cross-posted from: https://slrpnk.net/post/15995282
Real unfortunate news for GrapheneOS users as Revolut has decided to ban the use of ‘non-google’ approved OSes. This is currently being posted about and updated by GrahpeneOS over at Bluesky for those who want to follow it more closely.
Edit: had to change the title, originally it said Uber too but I cannot find back to the source of ether that’s true or not…
Too bad it only runs on Google’s phones…
Right? Have to pay google for the privilege
You can always buy a second hand one
Someone installing graphene os for security shouldn’t be trusting random second/third/etc hand hardware lol
There is absolutely no problem with that. The phone is wiped and encrypted when you flash graphene, and it does an integrity check every time it boots.
Hypothetically the hardware could have been modified, but that would take some insane level of a determined attacker to be fabricating modified pixels just to sell them on the used market.
Yes, this would only be a concern for targeted attacks by state actors, in which case not even buying new would be safe.
Thinking about it, in such a scenario buying used may even be safer
It’s only officially supported on google phones because sadly those are the only ones that are not modified to fuck which makes installing and supporting other OS’es way too much work.
Giving google money once for a device is not a problem from a privacy or security standpoint.
That’s correct, but not the reason grapheneOS chooses only pixel phones. It’s the level of hardware security features.
Also unlockable and presumably has well working builds. It’s not just graphene, but just about every Android project it there that’s best supported on pixels. Other manufacturers have a crazy variety of locking schemes and required tools. Each one is a nightmare to support.
For GrapheneOS, it’s primarily that it’s re-lockable. That’s why other unlockable phones aren’t supported.
The GrapheneOS install process sets new OS signing keys so you can lock the phone again and get full verified boot. However, most manufacturers haven’t implemented this feature.
What do you get, app/feature wise for verified boot vs. Play integrity app? Does it increase the amount of apps that work on it?
No, Play Integrity intentionally checks if it’s a Google-approved key. Android itself has an API to check verified boot and gives info on the signing key - most devs just want to know verified boot is working.
I feel Play Integrity has a short life ahead of if competition authorities realise how exactly it works. “Anti-competitive” is the first thing policy-minded folks think when I explain the API to them.