App compatibility with GrapheneOS

Carlos-Anso

brbr9 or an having a possibilty to check the authencity of an app.

If you download Accrescent from the GrapheneOS App Store you can then get App Verifier. Can save the apk signature hash if a new version of an app stops working. Then uninstall and install an older version and check it has the same signature hash. Theres also a way to download older versions of apps from Play Store using the Aurora Store app. Best to also check the hash if doing it that way.

brbr9

Carlos-Anso That's good to know, I'll do the test, thanks for the info.

brbr9

Just to inform you that UBS released a new version (7.5.3.1746) and it fixed the issue 🎉

streebgreebling

I am having trouble opening a bank account through UBS Banking app, version 15.04.97386. I have the latest version of GrapheneOS on my Pixel 8. I tried enabling the Exploit protection compatibility mode, as well as turning off my VPN, as well as disabling Secure app spawning, but nothing works. I am able to go through the first few steps, to enter my phone number and receive the confirmation code, but when I go to select the nationality, the app goes dark and crashes suddenly, no error shown. I also tried ZKB, there it cannot scan my passport, even though it is clearly visible. I will probably have to get a cheap Android phone just to have a bank account. My bank apps from other countries work, this seems to be Swiss-specific. I will have to get a cheap Android phone, or ditch Graphene for Apple if this issue persist.

other8026

streebgreebling the app goes dark and crashes suddenly, no error shown

You can still get the logs from app info even if there's no popup about a crash.

streebgreebling I also tried ZKB, there it cannot scan my passport, even though it is clearly visible.

Logs might help here too. It's possible their app relies on Google Play. I'm not sure if you've tried that.

redfoxjumper

Relay for Reddit no longer works (even if side loaded). It redirects to the 'get this app from play' activity of the play store app.

JBolho

As of today the Formula 1 app and eBay no longer work, they redirect instantly to the Play Store if installed through Aurora Store and show as incompatible on Play Store.
Using GOS on a Pixel 8A.
Judging from the apps that only updated through Aurora so far, i suspect Coinbase app is next, although that app has a recurring compatibility issue even with stock Android since 15 came out on many devices.

other8026

JBolho This is happening to some more apps after some recent changes by Google. There's a planned feature to change apps' installer to Google Play if they have valid Play Store metadata.

Obligatory thing I say when sharing a link to a feature in the issue tracker: please only add a positive reaction to express interest in a feature, and not add posts saying a feature is important. This forum or the chat rooms are for discussion, not the issue tracker.

hemlockiv

other8026 if they have valid Play Store metadata

What does Play Store metadata entail? I actually did manage to spoof the install source, so in settings t shirts a dislodged sideloaded app was installed from Play Store, but the app itself still complains that it was installed from an outside source? (I don't think it's the signing keys because i can update it from Play Store)

Bertonumber1

Still toiling here guys. I had eBay version 6.2.4.0.1 (i think) from apk mirror working for a few days. Then the eBay app stopped playing ball with the sandboxed playstore citing "download app from playstore". Verification seems to be the issuse.

I remember when aimilar issues arose i used to edit the /data/data/com.android.vending/sharedprefs/finksy.xml (or wherever the file was) and change the line
<boolean> device.android.google certified "false" to "true" inside the quotes and this would spoof the store and its apps into seeing the store as certified.

I apologise and admin/devs//mods please delete if this post is in appropriate. This worked for me from my Android TV days up until not so long ago.

The only issue apart from the morality some may have wiith the idea of spoofing or editing the root directory is the end user of grapheneos does not have access to the root folder or admin privileges anyhoo. Maybe one of the devs could test and see if method still works for testing sake.

Regards

other8026

hemlockiv Not entirely sure. There's something called a source stamp. Google signs something with one of their certificates, so it's possible to confirm an APK comes from Google Play and not some other source. It's being verified with SourceStampVerifier.

hemlockiv I actually did manage to spoof the install source

It turns out that's not the only thing that's going on when apps check if they were installed via Google Play Store, so setting the installer to Google Play when installing via ADB isn't enough

hemlockiv

other8026 Not entirely sure. There's something called a source stamp. Google signs something with one of their certificates, so it's possible to confirm an APK comes from Google Play and not some other source. It's being verified with SourceStampVerifier.

hemlockiv I actually did manage to spoof the install source

It turns out that's not the only thing that's going on when apps check if they were installed via Google Play Store, so setting the installer to Google Play when installing via ADB isn't enough

Thanks, I was worried there would be something like that.
In my case, though, I don't think it has anything to do with the veracity of the APK. I initially tried installing an app to a secondary profile directly from Play Store (because the secondary profile is logged in with a google account), then ADB install-existing to the main profile. It ran fine in that secondary profile, but not in the main one, where I am not logged into Play Store with a google account.

I did a little more testing, and I discovered that (at least for the app I was trying, "Multi App"/com.waxmoon.ma.gp) the Install Source didn't actually matter. What mattered was whether the Play Store app was installed and signed in. interestingly, when I uninstalled or disabled the Play Store, I didn't get any error messages about needing to reinstall my app thru Play Store; I only got the errors when Play Store was installed, but not logged in.

I assume this has something to do with Play Integrity, or some other Play Store API. I don't know if it's possible to block that connection for an app (in other words, make an app think Play Store isn't installed when it actually is)

other8026

hemlockiv not in the main one, where I am not logged into Play Store with a google account.

hemlockiv What mattered was whether the Play Store app was installed and signed in.

Yes, you needed to be logged in for it to work, otherwise Google Play will prompt you to log in. A change in the latest GrapheneOS release makes it so that the check isn't run, so you don't need to be logged in.

Bertonumber1

Devs try this:
In a root shelll or file manager ..
Navigate to:
/data/data/com.android.vending/sharedprefs/finksy.xml

and change the line
<boolean> device.android.google certified "false" to "true"
Save the amended finsky.xml

Reboot system

If it does not work for installing apka then revert back to "false"

Regards

LunaticBuzz

I'm in Australia and the Australia Post Travel MasterCard and Everyday MasterCard apps have stopped working. I tried to re-install them but they won't install (using Aurora; I don't use a Google account). There are many lines of error message saying, effectively, that "Could not get files"

I am wondering if this is due to an app compatibility issue with the upgrade to A16. There was never a problem downloading through Aurora before.

Anyone else with this issue?

DeletedUser495

LunaticBuzz Common problem, clear the storage of Aurora, restart it and look up your app again. This time it should download.

LunaticBuzz

Great, thanks! That worked!

Unfortunately, the problem that I was trying to fix by re-installing them has not been fixed.

They now do not remember the login info that allows access to them, even though a PIN has been set (for "faster" access; ha!) and TouchId (ie fingerprint). In other words, when you close out of them (not log out), you have to re-enter all the info all over again as though you had logged out, whereas until recently, simply using the fingerprint unlock (or PIN) would get you back in instantly. The info now seems to be volatile between logins, whereas it was not so until recently.

Anyway, thanks a bunch! Turns out the apps are crap, not Aurora ;-)
And maybe this new behaviour is due to the A16 upgrade.

holx99

The uTag app (makes galaxy tags 2 available on non samsung phones) is not working on grapheneos. The app patches/modifies the Samsung Smart Things app but somehow grapheneos is blocking it.

Some people had luck with disabling Secure app spawning and enable exploit protection compatibility (for both uTag and Smart Things app) (see: 61 , 62 , 63) but it didn't work on my side. I gave all access to both apps but it's not working.

The problem should be on grapheneos side I think it's still blocking something...
So what could be the problem? Can I post the app log here?

MeruMeru

akc3n Thank you very much for the post.
My bank app is on the compatibility list but it didn't work.
It worked after step 1 and step 2.

Just a quick question, does it add vulnerability to my bank app if I keep those allowed?

nandohyphen1

If anyone is in Canada and uses Servus Credit Union or ConnectFirst Credit Union (they are both the same bank) I have tested both apps and since they weren't on the list I have added them. Servus works without Google play services as long as Exploit Protection Compatibility Mode is enabled. It is installed from Aurora Store. ConnectFirst hasn't been tested without Google play services but it also works if Exploit Protection Compatibility Mode is enabled. It is installed from the Google play store. Here's the link to my report
https://github.com/PrivSec-dev/banking-apps-compat-report/issues/759

wuseman

nandohyphen1
Was your issue deleted? It leads to a dead link.

« Previous Page