Hi,

I'm not entirely sure if this was caused by the most recent update to GrapheneOS, or an app update itself, but when I installed GrapheneOS version 2023022300, two banking apps stopped working. I was able to fix one of them by uninstalling and reinstalling the app (clearing cache and user data) didn't help. The second app (SoFi) does not allow me to log in. Every time I load the app, it redirects me to the Google Play store. This wasn't a problem before and worked just fine. I think it wants me to log in, but I would prefer to not have a google account on my Pixel phone running GrapheneOS. Is there a way around this so the app doesn't redirect me to the Google Play store?

  • [deleted]

Once again, I would like to point at the security hardening of Vanadium and its ability to easily obtain nearly the same functionality by online banking via website/web app. On VPN, with location and wifi scanning off, it gives away a lot less info about you. Especially presuming you don't use Google Play (sandboxed or not).

The second app (SoFi) does not allow me to log in. Every time I load the app, it redirects me to the Google Play store.

I think some apps can choose to mandate this and there's not much to do about that. It will probably work when you login.

I too started seeing this issue recently, its not something related to Graphene os.
Apps started doing a check on the source of installation, if it finds the installation source is something other than play store it redirects to google play store or if the play store is not installed the apps just crashes.
try installing the apk through ADB using the command, this will make the app installation source as google play store.
adb shell pm install -i "com.android.vending" -r (path to apk)

first you need to push the apk to tmp folder using .
adb push app.apk /data/local/tmp/app.apk

then run
adb shell pm install -i "com.android.vending" -r /data/local/tmp/app.apk

hope this works for you.


    I had similar issues with my banking app.

    Try this: enable Native Code Debugging under Settings > Security.

    As per guidelines provided by the graphene OS web installer [https://grapheneos.org/usage#banking-apps]

    "GrapheneOS allows users to disable native code debugging via a toggle in Settings ➔ Security to improve the app sandbox and this can interfere with apps debugging their own code to add a barrier to analyzing the app. You should try enabling this again if you've disabled it and are encountering compatibility issues with these kinds of apps."

    It worked for me. Hope this helps.

      Try enabling Exploit Protection Compatibility Mode for your banking app in Settings -> Apps -> SoFi -> Advanced.
      That fixed one of my banking apps which kept asking me to log in over and over and wouldn't actually let me in.

      tastazardo I may be missing that setting. When I go to Settings > Security, I only see "Screen lock", "Fingerprint Unlock", "Pin Scrambling", and "More security settings". I don't see "Native Code Debugging". Is there something I have to do to enable this setting?

        matchboxbananasynergy Thanks! I was able to find it.

        I already had it enabled and disabling didn't help. Just caused the app to stall. I reenabled that setting for now. I've been using vanadium to log in for now, which gets the job done for the most part.

        I'll probably try the adb option recommended above later on to see if that works for me.

        tastazardo Thank you, this fixed banking apps for me. I had disabled this option, because I thought that not making logs saves battery.

        24 days later

        W1zardK1ng
        On a P7 I'm struggling to install my banking app. When I enter "adb shell pm install........."line I get the reply,

        Failure [INSTALL_FAILED_NO_MATCHING_ABIS: INSTALL_FAILED_NO_MATCHING_ABIS: Failed to extract native libraries, res=-113]

        On my P5 on the latest Graphene OS it works.

        @bluegrass This is not an issue with GrapheneOS, your banking app does not have a 64 bit release, the Pixel 7 only supports 64 bit apps. Your bank needs to update their app. It also is a good indicator of negligence on their part.

          flawedworld
          Since an update this app refuses to work on 2 other devices, one on Pie and the other on 12.1( both Google free).

          On another post in this forum someone mentioned that some apps can now check install source and it's an issue in Aurora store.

          Have already installed the Sandboxed Google Play to use eSim. I've tried to sign in to install this app but keep getting
          "There was a problem communicating with Google servers"

          I've allowed this permission in the app settings.

          4 months later

          Enabling Exploit Capability Mode described above worked for me.

          My banking app tells me that GSF has not enough permission for SMS Auth or to determine my number, but i already grantet Phone, Call Log and SMS.
          What can i do?

            vvf69107 The app might depend on giving Google Play Services the phone and SMS permissions. I am not aware of any apps which require giving Google Services Framework any permissions other than network. Please ensure that it is Google Play Services you are granting those permissions for, and not Google Services Framework.

              treequell i meant Google Play Services. It already has those permissions, but the banking app still says it's revoked.

                • [deleted]

                vvf69107 Try clearing the data of that banking app

                a year later

                Reviving this one in case others want to test.

                The banking compatibility guide says SoFi doesnt work (https://github.com/PrivSec-dev/banking-apps-compat-report/issues/413), but I was able to install and sign in just fine. I saw some users contacted them about the attestation guide, so maybe GOS got added?

                Pixel 7, play services installed, native code debugging allowed. App version 3.17.3, updated 11/11/24.

                @Exhort14 Thanks, I've cited your positive feedback. If you own a GitHub account please post directly in the respective issue next time, that makes it easier for everyone to keep track. If you don't have one that's fine too, in that case ping/message me or akc3n so we don't miss it.