14 days later

A general question about app compatibility when switching to GOS with sandboxed GPS: Are apps which have been working fine on an old phone with MicroG expected to work as well with sanboxed Google Play Services on GOS? I am asking this because I have read various times that compatibility with sandboxed GPS is far better than MicroG. So if I have e.g. banking apps that run perfectly with MicroG, are they likely to run on GOS, too?

    Themble they should work fine, but keep in mind that some OSes get around Play Integrity in hacky ways that GrapheneOS does not. It's possible the bank app will check if your phone is running a certified OS (which GrapheneOS isn't) and just choose not to work.

    8 days later

    Are these errors are caused by this commit?

    • de0u replied to this.

      eersya Are these errors are caused by this commit?

      Probably not, but it's hard to say before specific errors are specified. So... which errors?

      24 days later
      6 days later
      9 days later

      Hello,
      I've an app that does not initiate login. Normally, when pressing the login button, it'd redirect to a login page. On GOS, hitting the login button doesn't proceed, nothing happens.

      Here's an extract of the logs:

      W libc : Access denied finding property "ro.debuggable"
      W libc : Access denied finding property "odsign.verification.success"
      W libc : Access denied finding property "ro.product.name_for_attestation"
      W libc : Access denied finding property "ro.product.manufacturer_for_attestation"
      W libc : Access denied finding property "ro.product.brand_for_attestation"
      W libc : Access denied finding property "ro.product.model_for_attestation"

      I auditd : avc=type=1400 audit(0.0:15852): avc: denied { read } for comm="app_process64" name="u:object_r:userdebug_or_eng_prop:s0" ...
      I auditd : avc=type=1400 audit(0.0:15856): avc: denied { getattr } ... path="/apex/apex-info-list.xml" ...

      W ART APEX data files are untrusted.
      W ziparchive: Unable to open '/gmscompat_fd_64.dm': No such file or directory
      W DynamiteModule: Local module descriptor class for com.google.android.gms.googlecertificates not found.

      Is this the device attestation failing?

      I've tried any of the proposed steps in post #1 (without secure spawing (yet)).
      GMS is installed, with full network access.

      Any advice very much appreciated. Thank you.

      5 days later

      Are the steps under "6. Capture a bug report" replaced by the feature located in Settings > System > View logs? Or does the Developer options feature "Bug report" capture more comprehensive logs / system info?

        fid02 Good point. I think for app compatibility we'd just send the specific app's logs (in Settings > Apps > All apps > *app* > View logs, not the full system logs.

        a month later

        I have problem with Bank Norwegian app, when I install it and select Denmark as country, then it requires access to Chrome settings. I don't want to use Chrome as web-browser. I have followed the suggested methods in the thread, but none of them work. Here is the link for the app;

        https://play.google.com/store/search?q=bank+norwegian&c=apps&gl=us
        https://play.google.com/store/search?q=bank+norwegian

        Anyone has experienced this problem or have a suggestion, how to solve it?

          lbr20a Looks like the app is using MitID for authentication. MitID is known to be a problematic app. It does weird stuff. There's a long thread on it here: https://discuss.grapheneos.org/d/1520-status-of-mitid-app/

          In any case, it looks like you will have to install Chrome and set it as the default web browser in the same profile for the verification to be able to start. The app doesn't say that it requires access to "Chrome settings", but that Chrome needs to be the default browser. Try setting Chrome as the default web browser, and after verification you can try to revert that setting back to your desired web browser. Hopefully Bank Norwegian will just work after the initial verification.

          If the app continues to insist on having Chrome as the default browser after the verification, that is very weird behaviour and if that is the case, you should contact the app developers.

          a month later

          Some people considering GrapheneOS are maybe afraid switching to GrapheneOS fearing that their banking apps may not work.

          However for my case I use many different banking apps and they do not cause troubles. I am based in Switzerland. I think the issue is overrated. But of course you may have bad luck.

            schweizer
            Ich kann mich auch über keine Banken App aus der Schweiz beklagten.
            Dafür hackt es bei mir mit Parking Pay hast du hier selbe Probleme?

              Regarding 4. Alternative frontend clients
              Some apps only check this if it's open by the "main activity" meaning opening the app the canonical way by tapping the app icon. However on some apps you can work around this, if the devs of the app implemented the check sloppily, by creating a shortcut. Tap and hold the app icon and then select a shortcut (if one exists - not always the case). Delete the original app icon from your home screen and from now on start the app in question with this "app shortcut". An example is CouchSurfing. Maybe it changed.

              Otherwise you can also enable ADB, change the installation app (which persists after updates, but not reinstalls) and disable ADB afterwards. Important! Beware, enabling ADB debugging is not recommended by the GrapheneOS project.

              2 months later

              Hi! I am new here and new to GrapheneOS. I could successfully install it from my Linux via terminal. I strictly do not use anything from Google. But I have to use several apps, which are not available from F-Droid and can only be found on GooglePlay or apkpure.com etc. Of course I want to control those apps by apps like AdAway or AF-Wall as I used to on my old Samsung Galaxy with LineageOS in rooted status:

              The first is AF-Wall. But it is only operable on rooted devices. I would like to have a replacement for this, because I want to have detailed control, whether an app may use WiFi or mobile net or nothing. There are many apps, which do not need any network connection.
              So I have tried NetGuard Firewall, which will insert a virtual VPN within the device. But it seems to be incompatible with GrapheneOS, because after installation and activation, no app could connect to network services.
              I miss a app with a firewall function on GrapheneOS. – Or is it, that such Firewall is not necessary on GrapheneOS?

              Second I would lie to use AdAway. This app will function without root access, but the will insert a virtual VPN similar to NetGuard Firewall and with the same result: No other app can connect to network services any more. So my question is, whether there is no need for an app like AdAway on GrapheneOS, because it would suppress unwanted ads on system level. Or does someone know of an app, which would be compatible with GrapheneOS?

              Third, I would like to control the charge levels of the battery in order to increase battery life. The only apps, I know, demand root. So my question is, whether there is an app, which would control battery charging and is compatible with GrapheneOS.

                I have a fourth one:
                Fourth: I always had an app, which checks the correct PIN, to unlock the screen. If someone enters a wrong PIN more often than xx times, then the entire phone gets wiped. Reason, why I like such an app: I am working as a practitioner for mental health and there are some very sensible data from my clients on my phone. If the device gets stolen or misused, I want the device being wiped for security. The app, I had used all the time, requires root access. So my question is: Which app could do this without needing a root access? Til now, I don't know any.

                  • Edited

                  Rapunzli Welcome to the forum!

                  You should open a new topic so that you're more likely to receive relevant replies. It also makes it easier for others with the same questions to search for your topic.

                  But to quickly answer your questions:

                  Rapunzli I want to have detailed control, whether an app may use WiFi or mobile net or nothing. There are many apps, which do not need any network connection.

                  You don't need firewall apps as GrapheneOS implements the Network permission toggle which can be found from Settings > Apps > [App name] > Permissions > Network or by holding on the app's icon and pressing App info.

                  Rapunzli So my question is, whether there is no need for an app like AdAway on GrapheneOS, because it would suppress unwanted ads on system level. Or does someone know of an app, which would be compatible with GrapheneOS?

                  The recommended approach is to choose a DNS server that blocks ad domains. Ad-blocking apps are unrecommended.

                  Rapunzli Third, I would like to control the charge levels of the battery in order to increase battery life. The only apps, I know, demand root. So my question is, whether there is an app, which would control battery charging and is compatible with GrapheneOS.

                  I don't have the answer to this so I can't say anything. You should open a new topic 🙂.

                  Rapunzli I am working as a practitioner for mental health and there are some very sensible data from my clients on my phone. If the device gets stolen or misused, I want the device being wiped for security.

                  GrapheneOS has a duress PIN/password feature which securely wipes the phone, unlike incomplete third-party implementations which allow interrupting the wipe. This might not be what you're looking for, but Google Pixels have some of the strongest hardware implementations against bruteforcing. You can also enable Auto reboot.

                    yore

                    The recommended approach is to choose a DNS server that blocks ad domains.

                    We recommend doing it as part of DNS resolution which can either be done with the Private DNS feature or a local DNS filtering app via the VPN service app feature. If you use a VPN, we recommend not mixing that with Private DNS so a VPN app able to handle local filtering of DNS should be used, or a VPN service which can filter it remotely. Filtering can be detected by websites, etc. and they can enumerate what's being filtered vs. not filtered so bear that in mind.