Dexcom G7 connection error

jjfleming26

I am a type 1 diabetic and recently switched to GrapheneOS with a Pixel 6 Pro. I use the Dexcom app to connect with my continuous glucose monitor. The Dexcom G6 app works flawlessly with sandboxed Google services. I recently upgraded to the new Dexcom G7 sensors but am getting a connection error trying to login to the app.

I read a reddit post about someone having the same error and they were able to get around the issue by turning off private DNS: https://www.reddit.com/r/dexcom/comments/14hzpwi/connection_error_dexcom_g7_login_new_phone/

I tried turning off private DNS, using google server Internet connectivity checks, and using google server attestation key provisioning. I still cannot get the error to go away to even log into app for the first time.

This really sucks because I don't want to have to carry around two phones just to be able to continue to monitor myself. Any help would be appreciated.

de0u

jjfleming26 I tried turning off private DNS, using google server Internet connectivity checks, and using google server attestation key provisioning. I still cannot get the error to go away to even log into app for the first time.

Which network(s) have you tried? Can you try the app in a fresh user profile on a public network (e.g., in the U.S., McDonald's, or a public library)?

treychaffin

jjfleming26 Any updates on getting the G7 app to work? I'm in the same situation as you, just with a Pixel 7 Pro. I was hoping updates to the app and os would fix it, but it's been months now.

Btw, I worked with dexcom tech support to try and get it to work, but had no luck. They did send me a G7 receiver for free though, which is much smaller and easier to carry around than a second phone.

disqus_a4OlbSVOoE

As a type 1 diabetic for over 50 years, and a current user of the Dexcom G7 system, this is an important issue. I'm currently using the byod dexcom app since my LG V60 isn't supported, but Dexcom has done things to put an end to 3rd party developers modifying their app going forward. I've read that the G7 app requires Google Play but for some reason doesn't work in the sandbox with Graphene. I want to get a Pixel 9 Pro later this year and install Graphene as soon as it's available for the 9 Pro, but the Dexcom G7 app is a real issue for millions of us type 1's. Any developer attention on this would truly be a blessing. Thanks.

de0u

disqus_a4OlbSVOoE I've read that the G7 app requires Google Play but for some reason doesn't work in the sandbox with Graphene.

It appears that your post is the first one on the forum containing the string "Dexcom", so presumably descriptions of what doesn't work on GrapheneOS are elsewhere. Is it possible to provide links to some reports?

disqus_a4OlbSVOoE Any developer attention on this would truly be a blessing.

In the limit, just as is true of banking apps, if an app developer is determined to control which devices their apps run on they probably can. Has the issue been raised with Dexcom?

disqus_a4OlbSVOoE

de0u and then there's this, which may be an issue but no mention of the error message one usually gets with an unapproved phone or OS.
https://www.reddit.com/r/dexcom/comments/1b5ytiv/graphene_os_and_the_dexcom_app/

disqus_a4OlbSVOoE

At the top of this thread is the original post I located as well as a Redit link. https://discuss.grapheneos.org/d/6751-dexcom-g7-connection-error

From what I gather, Dexcom is device restrictive, but the Pixels are on the approved list. It's a notification intensive app so I'd assume they're using Google services for notifications and they'll want system access for specific device model, etc. and it needs Bluetooth access to communicate with the sensor and Internet access to upload data. So, one would think it would work in the sandbox. One thing worth mentioning as a type 1 on Dexcom, it's currently my only means of getting blood sugar data, which is common. What this means is I'd have maybe a couple of hours total to get it working on Graphene before I'd be forced to restore the stock ROM.

de0u

disqus_a4OlbSVOoE Sorry! I read too fast and thought because there was just this thread that you were the original poster.

As is the case with banking apps, the issue may be not only whether the hardware is supported but also whether the hardware is running an approved OS. For many years Google's checks were easy to spoof, but that time is coming to an end. If Dexcom is doing what some banking apps do, which is using hardware-supported attestation of the OS and the app, then it likely won't be possible to evade that. The author of the BYOD app might know whether or not hardware attestation is the issue.

It seems that one UK bank, Starling, has decided to code support for GrapheneOS into their app. In a technical sense Dexcom probably could do the same. But it's possible there might be regulatory pressure for them to not.

Reading around a little online, it seems Dexcom has a standalone display "receiver" device which seems like it's thinner and lighter than a phone and has longer battery life. That's probably not a great solution, but it might be more workable than carrying around two phones.

disqus_a4OlbSVOoE

de0u When I switch phones in probably October I'll see if I can get the standalone receiver. That'll give me some time to mess with the G7 app on Graphene. I guess that's all we can do for now unless another type 1 sees this post and get get involved. Thanks.👍

LazyT

I got it working on a Xiaomi with faking to Pixel 6, but never on my 6a with GOS. :(

KernelSU doesn't work anymore, so no chance to test or does anyone have tips on booting a rooted boot.img?

I know, root is bad but...

PjMuffin

Has anyone got the G7 app working? I really don't want to have to buy a stand alone monitor 😮‍💨
I am getting a "Connection Error" when opening the app.
No VPN or DNS filters on.

disqus_a4OlbSVOoE

PjMuffin Me too.

Carlos-Anso

disqus_a4OlbSVOoE

Can see the app has a lot of one star reviews on Play Store people are having all kinds of issues

PjMuffin I am getting a "Connection Error" when opening the app.

Not hugely surprising but theres no sign of any kind of connectivity issues in the logs disqus sent us. They didnt say but thought they may be seeing the same error message. From the logs can see the app is blocking you from running with it and we havent been able to work out why.

We are a relatively small team, always have lots to do, and haven't got the capacity to spend time trying to work out exactly whats happening or implement work around for each individual app purposely blocking users and/or being buggy.

This app apparently implement a whitelist of devices. It may be GrapheneOS is somehow falling foul of however they determine that.

Could be various other things they are looking for. May be a combination of a few factors will push it over a threshold.

In the reddit post linked above theres mention of Private DNS, proxy and VPNs being a cause of blocking. Apps can detect a VPN running in a different profile - user, work or Private space

Noticed a negative Play Store review mentioned having to keep enabling location to keep it working. May be worth you trawling through more reviews looking for reports of people hitting the same issue that you are and figuring out a workaround.

Other things that have been reported to us as blocking other, mainly banking, apps
Dev options enabled
Having a private space
App installed in secondary user
Not having Play Services installed
App not installed from Play Store
Using a less common keyboard app for example something other than Google Keyboard, Samsung Keyboard or swiftboard

Heres some relevant things that one anti-fraud / device trust library looks for as risk factors. Should suggest some other things that may be worth trying if they feel relevant.

no_sim
abnormal_time
screen_sharing
short_uptime
risk_rom - any or risky alternative OS?
gps_fake
sys_multiple_running -more than one profile running?
vpn_detected
adb_link
proxy_detected

Finally it could be they are now using Play Integrity to do the device check. Feels like in this case its more likely something else, but it could be.

Do let us know if you get it working

disqus_a4OlbSVOoE

Well, I can confirm the Dexcom G7 app isn't working on my new install of Grapheme OS on my Pixel 9 Pro XL, but was with the stock Android 15 install.

Wadder

disqus_a4OlbSVOoE apologise I don't mean to intruder on the this thread, however, have you turned on Exploit protection compatibility mode (can be found via settings>apps>app name>exploit protection).

It may also be with changing your network settings to google servers (via networks setting scroll to the bottom three options and select google on each).

Again I apologise if I've overstepped any boundaries

disqus_a4OlbSVOoE

How can I Post or share the app log for dexcom g7 ?

Carlos-Anso

disqus_a4OlbSVOoE
Can you send logs to me on matrix or via email @carlosanso:grapheneos.org

disqus_a4OlbSVOoE

Carlos-Anso Done. Let me know if you don't see it for any reason. Subject is: Fw: Dexcom G7 Case #250107-013582

disqus_a4OlbSVOoE

Carlos-Anso It's basically lots of this sort of stuff.
--------- beginning of events
01-08 02:32:05.214 21859 21859 I auditd : avc=type=1400 audit(0.0:9878): avc: denied { read } for comm="app_process64" name="u:object_r:userdebug_or_eng_prop:s0" dev="tmpfs" ino=385 scontext=u:r:untrusted_app:s0:c168,c256,c512,c768 tcontext=u:object_r:userdebug_or_eng_prop:s0 tclass=file permissive=0 app=com.dexcom.g7
01-08 02:32:05.226 21859 21859 I auditd : avc=type=1400 audit(0.0:9879): avc: denied { read } for comm="app_process64" name="u:object_r:userdebug_or_eng_prop:s0" dev="tmpfs" ino=385 scontext=u:r:untrusted_app:s0:c168,c256,c512,c768 tcontext=u:object_r:userdebug_or_eng_prop:s0 tclass=file permissive=0 app=com.dexcom.g7
01-08 02:32:05.226 21859 21859 I auditd : avc=type=1400 audit(0.0:9880): avc: denied { read } for comm="app_process64" name="u:object_r:userdebug_or_eng_prop:s0" dev="tmpfs" ino=385 scontext=u:r:untrusted_app:s0:c168,c256,c512,c768 tcontext=u:object_r:userdebug_or_eng_prop:s0 tclass=file permissive=0 app=com.dexcom.g7
01-08 02:32:05.226 21859 21859 I auditd : avc=type=1400 audit(0.0:9881): avc: denied { read } for comm="app_process64" name="u:object_r:userdebug_or_eng_prop:s0" dev="tmpfs" ino=385 scontext=u:r:untrusted_app:s0:c168,c256,c512,c768 tcontext=u:object_r:userdebug_or_eng_prop:s0 tclass=file permissive=0 app=com.dexcom.g7
01-08 02:32:05.226 21859 21859 I auditd : avc=type=1400 audit(0.0:9882): avc: denied { read } for comm="com.dexcom.g7" name="u:object_r:userdebug_or_eng_prop:s0" dev="tmpfs" ino=385 scontext=u:r:untrusted_app:s0:c168,c256,c512,c768 tcontext=u:object_r:userdebug_or_eng_prop:s0 tclass=file permissive=0 app=com.dexcom.g7

disqus_a4OlbSVOoE

Wadder No worries, but I tried all that. It looks like it's calling some processes that it doesn't have access to due to app sandboxing. Just my guess though.