I am a type 1 diabetic and recently switched to GrapheneOS with a Pixel 6 Pro. I use the Dexcom app to connect with my continuous glucose monitor. The Dexcom G6 app works flawlessly with sandboxed Google services. I recently upgraded to the new Dexcom G7 sensors but am getting a connection error trying to login to the app.

I read a reddit post about someone having the same error and they were able to get around the issue by turning off private DNS: https://www.reddit.com/r/dexcom/comments/14hzpwi/connection_error_dexcom_g7_login_new_phone/

I tried turning off private DNS, using google server Internet connectivity checks, and using google server attestation key provisioning. I still cannot get the error to go away to even log into app for the first time.

This really sucks because I don't want to have to carry around two phones just to be able to continue to monitor myself. Any help would be appreciated.

    jjfleming26 I tried turning off private DNS, using google server Internet connectivity checks, and using google server attestation key provisioning. I still cannot get the error to go away to even log into app for the first time.

    Which network(s) have you tried? Can you try the app in a fresh user profile on a public network (e.g., in the U.S., McDonald's, or a public library)?

    4 months later

    jjfleming26 Any updates on getting the G7 app to work? I'm in the same situation as you, just with a Pixel 7 Pro. I was hoping updates to the app and os would fix it, but it's been months now.

    Btw, I worked with dexcom tech support to try and get it to work, but had no luck. They did send me a G7 receiver for free though, which is much smaller and easier to carry around than a second phone.

    7 months later

    As a type 1 diabetic for over 50 years, and a current user of the Dexcom G7 system, this is an important issue. I'm currently using the byod dexcom app since my LG V60 isn't supported, but Dexcom has done things to put an end to 3rd party developers modifying their app going forward. I've read that the G7 app requires Google Play but for some reason doesn't work in the sandbox with Graphene. I want to get a Pixel 9 Pro later this year and install Graphene as soon as it's available for the 9 Pro, but the Dexcom G7 app is a real issue for millions of us type 1's. Any developer attention on this would truly be a blessing. Thanks.

    • de0u replied to this.

      disqus_a4OlbSVOoE I've read that the G7 app requires Google Play but for some reason doesn't work in the sandbox with Graphene.

      It appears that your post is the first one on the forum containing the string "Dexcom", so presumably descriptions of what doesn't work on GrapheneOS are elsewhere. Is it possible to provide links to some reports?

      disqus_a4OlbSVOoE Any developer attention on this would truly be a blessing.

      In the limit, just as is true of banking apps, if an app developer is determined to control which devices their apps run on they probably can. Has the issue been raised with Dexcom?

        At the top of this thread is the original post I located as well as a Redit link. https://discuss.grapheneos.org/d/6751-dexcom-g7-connection-error

        From what I gather, Dexcom is device restrictive, but the Pixels are on the approved list. It's a notification intensive app so I'd assume they're using Google services for notifications and they'll want system access for specific device model, etc. and it needs Bluetooth access to communicate with the sensor and Internet access to upload data. So, one would think it would work in the sandbox. One thing worth mentioning as a type 1 on Dexcom, it's currently my only means of getting blood sugar data, which is common. What this means is I'd have maybe a couple of hours total to get it working on Graphene before I'd be forced to restore the stock ROM.

        • de0u replied to this.

          disqus_a4OlbSVOoE Sorry! I read too fast and thought because there was just this thread that you were the original poster.

          As is the case with banking apps, the issue may be not only whether the hardware is supported but also whether the hardware is running an approved OS. For many years Google's checks were easy to spoof, but that time is coming to an end. If Dexcom is doing what some banking apps do, which is using hardware-supported attestation of the OS and the app, then it likely won't be possible to evade that. The author of the BYOD app might know whether or not hardware attestation is the issue.

          It seems that one UK bank, Starling, has decided to code support for GrapheneOS into their app. In a technical sense Dexcom probably could do the same. But it's possible there might be regulatory pressure for them to not.

          Reading around a little online, it seems Dexcom has a standalone display "receiver" device which seems like it's thinner and lighter than a phone and has longer battery life. That's probably not a great solution, but it might be more workable than carrying around two phones.

            20 days later

            de0u When I switch phones in probably October I'll see if I can get the standalone receiver. That'll give me some time to mess with the G7 app on Graphene. I guess that's all we can do for now unless another type 1 sees this post and get get involved. Thanks.👍

            I got it working on a Xiaomi with faking to Pixel 6, but never on my 6a with GOS. :(

            KernelSU doesn't work anymore, so no chance to test or does anyone have tips on booting a rooted boot.img?

            I know, root is bad but...

            4 months later

            Has anyone got the G7 app working? I really don't want to have to buy a stand alone monitor 😮‍💨
            I am getting a "Connection Error" when opening the app.
            No VPN or DNS filters on.

              a month later

              Well, I can confirm the Dexcom G7 app isn't working on my new install of Grapheme OS on my Pixel 9 Pro XL, but was with the stock Android 15 install.

                Carlos-Anso It's basically lots of this sort of stuff.
                --------- beginning of events
                01-08 02:32:05.214 21859 21859 I auditd : avc=type=1400 audit(0.0:9878): avc: denied { read } for comm="app_process64" name="u:object_r:userdebug_or_eng_prop:s0" dev="tmpfs" ino=385 scontext=u:r:untrusted_app:s0:c168,c256,c512,c768 tcontext=u:object_r:userdebug_or_eng_prop:s0 tclass=file permissive=0 app=com.dexcom.g7
                01-08 02:32:05.226 21859 21859 I auditd : avc=type=1400 audit(0.0:9879): avc: denied { read } for comm="app_process64" name="u:object_r:userdebug_or_eng_prop:s0" dev="tmpfs" ino=385 scontext=u:r:untrusted_app:s0:c168,c256,c512,c768 tcontext=u:object_r:userdebug_or_eng_prop:s0 tclass=file permissive=0 app=com.dexcom.g7
                01-08 02:32:05.226 21859 21859 I auditd : avc=type=1400 audit(0.0:9880): avc: denied { read } for comm="app_process64" name="u:object_r:userdebug_or_eng_prop:s0" dev="tmpfs" ino=385 scontext=u:r:untrusted_app:s0:c168,c256,c512,c768 tcontext=u:object_r:userdebug_or_eng_prop:s0 tclass=file permissive=0 app=com.dexcom.g7
                01-08 02:32:05.226 21859 21859 I auditd : avc=type=1400 audit(0.0:9881): avc: denied { read } for comm="app_process64" name="u:object_r:userdebug_or_eng_prop:s0" dev="tmpfs" ino=385 scontext=u:r:untrusted_app:s0:c168,c256,c512,c768 tcontext=u:object_r:userdebug_or_eng_prop:s0 tclass=file permissive=0 app=com.dexcom.g7
                01-08 02:32:05.226 21859 21859 I auditd : avc=type=1400 audit(0.0:9882): avc: denied { read } for comm="com.dexcom.g7" name="u:object_r:userdebug_or_eng_prop:s0" dev="tmpfs" ino=385 scontext=u:r:untrusted_app:s0:c168,c256,c512,c768 tcontext=u:object_r:userdebug_or_eng_prop:s0 tclass=file permissive=0 app=com.dexcom.g7

                disqus_a4OlbSVOoE apologise I don't mean to intruder on the this thread, however, have you turned on Exploit protection compatibility mode (can be found via settings>apps>app name>exploit protection).

                It may also be with changing your network settings to google servers (via networks setting scroll to the bottom three options and select google on each).

                Again I apologise if I've overstepped any boundaries

                  Wadder No worries, but I tried all that. It looks like it's calling some processes that it doesn't have access to due to app sandboxing. Just my guess though.