For the past 15 years, F-Droid has provided a safe and secure haven for Android users around the world to find and install free and open source apps. When co...
No they work. It’s not like LineageOS. Both Bank apps I now need, work on GrapheneOS but did not on LineageOS. It is my compromise without being compromised.
All my banking apps and credit card apps have worked flawlessly on Graphene OS. You’re correct that tap to pay doesn’t work, which is a bummer. But that is just Google spyware as well, honestly.
I heard about this a while ago, but I remember the GrapheneOS team talking about suing Google if they didn’t allow them to pass play integrity checks like they should be able to, but Google just doesn’t let them. That’s the only reason tap to pay doesn’t work and some baking apps have issues, its Google purposefully limiting graphene OS so they have a competitive edge somewhere.
I’m still holding some hope that maybe Samsung’s flavor of the OS won’t have the restriction of requiring Google keys. Specially considering that Samsung has its own “Galaxy Store” with app submissions controlled by them, not Google.
Though it’s possible they might simply extend the signatures accepted to include also the ones signed by them ^^U …still it would give them a competitive edge to remove the restriction so they might be incentivized to do it.
If they want a lot of play store banking apps + other things that opt into play protect to work they’ll need to add the signature verification requirement.
Will the banks in Korea, EU and many other areas where Samsung phones are very common keep that restriction if it meant alienating that many users? I doubt it. That’s why I think the support of a big player on this would be a killing move.
Also I’m not 100% convinced that it’s impossible to have some verification without it depending on this one change.
I’m even willing to use the web apps or webpages for banking, if the browsers can make the handshakes. I’ll forfeit using the bank first party apps, if their websites are full featured.
And the bootloader is now locked down across Samsung’s ecosystem, as of this year. Sucks.
If you move to using an unsecured “chinaphone” as an alternative to the big three handset vendors, then it’s unlikely they are target devices for the myriad of uncertified ROM’s.
I think we are going to need software solutions that can run on major Androdis distributions across the variety of hardware.
I think we’re going to need something like UTM or Docker (virtualization or containerization) for running our unsigned Android apps and services, and I don’t know how feasible it will be.
If you move to using an unsecured “chinaphone” as an alternative to the big three handset vendors, then it’s unlikely they are target devices for the myriad of uncertified ROM’s.
Not following your logic here… With the mainstream devices now locked, “the myriad of uncertified ROMs” will necessarily shift to the remaining unlocked phones, or die out.
I think a viable future is owning two devices, one “certified” to access your banking and work apps, and one running GrapheneOS for your private life.
ROMs rarely work as one-size-fits-all-devices, yeah?
I only know of four smartphone categories of phones that are really available in the markets around the world today, en masse.
The big tentpole phones available from Samsung, Google, Moto, and maybe two other players.
Boutique devices from vendors like Nothing and Fairphone with limited reach to global markets (like, being Euro only, or being only distributed in markets that can buy into they ideology, etc). Nearly all of them prices or is MOST humans’ reach.
Chinaphones. A mix of fly-by-night brands with ghost shifts in factories that make many varieties of phones with other people’s designs, but have extremely limited first party support and probably zero ROM support from the global community … And then the handful of tech markings like Xiami, HTC, Huawei, and anyone else that bends the knee to the CCP. Virtually no NA market penetration in this decade, and tremendous barrier for entry, for most of the Western world. Also, security issues galore.
iPhones.
All that to say, I don’t think a more featured OS existed it’s the way forward, with people all jockeying to make new ROM’s for everyone to NOT be able to run on their phones.
I’m hopeful folks smarter than I will be able to come in about the potential for sandboxes in it phones with their own capacity for running unsigned apps, like a virtualization platform.
I literally named two different phone models, and I think dismissing that people are often bound to what handsets are available to them is … Well, honestly just cruel.
Most of us don’t have the cash to throw down for phones all the time and we need scalability to protect ALL of us, not just those of us cash flush.
My fingers are still crossed folks figure out some containerization or virtualization solution between now and the Goo-lag.
It’s better to work a few hours to buy a good device than waste thousands searching for a fantasy solution. Phones are bought rarely, not ‘all the time’. If you can’t afford basics, fix the money problem first, privacy can wait.
You understand that people who live in the developing world, and have hostile governments that will weaponize Meta/Google’s data and telemetry against them, ALSO deserve privacy and liberty with their devices too, right?
This is why I’m saying that being prescriptive about what hardware we use is not the end game.
It’s going to have to come from the software platform.
I live in a country where the government is now weaponizing the mobile data on our phones to track us, and assault us. They have begun kidnapping citizens without due process and incarcerating people with legal status, without even filling charges.
These state agencies are buying tech that let’s them follow people around by their phones, and the leading mobile platform companies are openly complicit with governments that assault their people.
When you ask if I’m living in the developing world, I travel international a lot but my home country is experiencing rapid decline, and they have banned several categories of phone manufacturers, most famously Huawei consumer products. Ironically, because that company is suspected of doing the same things that Google is doing (granting access to back-end services and data to government entities).
So it’s really not about any one device.
The people affected by this state violence (a ) deserve privacy just like anyone else, and (b ) depend on their mobile devices for every part of their daily life just like everybody else.
How are you going to help them, when you can’t even help yourself?
Nobody can “help themselves” with a technology platform. It taken cooperation with others, to make systemic changes.
Again, I personally will be fine.
I can buy a Chinaphone. Or I can fund a Linux project phone for myself. Or, gods help me, I could buy an iPhone.
But what about the people on the other end of the line? What good is one secure walkie talkie?
Even on GrapheneOS, sure it uses a sandboxed Google Play Store, which is obviously great for users, but the developers of Android apps still have to hand over their personal data to Google specifically as this new decree from the Lords of the Google fiefdom entails.
Because FOSS developers rightly value their personal privacy, this decree effectively kills incentive for FOSS developers to continue making and maintaining apps for Android. Running GrapheneOS doesn’t circumvent this.
It’s like I’m saying “I’m hungry” and you say “Go for a run, it’s healthy for you.” I mean… it’s true that running is healthy… but the act of running doesn’t solve the problem of me being hungry…
Too, you can shove Google into its own separate User from everything else and keep it locked down in an always on VPN or the like. You don’t owe it the primary user on your phone. You can even keep that user shutdown such that none of it runs until you explicitly switch over and run it.
I think you’re missing the point. You say you use FOSS apps for everything. Do you download them from F-Droid?
From the article:
The future of this elegant and proven system was put in jeopardy last month, when Google unilaterally decreed that Android developers everywhere in the world are going to be required to register centrally with Google. In addition to demanding payment of a registration fee and agreement to their (non-negotiable and ever-changing) terms and conditions, Google will also require the uploading of personally identifying documents, including government ID, by the authors of the software, as well as enumerating all the unique “application identifiers” for every app that is to be distributed by the registered developer.
The F-Droid project cannot require that developers register their apps through Google, but at the same time, we cannot “take over” the application identifiers for the open-source apps we distribute, as that would effectively seize exclusive distribution rights to those applications.
If it were to be put into effect, the developer registration decree will end the F-Droid project and other free/open-source app distribution sources as we know them today, and the world will be deprived of the safety and security of the catalog of thousands of apps that can be trusted and verified by any and all. F-Droid’s myriad users will be left adrift, with no means to install — or even update their existing installed — applications. (How many F-Droid users are there, exactly? We don’t know, because we don’t track users or have any registration: “No user accounts, by design”)
I get my apps through Obtainium. I usually find the developers pages where they publish source code and the apk and then add them to Obtainium and install from there and let it manage the updates.
Most of the apps I use are also available on f-droid and some probably have play store versions as well.
Try Graphene today. IT WORKS
Except for stuff you really need like online banking, tap payments and digital ids
No they work. It’s not like LineageOS. Both Bank apps I now need, work on GrapheneOS but did not on LineageOS. It is my compromise without being compromised.
Ok what about my tags? What about notifying me if tags are following me what about tsp to pay what about satellite messaging.
All my banking apps and credit card apps have worked flawlessly on Graphene OS. You’re correct that tap to pay doesn’t work, which is a bummer. But that is just Google spyware as well, honestly.
I heard about this a while ago, but I remember the GrapheneOS team talking about suing Google if they didn’t allow them to pass play integrity checks like they should be able to, but Google just doesn’t let them. That’s the only reason tap to pay doesn’t work and some baking apps have issues, its Google purposefully limiting graphene OS so they have a competitive edge somewhere.
You can do online banking via a browser, it’s clunky but you generally just need to be more prepared
Yeah, but over here you pretty much forced to use aome sort of mobile 2fa
Manageable.
Plenty of bank apps work just fine. None of the ones I’ve tried had problems, except Santander, which works perfectly after changing a setting.
Not here in Norway. You need BankID which is an app that well, requires a lot of stuff.
Personally I don’t need or want any of those things on my phone.
Samsung s22 and s25, checking in. Graphene won’t be viable for the vast, overwhelming majority of Android users today or in the coming seasons.
I hope people figure out some kind of virtualization/docker-containerization solution to the coming Goo-lag.
I’m still holding some hope that maybe Samsung’s flavor of the OS won’t have the restriction of requiring Google keys. Specially considering that Samsung has its own “Galaxy Store” with app submissions controlled by them, not Google.
Though it’s possible they might simply extend the signatures accepted to include also the ones signed by them ^^U …still it would give them a competitive edge to remove the restriction so they might be incentivized to do it.
I’m hopeful that the hackers will win. I will never underestimate the power of motivated, scorned engineers.
Probably by removing some google service or some other gimmick it can be bypassed
I mean, you can hack/root most devices, even right now. I expect that’s not changing.
If they want a lot of play store banking apps + other things that opt into play protect to work they’ll need to add the signature verification requirement.
Will the banks in Korea, EU and many other areas where Samsung phones are very common keep that restriction if it meant alienating that many users? I doubt it. That’s why I think the support of a big player on this would be a killing move.
Also I’m not 100% convinced that it’s impossible to have some verification without it depending on this one change.
I’m even willing to use the web apps or webpages for banking, if the browsers can make the handshakes. I’ll forfeit using the bank first party apps, if their websites are full featured.
100%, my bank thankfully doesn’t tick that box, but if it did I wouldn’t think twice about dropping the app. Freedom is more important.
There are many other “uncertified” ROMs.
And the bootloader is now locked down across Samsung’s ecosystem, as of this year. Sucks.
If you move to using an unsecured “chinaphone” as an alternative to the big three handset vendors, then it’s unlikely they are target devices for the myriad of uncertified ROM’s.
I think we are going to need software solutions that can run on major Androdis distributions across the variety of hardware.
I think we’re going to need something like UTM or Docker (virtualization or containerization) for running our unsigned Android apps and services, and I don’t know how feasible it will be.
Not following your logic here… With the mainstream devices now locked, “the myriad of uncertified ROMs” will necessarily shift to the remaining unlocked phones, or die out.
I think a viable future is owning two devices, one “certified” to access your banking and work apps, and one running GrapheneOS for your private life.
ROMs rarely work as one-size-fits-all-devices, yeah?
I only know of four smartphone categories of phones that are really available in the markets around the world today, en masse.
The big tentpole phones available from Samsung, Google, Moto, and maybe two other players.
Boutique devices from vendors like Nothing and Fairphone with limited reach to global markets (like, being Euro only, or being only distributed in markets that can buy into they ideology, etc). Nearly all of them prices or is MOST humans’ reach.
Chinaphones. A mix of fly-by-night brands with ghost shifts in factories that make many varieties of phones with other people’s designs, but have extremely limited first party support and probably zero ROM support from the global community … And then the handful of tech markings like Xiami, HTC, Huawei, and anyone else that bends the knee to the CCP. Virtually no NA market penetration in this decade, and tremendous barrier for entry, for most of the Western world. Also, security issues galore.
iPhones.
All that to say, I don’t think a more featured OS existed it’s the way forward, with people all jockeying to make new ROM’s for everyone to NOT be able to run on their phones.
I’m hopeful folks smarter than I will be able to come in about the potential for sandboxes in it phones with their own capacity for running unsigned apps, like a virtualization platform.
deleted by creator
I literally named two different phone models, and I think dismissing that people are often bound to what handsets are available to them is … Well, honestly just cruel.
Most of us don’t have the cash to throw down for phones all the time and we need scalability to protect ALL of us, not just those of us cash flush.
My fingers are still crossed folks figure out some containerization or virtualization solution between now and the Goo-lag.
It’s better to work a few hours to buy a good device than waste thousands searching for a fantasy solution. Phones are bought rarely, not ‘all the time’. If you can’t afford basics, fix the money problem first, privacy can wait.
“Job” is a precious commodity for many of us.
You understand that people who live in the developing world, and have hostile governments that will weaponize Meta/Google’s data and telemetry against them, ALSO deserve privacy and liberty with their devices too, right?
This is why I’m saying that being prescriptive about what hardware we use is not the end game.
It’s going to have to come from the software platform.
Do you live in the developing world? Is your government banning this phone? How can we help others if we can’t help ourselves?
I live in a country where the government is now weaponizing the mobile data on our phones to track us, and assault us. They have begun kidnapping citizens without due process and incarcerating people with legal status, without even filling charges.
These state agencies are buying tech that let’s them follow people around by their phones, and the leading mobile platform companies are openly complicit with governments that assault their people.
When you ask if I’m living in the developing world, I travel international a lot but my home country is experiencing rapid decline, and they have banned several categories of phone manufacturers, most famously Huawei consumer products. Ironically, because that company is suspected of doing the same things that Google is doing (granting access to back-end services and data to government entities).
So it’s really not about any one device.
The people affected by this state violence (a ) deserve privacy just like anyone else, and (b ) depend on their mobile devices for every part of their daily life just like everybody else.
Nobody can “help themselves” with a technology platform. It taken cooperation with others, to make systemic changes.
Again, I personally will be fine. I can buy a Chinaphone. Or I can fund a Linux project phone for myself. Or, gods help me, I could buy an iPhone.
But what about the people on the other end of the line? What good is one secure walkie talkie?
s22 and an s25, where’s the cooperation and systemic change there?
Even on GrapheneOS, sure it uses a sandboxed Google Play Store, which is obviously great for users, but the developers of Android apps still have to hand over their personal data to Google specifically as this new decree from the Lords of the Google fiefdom entails.
Because FOSS developers rightly value their personal privacy, this decree effectively kills incentive for FOSS developers to continue making and maintaining apps for Android. Running GrapheneOS doesn’t circumvent this.
It’s like I’m saying “I’m hungry” and you say “Go for a run, it’s healthy for you.” I mean… it’s true that running is healthy… but the act of running doesn’t solve the problem of me being hungry…
As I understand it the sandboxed google apps are entirely optional. You can go completely free with GrapheneOS just like with LineageOS.
Too, you can shove Google into its own separate User from everything else and keep it locked down in an always on VPN or the like. You don’t owe it the primary user on your phone. You can even keep that user shutdown such that none of it runs until you explicitly switch over and run it.
GrapheneOS is pretty dang impressive.
I use FOSS apps for everything, I only have one special user profile with google play store for my stupid bank and credit card.
For everything else there are alternatives that don’t need google play.
I think you’re missing the point. You say you use FOSS apps for everything. Do you download them from F-Droid?
From the article:
I get my apps through Obtainium. I usually find the developers pages where they publish source code and the apk and then add them to Obtainium and install from there and let it manage the updates.
Most of the apps I use are also available on f-droid and some probably have play store versions as well.
F-Droid libre software, self-hostable, unstoppable.
Wrong, sandboxed Google Play is not required.
deleted by creator
I don’t have time today
Ok, I’ll extend your deadline til Monday then. ;)