jonny (good kind)Sep 23, 2025
Fuck google pay, apple pay, any payment system linked to a phone. Fuck a cashless society. I needed to use google wallet for some event recently and couldn't because I'm running grapheneOS. Refuse to use this bull shit. The card processors are a cartel but they're nothing compared to Google owning all transaction data.
Show threadDaniel Evers
@jonny
I wonder if @GrapheneOS can do anything about that (I didn't think so).
Sep 24, 2025 at 1:38pmWeb
Show threadGrapheneOSSep 24, 2025
@dermojo @jonny We can't trick the Play Integrity API into permitting GrapheneOS in a way that will work over the long term. We're working on convincing more banking apps currently using the Play Integrity API to permit GrapheneOS. There has recently been success convincing several to support GrapheneOS via hardware attestation instead including Swissquote. 90% of banking apps work on GrapheneOS. More apps are gradually integrating Play Integrity API but more apps are also allowing GrapheneOS.
Show threadGrapheneOSSep 24, 2025
@dermojo @jonny The pace of apps integrating Play Integrity API checks to their services is currently faster than the pace of apps explicitly allowing GrapheneOS after doing that, so the trend is for the worse right now. Our hope is that governments will regulate the current Play Integrity API out of existence. It's highly anti-competitive and clearly serves no real security purpose. It's easy for attackers to spoof and doesn't even enforce having patches from 6 years ago in the main mode.
Show threadjonny (good kind)Sep 24, 2025
@GrapheneOS
@dermojo
Thanks for the info. I knew it would be a losing battle for y'all, and definitely purposely anticompetitive to lock alternative operating systems out. Appreciate what you do and the work it takes to keep up with google purposely nerfing the platform.
Show threadBucciaSep 24, 2025

@GrapheneOS Wondering if attackers running on an Android 13+ device can pretend to be running an older release so that the <=12 months ago patch level doesn't apply.

Would make that requirement since june 2025 useless as a downgrade attack is possible, correct?