Plethora9278
Try instead using their own policies as rebuttal e.g: Subject: Formal Complaint: Discontinuation of GrapheneOS Support and Code of Conduct Violations
To the UBS Corporate Responsibility Team,
I am writing to express my profound disappointment that UBS chooses to neglect privacy-aware customers. So-called new, innovative features and improvements should not take place over security and privacy, especially for a bank. This decision directly penalizes users who actively secure their devices against malware and data harvesting.
GrapheneOS is the gold standard for mobile security. It explicitly enforces a secure, relockable bootloader with Verified Boot and hardware memory tagging. Furthermore, it utilizes a hardened memory allocator, improved app sandboxing, and a hardened WebView engine designed specifically to prevent the exact exploits that threaten financial applications.
If UBS's 'innovative features' and 'security standards' require bypassing GrapheneOS's Sandboxed Google Play—which provides standard Play Services APIs as regular apps without granting them root-level system privileges—then UBS is confusing proprietary Google telemetry with actual device security. Punishing customers who proactively lock down their hardware makes your overall user base less secure, not more.
According to your own Code of Conduct, UBS is explicitly committed to "safeguarding the information clients have shared with us" and ensuring data is not "seen or used by the wrong people". By blocking GrapheneOS—an operating system fundamentally designed to prevent data harvesting and memory exploits—UBS is actively undermining its own pledge to protect client assets.
Furthermore, your code states that "we don't just follow laws, rules and regulations – we do what is right based on our defined principles". Forcing privacy-conscious users onto operating systems laden with third-party tracking, simply to meet baseline compliance for 'the majority,' directly violates your commitment to "creating and sustaining mutual and lasting trust" with your clients.
Ultimately, blocking GrapheneOS violates your Code of Conduct pledge to safeguard client data and build mutual trust. Forcing users onto systems with third-party tracking reduces actual security. Proprietary telemetry is not security. Please restore support.
I found their policy here: https://www.ubs.com/global/en/our-firm/our-culture/code-of-conduct.html but yes as others have said; unfortunately if not even that does anything then time for a switch. I'm not from the country so I don't use the bank but the more of you that send a similar email the more likely to get it changed back to allowing it. Best of luck getting it changed, and if not I hope you find a good alternative for your other needs that won't do the same thing.