this post was submitted on 09 Dec 2024
771 points (99.7% liked)

Privacy

32400 readers
149 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz
771
Revolut, McDonald's, and Authy have banned the use of GrapheneOS. (grapheneos.org)
submitted 1 week ago* (last edited 1 week ago) by Sunny@slrpnk.net to c/privacy@lemmy.ml
331 comments fedilink hide all child comments
 

cross-posted from: https://slrpnk.net/post/15995282

Real unfortunate news for GrapheneOS users as Revolut has decided to ban the use of 'non-google' approved OSes. This is currently being posted about and updated by GrahpeneOS over at Bluesky for those who want to follow it more closely.

Edit: had to change the title, originally it said Uber too but I cannot find back to the source of ether that's true or not..

(page 2) 50 comments
sorted by: hot top controversial new old
[–] AnEilifintChorcra@sopuli.xyz 28 points 1 week ago (3 children)

Lol I spent a week going back and forth with Revolut support in august. I could sign into the app but it would always ask me for a "selfie" verification and every time support would say its a super dark selfie.

Eventually I decided to try a stock ROM and it just worked and I realised what was happening so I transferred all of my money out and deleted my account.

Most local banks here are terrible at making apps, some even require a separate device that looks like a calculator to use online banking, so hopefully they wont follow suit anytime soon

[–] kevincox@lemmy.ml 19 points 1 week ago (2 children)

require a separate device that looks like a calculator to use online banking

To be fair this actually provides a very high level of security? At least in my experience with AIB (in Ireland) you needed to enter the amount of the transactions and some other core details (maybe part of the recipient's account number? can't quite recall). Then you entered your PIN. This signed the transaction which provides very strong verification that you (via the PIN) authorize the specific transaction via a trusted device that is very unlikely to be compromised (unless you give someone physical access to it).

It is obviously quite inconvenient. But provides a huge level of security. Unlike this Safety Net crap which is currently quite easy to bypass.

[–] Aceticon@lemmy.dbzer0.com 10 points 1 week ago* (last edited 1 week ago) (9 children)

Those little boxes are just a bit of hardware to let the smartchip on the smartcard do what's called challenge-response authentication (in simple terms: get big long number, encode it with the key inside the smartchip, send encoded number out).

(Note that there are variants of the process were things like the amount of a transfer is added by the user to the input "big long number").

That mechanism is the safest authentication method of all because the authentication key inside the smartchip in the bank card never leaves it and even the user PIN never gets provided to anything but that smartchip.

That means it can't be eavesdropped over the network, nor can it be captured in the user's PC (for example by a keylogger), so even people who execute files received on their e-mails or install any random software from the Internet on their PCs are safe from having their bank account authentication data captured by an attacker.

The far more common ~~two-way-authentication~~ edit: two-channel-authentication, aka two-factor-autentication (log in with a password, then get a number via SMS and enter it on the website to finalize authentication), whilst more secure that just username+password isn't anywhere as safe as the method described above since GSM has security weaknesses and there are ways to redirected SMS messages to other devices.

(Source: amongst other things I worked in Smart Card Issuance software some years ago).

It's funny that the original poster of this thread actually refuses to work with some banks because of them having the best and most secure bank access authentication in the industry, as it's slightly inconvenient. Just another example of how, as it's said in that domain, "users are the weakest link in IT Security".

load more comments (9 replies)
load more comments (1 replies)
load more comments (2 replies)
[–] VeganCheesecake@lemmy.blahaj.zone 27 points 1 week ago

Banks seem to be hit or miss, happy that mine works. Would rather switch Banks than use a stock Rom, though.

All the Uber stuff works in Browser, both eats and their fake taxi stuff.

Not having a subtle reminder to eat at McDonald's is probably better for you.

Honestly, if your app could be a website, and includes services not on your website, fuck you, I'm gonna go to the competition.

[–] taanegl@lemmy.ml 27 points 1 week ago (2 children)

So, uh, the next version of GrapheneOS will probably come with some Android OS version spoofing tech that solves this - if there isn't something on F-Droid already.

[–] Sunny@slrpnk.net 13 points 1 week ago (2 children)

No it won't. Or at least they said on BlueSky that if there had been a work around for this they would have solved it already.

load more comments (2 replies)
load more comments (1 replies)
[–] uriel238@lemmy.blahaj.zone 26 points 1 week ago (1 children)

Can Graphene add a feature to run in emulation mode to allow apps to believe it's on an unrestricted OS?

[–] mikey@sh.itjust.works 16 points 1 week ago

Unfortunately, this is probably because of the apps started using the Play Integrity API, which is a hardware-based attestation and can only be faked in two ways that GrapheneOS isn't interested in:

  • you can fake an older device that didn't support hardware attestation yet, or had a broken implementation
  • or you can try getting leaked vendor keys and emulate the crypto with those until they get revoked
[–] yoshisaur@lemm.ee 26 points 1 week ago (7 children)

man, and i was gonna switch to graphene this christmas. if every app can just ban my OS, i might have to rethink this. i would use the website but they restrict so many things to apps now…

[–] Im_old@lemmy.world 20 points 1 week ago (5 children)

I was about to switch bank because for a few days my current one (inadvertently) blocked it on grapheneOS. We sent them a few emails and they fixed in less than a week.

load more comments (5 replies)
[–] Sunny@slrpnk.net 14 points 1 week ago (1 children)

TBF, this is the first time I've encountered an app not working - and it was before this. It's just because of Google push towards monopoly via their Play Integrity API that's ruining this.

[–] RobotToaster@mander.xyz 16 points 1 week ago

play "integrity" should be considered malware, any program that deliberately does something the user doesn't want it to should.

load more comments (5 replies)
[–] Roopappy@lemmy.world 25 points 1 week ago (2 children)

Why would anyone load an app from McDonalds? You want to give them elevated access to your most personal data for a few dollars of coupons?

What are they taking from you that's worth more than the discounts they are giving you? Because they are definitely making a profit, or they wouldn't be doing it.

[–] Sunny@slrpnk.net 13 points 1 week ago (9 children)

We are definitely in the era where people think discounts before user privacy. I bet most of people downloading the Mcdonald app do it exactly because of cheeper prices and easy of access.

load more comments (9 replies)
load more comments (1 replies)
[–] shortwavesurfer@lemmy.zip 24 points 1 week ago (2 children)

Use the websites whenever you can. That's what I do at least. Although I had to stop using Lyft entirely, because they stopped supporting rides from their website apparently. And that leaves just Uber. I actually left my bank for a similar reason. It supported my phone just fine, and it worked without Google Play Services, but the website wouldn't let me do everything that the app would, and the app required that I have Aurora Store to download their banking app from the Google Play Store, and I wanted to get away from that, so I switched banks so that I could use the bank website instead. From what I can tell, you run into this kind of stuff a lot with FinTech apps. But if you use older banks, like Discover or Wells Fargo or things like that, they tend to work better. Maybe because they're not up with the newest technology, LOL.

[–] Sunny@slrpnk.net 15 points 1 week ago (2 children)

Yeah Revolut is also the kinda app that is almost only a mobile app, not much you can do with their website, last i checked.

load more comments (2 replies)
load more comments (1 replies)
[–] blind3rdeye@lemm.ee 21 points 1 week ago (1 children)

This sounds like an antitrust legal problem...

load more comments (1 replies)
[–] Realitaetsverlust@lemmy.zip 18 points 1 week ago* (last edited 1 week ago) (10 children)

Well that's bad. I've been using revolut for years now.

Does anyone have a suggestion for a new bank that's operating under european law?

load more comments (10 replies)
[–] drmoose@lemmy.world 18 points 1 week ago (7 children)

Authy has been utter garbage for a long time and if you ever needed a reason to migrate away then now is as good as ever.

load more comments (7 replies)
[–] LambdaRX@sh.itjust.works 15 points 1 week ago

Their loss.

[–] butsbutts@lemmy.ml 15 points 1 week ago (2 children)

fuk em keep using it

load more comments (2 replies)
[–] Churbleyimyam@lemm.ee 14 points 1 week ago (1 children)

If a business makes it too difficult to use them I just use someone else. I'm sure they understand that but are making a killing at the expense of other people.

load more comments (1 replies)
[–] obbeel@lemmy.eco.br 14 points 1 week ago (9 children)

Well, Google is known for destroying its opposition.

load more comments (9 replies)
[–] SnotBubble@lemmy.ml 13 points 1 week ago (1 children)

Would not updating Revolut keep the app compatible as long as you don't sign out?

If so, don't update the app and write down the build number of the last app version which worked on GrapheneOS. That way you would have a bit more time to sort things out.

[–] Andrew@mnstdn.monster 13 points 1 week ago (2 children)

They constantly force you to update or the app won't work. I was already having issues with Revolut on GrapheneOS so I just closed my account and switched to Wise. The Revolut app was a bloated mess anyway.

load more comments (2 replies)
[–] ouch@lemmy.world 12 points 1 week ago

Google has ruined Android by closing it up.

EU needs to step in and force Google to open it up.

While at it, go for Apple's monopoly as well.

[–] Droggelbecher@lemmy.world 11 points 1 week ago (11 children)

I haven't switched my phone yet, but will do so soon. Does anyone have experience with compatibility layers on phone, akin to wine? I unfortunately cannot go without my public transport apps, and they're android or IOS only. I've looking into postmarket OS, but open for suggestions.

load more comments (11 replies)
load more comments
view more: ‹ prev next ›