might backfire. Singapore is one of the first countries to participate in the move to require app developers to provide their government ID, and while doing so, restrict the sideloading of apps. https://keepandroidopen.org/. There is a way to bypass that through Developer Options, but that increases attack vectors

Best not to expect benevolence from the nanny state as a privacy-conscious person