Revolut is specifically banning GrapheneOS by checking for the build machine hostname and username being set to grapheneos. We've changed these to build-host and build-user. Combined with another change, this allow our users to log in to it again until they roll out Play Integrity API enforcement.
reshared this
GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •GrapheneOS attestation compatibility guide
GrapheneOSGrapheneOS
in reply to GrapheneOS • • •TheZorse
in reply to GrapheneOS • • •Kevin Karhan
in reply to GrapheneOS • • •GrapheneOS
in reply to Kevin Karhan • • •Quincy
in reply to GrapheneOS • • •I wish you the utmost success in getting this anti-competitive and customer-harming practice banned.
@kkarhan @BMWK @Bundesregierung @EUCommission
zako
in reply to GrapheneOS • • •Adam Chovanec
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •These are the full set of changes fixing Revolut's ban on GrapheneOS:
github.com/GrapheneOS/platform…
github.com/GrapheneOS/platform…
github.com/GrapheneOS/platform…
github.com/GrapheneOS/platform…
github.com/GrapheneOS/platform…
Other banking apps banning GrapheneOS will need to be retested after the next release.
use non-GrapheneOS-branded build user/host · GrapheneOS/platform_build@bcd027b
GitHubMenhera Lexi
in reply to GrapheneOS • • •GrapheneOS
in reply to Menhera Lexi • • •GrapheneOS attestation compatibility guide
GrapheneOSGrapheneOS
in reply to GrapheneOS • • •Menhera Lexi
in reply to GrapheneOS • • •GrapheneOS
in reply to Menhera Lexi • • •GrapheneOS
in reply to GrapheneOS • • •Due to these changes, Revolut works with our latest release that's currently in the Alpha channel and will reach the Beta channel very soon:
grapheneos.social/@GrapheneOS/…
Should be in the Stable channel within 24 hours.
We also added a Play Integrity API notification + per-app menu.
GrapheneOS
2025-01-26 14:28:06
GrapheneOS
in reply to GrapheneOS • • •flashbackdealer
in reply to GrapheneOS • • •flashbackdealer
in reply to GrapheneOS • • •Nate Metzger
in reply to GrapheneOS • • •Stephan Paternotte
in reply to GrapheneOS • • •vivaldi.com/blog/user-agent-ch…
User Agent Changes | Vivaldi Browser
Ruarí Ødegaard (Vivaldi Technologies)nounoursfaisdeschoses
in reply to GrapheneOS • • •GrapheneOS
in reply to nounoursfaisdeschoses • • •Shiro
in reply to GrapheneOS • • •fri ⓥ 🐘
in reply to Shiro • • •GrapheneOS
in reply to fri ⓥ 🐘 • • •fri ⓥ 🐘
in reply to GrapheneOS • • •nat 🦗
in reply to GrapheneOS • • •GrapheneOS
in reply to nat 🦗 • • •Emelia/Emi
in reply to GrapheneOS • • •Banks really need to get a reckoning with regards to this "checkbox security" bullshit. Unfortunately government regulation is often written as "you must follow every checkbox to the letter on this list written by an uneducated bureaucrat that went to defcon once" so the problem persists...
My bank's app won't run if developer settings are on, much less ADB. There's just 'a few' problems with that with regards to actual security:
/data/datafor non-debuggable apps(In other words, banning developer settings is in the words of raymond chen, a check that's on "the wrong side of the airtight hatch.")
GrapheneOS
in reply to Emelia/Emi • • •@becomethewaifu There are no regulations requiring banks to do these nonsensical checks and GrapheneOS fully supports hardware-based attestation for verifying the hardware, firmware, operating system and the app running on top of it:
grapheneos.org/articles/attest…
If they're required to check device, OS and app integrity, that's fine, they can do that while permitting GrapheneOS. We're not aware of any regulation or government which would justify banning GrapheneOS. These apps take lazy shortcuts.
GrapheneOS attestation compatibility guide
GrapheneOSEmelia/Emi
in reply to Emelia/Emi • • •As an aside, does GrapheneOS have a way to protect global settings against invasive apps that have zero business reading their state? I rather like having 'show taps' on, and my bank apparently thinks that's a "security risk"...
Honestly given that 99% of modern banking apps are literally a browser in a tin, and browsers don't have that attestation bullshit, I'd argue that they have no right to be attesting against the OS at all for 'basic functionality'. About the only place they have an actual reason to be doing so is operations involving the camera, where there's an actual justified need to ensure it's a real camera.
GrapheneOS
in reply to Emelia/Emi • • •GrapheneOS attestation compatibility guide
GrapheneOSGrapheneOS
in reply to GrapheneOS • • •Flesh 🐀
in reply to GrapheneOS • • •Sensitive content
Like, granting them the assumption that Graphene is somehow less secure, the only people harmed by that would be people going out of their way to use Graphene in the first place. No threat to their core userbase and not their fault if something goes wrong.
GrapheneOS
in reply to Flesh 🐀 • • •GrapheneOS
in reply to GrapheneOS • • •@flesh Data leaked from companies like Cellebrite shows that GrapheneOS protects users from commercial exploits where iOS and the stock Pixel OS do not. It also shows that the vast majority of Android devices are far easier to exploit, which is already known to security researchers/engineers.
Revolut is permitting Android devices which run OS versions from many years ago. They permit devices without even any partial security backports applied for a decade. They aren't checking for security.
GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •GrapheneOS attestation compatibility guide
GrapheneOSGrapheneOS
in reply to GrapheneOS • • •hexaheximal
in reply to GrapheneOS • • •wait WHAT
I thought that they were blocking GrapheneOS coincidentally by blocking *all* non-play-integrity-approved operating systems but they're deliberately targeting GrapheneOS now???
GrapheneOS
in reply to hexaheximal • • •hexaheximal
in reply to GrapheneOS • • •GrapheneOS
in reply to hexaheximal • • •@hexaheximal It is true. github.com/GrapheneOS/platform… is one of the 2 changes which were required to get Revolut working. They are not enforcing a Play Integrity API device or strong integrity level yet but probably will require the device integrity level soon so our workarounds will stop working once that happens. Might as well get Revolut working again until then.
They're probably banning it via a third party SDK and don't know how the code works but they are explicitly asking the SDK to do this.
use non-GrapheneOS-branded build user/host · GrapheneOS/platform_build@8d0fa9f
GitHubGrapheneOS
in reply to GrapheneOS • • •gruff
in reply to GrapheneOS • • •This is a pain. Lloyds Bank (UK) app used to work well until a year or so ago when they did similar. 🙁
Are you aware of any info, anywhere, on which banking apps are happy to run on custom firmware?
GrapheneOS
in reply to gruff • • •gruff
in reply to GrapheneOS • • •Bah, you got my hopes up then! No dice. I realise this isn't in you, so no probs.
m.primal.net/NuAR.jpg
GrapheneOS
in reply to gruff • • •Orca 🌻 | 🎀 | 🪁 | 🏴🏳️⚧️
in reply to GrapheneOS • • •build-user@build-host? 🤔GrapheneOS
in reply to Orca 🌻 | 🎀 | 🪁 | 🏴🏳️⚧️ • • •@Orca @hexaheximal No, they specifically blocked those properties being set to grapheneos. We settled on build-user and build-host to match the standard values for Android kernel builds. They are not standard values for the OS build username and hostname. Many different values are used elsewhere and the stock OS doesn't use these values. It uses Google buildbot names. Stock Pixel OS uses this format:
ro.build.user=android-build
ro.build.host=r-eaf9838018e7e7ac-49w6
Others use different values.
GrapheneOS
in reply to GrapheneOS • • •@Orca @hexaheximal
./oriole-AP4A.250105.002/system/system/build.prop:ro.build.host=r-456ae1c9fa6a8c5c-phhb
./raven-AP4A.250105.002/system/system/build.prop:ro.build.host=r-456ae1c9fa6a8c5c-77gn
./bluejay-AP4A.250105.002/system/system/build.prop:ro.build.host=r-456ae1c9fa6a8c5c-hd78
./lynx-AP4A.250105.002/system/system/build.prop:ro.build.host=r-456ae1c9fa6a8c5c-4m6w
./cheetah-AP4A.250105.002/system/system/build.prop:ro.build.host=r-456ae1c9fa6a8c5c-n2m7
GrapheneOS
in reply to GrapheneOS • • •@Orca @hexaheximal
./panther-AP4A.250105.002/system/system/build.prop:ro.build.host=r-456ae1c9fa6a8c5c-srpk
./comet-AP4A.250105.002/system/system/build.prop:ro.build.host=r-eaf9838018e7e7ac-zf3t
./komodo-AP4A.250105.002/system/system/build.prop:ro.build.host=r-eaf9838018e7e7ac-49w6
./felix-AP4A.250105.002/system/system/build.prop:ro.build.host=r-456ae1c9fa6a8c5c-sr3g
./husky-AP4A.250105.002/system/system/build.prop:ro.build.host=r-456ae1c9fa6a8c5c-jv20
GrapheneOS
in reply to GrapheneOS • • •@Orca @hexaheximal
./shiba-AP4A.250105.002/system/system/build.prop:ro.build.host=r-456ae1c9fa6a8c5c-dk5m
./caiman-AP4A.250105.002/system/system/build.prop:ro.build.host=r-eaf9838018e7e7ac-vwb8
./akita-AP4A.250105.002/system/system/build.prop:ro.build.host=r-456ae1c9fa6a8c5c-bc8m
./tokay-AP4A.250105.002/system/system/build.prop:ro.build.host=r-eaf9838018e7e7ac-tpc9
./tangorpro-AP4A.250105.002/system/system/build.prop:ro.build.host=r-456ae1c9fa6a8c5c-qw7f
It is not always the same.
GrapheneOS
in reply to GrapheneOS • • •@Orca @hexaheximal
Anyway, that's only the current format used by the stock Pixel OS. They have regularly changed the values of both fields over the years. It would be completely incorrect to hard-wire expecting specific values in any of these fields. Google can do that for the Play Integrity API because each build has data uploaded before release. Others are in no position to do anything like that. We know they blocked GrapheneOS specifically, likely through an SDK which did it.
GrapheneOS
in reply to GrapheneOS • • •Fla
in reply to GrapheneOS • • •@Orca @hexaheximal
By any chance, would you know the value to put for a Pixel 3a? (sargo). I would like to try on my phone running /e/ OS.
Thank you!
GrapheneOS
in reply to Fla • • •@fla @Orca @hexaheximal It would require more changes than that.
Aside from that, /e/OS is a highly insecure OS without basic privacy and security intact. We strongly recommend avoiding it. Pixel 3a is an end-of-life device which hasn't had firmware and driver patches for years, although it's not as if /e/OS ships them properly for most devices they support anyway. Don't recommend doing financial stuff on an OS and devices unpatched known remote code execution holes regardless of device.
Fla
in reply to GrapheneOS • • •@Orca @hexaheximal
what are the other changes needed?
About security, I know Pixel 3a does not receive firmware updates anymore, but the phone itself works very well, it would be a shame to throw it away.
GrapheneOS
in reply to Fla • • •@fla @Orca @hexaheximal It doesn't receive firmware or driver patches, and /e/OS is a highly insecure OS not providing other patches properly either along with not preserving the security model as a whole. It has awful privacy and security regardless of the device.
Considering that /e/OS and the company behind it are spreading misinformation about GrapheneOS and attacking our team, we also aren't really interested in contributing to improving app compatibility on it.
Fla
in reply to GrapheneOS • • •@Orca @hexaheximal
Attacking? I would find this quite surprising.
But anyway, I'm not asking about help for /e/ OS specifically, I just wanted to know what should be done to make Revolut works on a custom ROM, I thought changing those build param was enough so I was kindly asking if you knew the proper values for them.
And obviously if there is something else to be done it would be kind to share it. That's how free software works, collaboration 🙂
GrapheneOS
in reply to Fla • • •@fla @Orca @hexaheximal
> Attacking? I would find this quite surprising.
They have heavily engaged in attacks on our team including harassment. They spread harassment material from a Kiwi Farms member.
We aren't on the same side as Murena and /e/OS scamming people with highly insecure, non-private software while also harming multiple real privacy projects with attacks.
GrapheneOS is being blocked because /e/OS, LineageOS, etc. have created a bad reputation for alternate OSes...
Charles
in reply to GrapheneOS • • •GrapheneOS
in reply to Charles • • •GrapheneOS
in reply to GrapheneOS • • •Fla
in reply to GrapheneOS • • •@charles8191 @hexaheximal @Orca
I am sorry to learn that the relationship isn't good between the two projects. However I have no idea who Kiwi, Rossmann or FUTO are. I simply want to know what you did to make Revolut to work on a custom ROM. I read the GrapheneOS forum thread and thought that changing the build options was enough. Now you are telling me you did more than that, could you please tell me?
GrapheneOS
in reply to Fla • • •Fla
in reply to GrapheneOS • • •GrapheneOS
in reply to Fla • • •Wackget
in reply to GrapheneOS • • •@fla @Orca @hexaheximal Hello friends, I'm just an end user trying to avoid the tyranny that is Google/Apple, and I'm just trying to use Revolut on an OS which is at least better than stock Android.
I would gladly use GrapheneOS but I have a non-Pixel handset, so I am trying LineageOS and /e/OS. Neither has allowed Revolut to work.
@GrapheneOS I understand your displeasure with /e/OS but for the good of the overall cause and users like me, can you please help get Revolut working?
Wackget
in reply to GrapheneOS • • •Can you also please elaborate on your concerns with /e/OS? Maybe it's something the developer community can improve?
As I said I'm just an end user but in my opinion we all need to work together against the giants like Google, and we can only do that by helping each other.
The drama with /e/OS sounds regrettable and unnecessary, but please don't forget it's end users like me who are held back by the lack of progress in open source OSs because of issues like this (Revolut).
Woland
in reply to GrapheneOS • • •They do the same with e/os/
Your post is unclear: can you now for sure bypass Revolut's new policy?
GrapheneOS
in reply to Woland • • •GrapheneOS
in reply to GrapheneOS • • •Woland
in reply to GrapheneOS • • •That's just shocking disinformation that makes you look highly unreliable and not serious.
You can brag about your OS without inventing bad points to others.That'd bring higher trust in you
E/OS/ is quite excellent with its patches and security checks, and the issue comes from Revolut not making it easy to os relying on MicroG.
#disinformation #grapheneOS #badcommunity
#eos #degooglisation #RevolutCompatibility #banking #murena @e_mydata
GrapheneOS
in reply to Woland • • •@Woland It is you spreading disinformation and misleading people promoting a highly insecure OS without even the most basic privacy/security.
/e/OS sets a fake Android security patch level across devices to mislead users. It massively rolls back the security model and disables standard security features. It is consistently months behind on providing privacy/security backports and years behind on full patches. This information is all easily verifiable.
No excuse for scamming people as they do.
Woland
in reply to GrapheneOS • • •@AmyIsCoolz a typical answer from GrapheneOS
It would be laughable if not so sad
I report this message GrapheneOS for diffamatory communication
@factchecking @Sourceyourfantasies
GrapheneOS
in reply to Woland • • •Woland
in reply to GrapheneOS • • •@AmyIsCoolz
Since the beggining of this conversation, you have failed to provide with any source at all.
@AmyIsCoolz is doing a better job
GrapheneOS
in reply to Woland • • •Amy
in reply to Woland • • •/e/OS barely even ships security updates in time, often having a 2 months delay. Their MicroG implementation allows for signature spoofing of all packages unlike Calyx or Lineage. It is truly one of the worst from a security POV (aside from literal jokes like Replicant).
Look, I used to use it as well until I switched to Divest (well that one died), but it makes a lot of big claims without much to back it up. You’re much better off using Lineage and Lineage doesn’t even have that good of a security
Woland
in reply to Amy • • •Source it please. It'd make the conversation so more interesting.
I have updates on eos every two weeks or so, and I find no source backing your security issues claims, so please feed me
GrapheneOS
in reply to Woland • • •Woland
in reply to GrapheneOS • • •@AmyIsCoolz
I beg you to source
GrapheneOS
in reply to Woland • • •Woland
in reply to GrapheneOS • • •@AmyIsCoolz
Again, no source, and Murena and @e_mydata are two separeted things: @murena is a brand and @e_mydata is an opensourceOS
You're diffaming.
GrapheneOS
in reply to Woland • • •@Woland @AmyIsCoolz They're scammers who promote scam products with false marketing. They're the same people. The developers of /e/OS work for Murena. The fact that they have this sketchy setup of a separate non-profit and company doesn't change anything about the fact that it exists for them to turn a profit. They promote it with false marketing.
Not clear what response you expect to promoting it here. It's the direct opposite of what we do with GrapheneOS. It massively reduces security.
GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
Unknown parent • • •Dashboard - SEON Docs
docs.seon.ioGrapheneOS
Unknown parent • • •Nux
in reply to GrapheneOS • • •elly
in reply to GrapheneOS • • •GrapheneOS
in reply to elly • • •elly
in reply to GrapheneOS • • •GrapheneOS
in reply to elly • • •Dimitris Zervas
in reply to GrapheneOS • • •GrapheneOS
in reply to Dimitris Zervas • • •Cezar Lungu
in reply to GrapheneOS • • •Ugh, just briefly reading about the Digital Footprint of Seon and it already sounds pretty concerning.
GrapheneOS
in reply to Cezar Lungu • • •AppsFlyer | Make good data-driven choices
AppsFlyerPaolo Redaelli
in reply to GrapheneOS • • •LukefromDC
in reply to GrapheneOS • • •You will never see me using any corporate app or website that wants to check my OS or hardware for ANYTHING. I don't play monetized games, I don't bank online, I don't use any site's app. Even online shopping is limited to things not found in any store and exiled to a separate quarantine operating system and such use will never touch a phone in my hands.
The really great thing about Graphene is how poorly Cellbrite works with it! From my understanding the only thing Cellbrite can do with Graphene is take a forensic image of an already unlocked phone.
This actually might happen if someone with both their own Cellbrite box and their own graphene phone needs an image to analyze say, an attempted attack without having to keep the phone out of service. It has to be booted, unlocked, USB debugging on, and here's the kicker: Cellbrite can't even bypass the requirement to authorize the particular computer connected to the phone to use the adb bridge!
I think given the events since November Graphene is going to be getting a lot of new users.
GrapheneOS
in reply to LukefromDC • • •GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
Unknown parent • • •GrapheneOS
Unknown parent • • •GrapheneOS
Unknown parent • • •Alvyn
in reply to GrapheneOS • • •GrapheneOS
in reply to Alvyn • • •syd 💕
Unknown parent • • •