After using LineageOS for long time, I have finally moved to GrapheneOS. I use a lot of banking and financial apps which I never felt comfortable using on LineageOS due to lack of proper sandboxing, unlocked bootloader etc.

GrapheneOS works flawlessly just like Android. You don’t even notice there’s hardening underneath. Also it protects from Google’s evil location tracking using WiFi/Bluetooth or even when the Location is turned off. I don’t understand how people in general are comfortable with Google tracking all the time. You can use Google Play and Play Services in a sandbox that works just like regular installation, but without deep tracking.

If you haven’t tried GrapheneOS, try it. You won’t go back to regular Android.

  • ExcessShiv@lemmy.dbzer0.com
    link
    fedilink
    arrow-up
    0
    ·
    4 months ago

    People contemplating moving to graphene, do be aware that banking etc. absolutely can be a major PITA on graphene as well. Several official apps used where i live cannot work in graphene, even with sandboxed play services installed, making day-to-day life functionally impossible with graphene. Luckily reverting to stock android is easy, although I probably wouldn’t have bought a pixel phone if I was planning on using stock OS.

    • PotatoesFall@discuss.tchncs.de
      link
      fedilink
      arrow-up
      0
      ·
      4 months ago

      Isn’t it only Google Wallet that doesn’t work? I actually cancelled a bank account I had because their app only worked with Google Wallet. Some banks roll their own NFC payment thing.

      I’m on CalyxOS btw, not Graphene.

      • ExcessShiv@lemmy.dbzer0.com
        link
        fedilink
        arrow-up
        0
        ·
        edit-2
        4 months ago

        No that doesn’t work either, but we use a 2FA app to enable mobile banking access, SS access, school communications/message board etc., basically anything that requires you to prove your identity. That app doesn’t work in graphene at all, it flat out refuses and states the OS isn’t secure or the app isn’t installed from a valid source, so all things dependant on this doesn’t work on graphene.

      • oscardejarjayes [comrade/them]@hexbear.net
        link
        fedilink
        English
        arrow-up
        0
        ·
        4 months ago

        Some banking apps won’t run without SafetyNet (technically now Play Integrity). Pure AOSP doesn’t have it, and AOSP distributions with sandboxed play services or whatever usually fail the hardware attestation requirements. There are some other reasons banking apps won’t work, but a lot of it is similar stuff.

    • theskyisfalling@lemmy.dbzer0.com
      link
      fedilink
      arrow-up
      0
      ·
      4 months ago

      “Making day to day life functionally impossible” is a bit drastic. I think that depends on each individual person, their needs both in terms of banking and privacy.

      My banking app doesn’t work on Graphene but I also couldn’t care less. I can just as easily log in to my account via my browser on my phone if I need to do something and it isn’t exactly hard, it takes all of 30 seconds more than using an app.

      I realise in some other countries you don’t have that option but were I in the same situation for me that would be enough to change banks, I don’t want to be forced to use an app for anything.

      Everyone has different lengths they are willing to go to to protect their privacy and I’m willing to make my life slightly harder where as others may not but I think saying it makes life functionally impossible is a bit of an overstatement and it needs to be judged based on individual needs.

      There is a list of what banking apps work and what don’t.I’ll post it in a top level comment for visibility.

      • ExcessShiv@lemmy.dbzer0.com
        link
        fedilink
        arrow-up
        0
        ·
        edit-2
        4 months ago

        The thing is, I’d need the government 2FA app (which doesn’t work in graphene) when logging in to my bank on a browser as well, so that doesn’t change anything.

        And I can’t do anything, I can’t check my digital mailbox (not email, we have something specifically for official communication with bank, government etc.), I can’t log in to check messages from my kids school, I can’t order a doctors appointment…you get the picture.

        • theskyisfalling@lemmy.dbzer0.com
          link
          fedilink
          arrow-up
          0
          ·
          4 months ago

          Yeah i understand what you are saying and that is why everyone’s individual needs come into play.

          I don’t know what country you are in and that can obviously affect things, my banks 2FA is an SMS. I have options in terms of the other things you mentioned, where as you may not have.

          • ExcessShiv@lemmy.dbzer0.com
            link
            fedilink
            arrow-up
            0
            ·
            4 months ago

            it’s a problem because graphene os doesn’t pass google play safety check, or whatever it is called. They are apparently not able to make the sandboxes play services good enough to pass so the app accepts it’s validity.

            • unrushed233@lemmings.world
              link
              fedilink
              arrow-up
              0
              ·
              4 months ago

              It’s actually a problem with Google, because the only reason GrapheneOS doesn’t pass the Play Integrity API check is that Google enforces a whitelist of allowed operating systems. Even though GrapheneOS is 10x as secure as the stock OS, Google doesn’t allow it. Since this is a highly monopolistic practice, the GrapheneOS team is talking to regulators to finally stop this: https://grapheneos.social/@GrapheneOS/112916691727814901

    • cmhe@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      4 months ago

      Well, I never really missed being able to pay via NFC on a phone, but I also never done it. My NFC chip in my card works fine.

      When my baking app started detecting my rooted phone, I just switched to using their web-app via Firefox, which allows you to create a direct link to it as an “App”. Which is probably better anyway, than installing random proprietary apps on a phone. And logging into it every time is also easy with a password manager.

      So I guess, as long as the banks still offer a website, I am good.