It appears that any 6.22.x version of Navy Federal Credit Union has this problem on GrapheneOS. This issue does not exist on my Samsung Galaxy S21+ 5G.
A workaround, for me, was to use Apitode (use at your own risk) to download an older version of the app (6.21.1) which did not have the problem.
It's a workaround but definitely not a resolution.
6.22.0+ versions will NEVER work with Graphene OS.
The reason is they implemented the new Google Integrity API; They are explicitly checking for signed OS images only, similar to how Google Pay will never work on Graphene OS (without root and a bypass).
The day they drop 6.21.1 support is the day I switch credit unions.
Navy Federal's app has 21 trackers in it anyway, some other competitors are more privacy respecting and have only sentry/google analytics instead of additional crap.
Not recommending the cu (I have not used them), but as an example if you compare Alliant CU's app vs Navy Federals... it's clear which one is more privacy conscious.
heaviusr It is possible decompile Navy Federal Bank app's APK and spoof Play Integrity checks, but no one seems to be interested in that.
[deleted] If they drop support for old app versions, maybe I'll see what I can do 😅
learning reverse engineering seems fun.
Camera6138 Btw I heard they use Rootbear and not the Play Integrity API, so It will be a lot easier to spoof the checks via reverse engineering.
As I'm sure you can all probably understand, this is a long shot, but if they're mandating stock OS for the app, there's not really much that GrapheneOS can do, and what little it can do will eventually stop working permanently without any bypasses the moment things move to hardware attestation.
That said, the app can support GrapheneOS while using these APIs, by following these steps:
https://grapheneos.org/articles/attestation-compatibility-guide
Like I said, this is a long shot, but that would be the next step here.
Even if someone did reverse engineer the APK and bypass the checks, I hope no one would be foolish enough to download that APK. This is a banking app. You're better off not trusting a random apk.
If the code was open source as a VERY simple script (key being very simple) I could see it, but I think the complexity of the edit would allow for malicious injection getting past most users.
heaviusr I am not saying you should install random APKs. You can make patches/modify the APK itself on your own.
I just put in another trouble ticket with NFCU to have graphene added to the approved OS list. Maybe it'll happen. Or at least I'll get a definitive answer on why they won't.
I'm running into this as well, pixel 8a. Has there been any movement on this on the part of NFCU?
Nope. And, the last time they updated the app was back in August of last year (9 months ago).
Navy Federal overhauled/rewrote the app.
Can anyone on GOS check if they removed the Integrity check?
v7.0.12 released August 28, 2024
I'm staying on v6.21.1 until they boot me off it, or v7 is confirmed to work. I previously manually patched the manifest to fix mobile deposit feature and don't quite remember what I did at this point.
I'll also confirm the NFCU app now works on my PIxel 6 with GOS. Yay! It only took Navy Federal just about 2 years.
I took the risk and updated after hearing the above.
I can confirm it works as the last working v6 version did.
I even was able to confirm Mobile Deposit feature works. Pixel 6 on GOS.
The new app prompts you for location permission on startup. Decline it, its unnecessary and doesn't restrict Mobile Deposit.
I'd like to add that the 2FA code failed for me until I disconnected from my home wifi. I suspect it was either the VPN or DNS filtering.
Extra bonus that exploit protection compatibility mode doesn't need to be turned on for things to work as far as I can tell. Haven't tried Zelle yet.
i can confirm, the nfcu app works! thanks for the tip!
can anyone confirm zelle function works within the nf app on android 15? Stuck loading for me.
