cross-posted from: https://slrpnk.net/post/15995282

Real unfortunate news for GrapheneOS users as Revolut has decided to ban the use of ‘non-google’ approved OSes. This is currently being posted about and updated by GrahpeneOS over at Bluesky for those who want to follow it more closely.

Edit: had to change the title, originally it said Uber too but I cannot find back to the source of ether that’s true or not…

  • ouch@lemmy.world
    link
    fedilink
    arrow-up
    12
    ·
    7 days ago

    Google has ruined Android by closing it up.

    EU needs to step in and force Google to open it up.

    While at it, go for Apple’s monopoly as well.

  • floreana@poliverso.org
    link
    fedilink
    arrow-up
    3
    ·
    6 days ago

    @Sunny
    Gatekeeprs of wealth sticking together against the ambition for freedom of poorer people?
    Oh, color me surprised. 🙄

    (I want to de-Google step by step, thanks for the heads up).

  • HiddenLayer555@lemmy.ml
    link
    fedilink
    English
    arrow-up
    343
    ·
    edit-2
    9 days ago

    This makes me want to use GrapheneOS more. If the dataminers don’t want you to use it then it must be doing something right.

      • Realitaetsverlust@lemmy.zip
        link
        fedilink
        English
        arrow-up
        65
        ·
        9 days ago

        It’s only officially supported on google phones because sadly those are the only ones that are not modified to fuck which makes installing and supporting other OS’es way too much work.

        Giving google money once for a device is not a problem from a privacy or security standpoint.

        • Samsy@lemmy.ml
          link
          fedilink
          arrow-up
          28
          ·
          9 days ago

          That’s correct, but not the reason grapheneOS chooses only pixel phones. It’s the level of hardware security features.

          • XTL@sopuli.xyz
            link
            fedilink
            arrow-up
            10
            arrow-down
            1
            ·
            8 days ago

            Also unlockable and presumably has well working builds. It’s not just graphene, but just about every Android project it there that’s best supported on pixels. Other manufacturers have a crazy variety of locking schemes and required tools. Each one is a nightmare to support.

            • orange@communick.news
              link
              fedilink
              arrow-up
              14
              ·
              8 days ago

              For GrapheneOS, it’s primarily that it’s re-lockable. That’s why other unlockable phones aren’t supported.

              The GrapheneOS install process sets new OS signing keys so you can lock the phone again and get full verified boot. However, most manufacturers haven’t implemented this feature.

              • fuzzzerd@programming.dev
                link
                fedilink
                English
                arrow-up
                1
                ·
                8 days ago

                What do you get, app/feature wise for verified boot vs. Play integrity app? Does it increase the amount of apps that work on it?

                • orange@communick.news
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  5 days ago

                  No, Play Integrity intentionally checks if it’s a Google-approved key. Android itself has an API to check verified boot and gives info on the signing key - most devs just want to know verified boot is working.

                  I feel Play Integrity has a short life ahead of if competition authorities realise how exactly it works. “Anti-competitive” is the first thing policy-minded folks think when I explain the API to them.

                • lad@programming.dev
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  8 days ago

                  I would guess that it allows to detect tampering if you have to give your phone to the security officers and they do or don’t do something with it without you present. I heard of such occurrences on the border, but this happens in other places and countries, too. Not sure if locked bootloader would help, though

        • Irelephant@lemm.ee
          link
          fedilink
          arrow-up
          3
          ·
          8 days ago

          In the EU almost every phone has an unlockable bootloader, there just isn’t any roms or custom recoveries for a lot of them.

        • HiddenLayer555@lemmy.ml
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          2
          ·
          edit-2
          8 days ago

          Wish they’d at least support Fairphone.

          If Graphene reached out to them I bet Fairphone would even actively work with them to make it an official OS option.

          • ryannathans@aussie.zone
            link
            fedilink
            arrow-up
            5
            arrow-down
            22
            ·
            edit-2
            9 days ago

            Someone installing graphene os for security shouldn’t be trusting random second/third/etc hand hardware lol

              • XTL@sopuli.xyz
                link
                fedilink
                arrow-up
                9
                arrow-down
                1
                ·
                8 days ago

                Hypothetically the hardware could have been modified, but that would take some insane level of a determined attacker to be fabricating modified pixels just to sell them on the used market.

                • Anivia@feddit.org
                  link
                  fedilink
                  arrow-up
                  7
                  ·
                  8 days ago

                  Yes, this would only be a concern for targeted attacks by state actors, in which case not even buying new would be safe.

                  Thinking about it, in such a scenario buying used may even be safer

                • OrganicMustard@lemmy.world
                  link
                  fedilink
                  arrow-up
                  3
                  ·
                  8 days ago

                  It also comes with a hardware auditor, although you need another trusted graphene phone to use it. I don’t know about the details, but sounds very hard to mess with it.

                • Venia Silente@lemm.ee
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  arrow-down
                  1
                  ·
                  7 days ago

                  Nothing too hypothetical nor an “insane” level of work. Didn’t Israel do just that with some beepers to blow up children?

            • Auli@lemmy.ca
              link
              fedilink
              English
              arrow-up
              7
              ·
              8 days ago

              Shouldn’t trust anything then. They could intercept your new phone and modify it. They did it for switches. But your not worth it for “them”.

        • 50MYT@aussie.zone
          link
          fedilink
          arrow-up
          11
          arrow-down
          4
          ·
          edit-2
          8 days ago

          Your options are:

          Apple phone

          Bloated android phone like Samsung etc.

          Chinese android phone (xiami etc)

          Google phone with Android

          Google phone with graphene. This still looks like the best of those options.

          Or no phone? I guess people are hardcore enough that will be the option.

          Edit: I stand corrected.

            • Killercat103@slrpnk.net
              link
              fedilink
              arrow-up
              4
              ·
              edit-2
              9 days ago

              Is swiftphone its own thing or did you mean shiftphone? I kinda want the shiftphone 8 myself even if they only ship to neighboring countries of mine.

            • Andromxda 🇺🇦🇵🇸🇹🇼@lemmy.dbzer0.com
              link
              fedilink
              English
              arrow-up
              2
              arrow-down
              1
              ·
              edit-2
              7 days ago

              All of these are insecure as hell. Linux phones especially https://madaidans-insecurities.github.io/linux-phones.html

              Fairphone also really fucked up: They signed their own OS with the publicly available (!) AOSP test signing keys. These guys really don’t know that they’re doing, and I would trust their hardware or software whatsoever. And no, installing a custom ROM doesn’t solve this. Considering how bad their security practices are, we genuinely have to assume that there are security issues with the device firmware as well.

              /e/OS is based on the already insecure LineageOS, and it weakens the security further, so it’s not a good option either.

              None of the options you mentioned can be compared to GrapheneOS. It’s currently the best option if you value your privacy and security. You don’t have to give Google money either, since you can just buy a used device, which is also cheaper and more environmentally friendly. Google also makes repairing their devices pretty easy for consumers and even works with iFixit. Here’s a Mastodon post I recently saw about that: https://social.linux.pizza/@midtsveen/113630773097519792

              • Venia Silente@lemm.ee
                link
                fedilink
                English
                arrow-up
                1
                ·
                7 days ago

                An used Pixel, assuming I can find one in my country, still costs four (4) times what I need to shell out for a in-market Lineage compatible phone.

                Theoretical security is cute, but it has to be adjusted to practical feasibility. The most secure computer in the world is useless to you if you can’t boot it up.

                • Andromxda 🇺🇦🇵🇸🇹🇼@lemmy.dbzer0.com
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  edit-2
                  5 days ago

                  Security-wise you’re better off using whatever OS comes with your device (as long as it gets updates) than downgrading to LineageOS. At least most smartphone vendors (except for Fairphone) manage to ship their Stock OS with a locked bootloader and somewhat working Verified Boot.

            • SeekPie@lemm.ee
              link
              fedilink
              arrow-up
              4
              ·
              8 days ago

              I don’t think LOS has any privacy/security improvements over the stock android?

              (IIRC) it’s even worse than stock because you can’t lock the bootloader after installation.

              Though if your phone isn’t getting official updates, it’s probably safer with LOS.

          • zerozaku@lemmy.world
            link
            fedilink
            English
            arrow-up
            4
            arrow-down
            1
            ·
            9 days ago

            Xiaomi has the biggest custom ROM scene out there btw despite them trying their hardest to stop bootloader unlocking. You really don’t need to have a company supporting unlocking to make ROMs for them. If they outright block it then that’s an issue.

              • DoeJohn@lemmy.world
                link
                fedilink
                arrow-up
                1
                ·
                6 days ago

                My friend just got a new Xiaomi phone. He tried unlocking it a few days ago and got “try again in 168 hours”. That happened in Europe. It’s an absolute mess nowadays, I remember when they started blocking you from unlocking the bootloader. First you had to wait 24 hours, then 3 days, now it’s an entire week. You also need to make sure you’re logged into your Mi Account on both phone and PC and do even more weird fuckery to ensure the process actually go through. Meanwhile, on GOOGLE Pixel devices you just type one command after you enable oem unlocking in settings and reboot into fastboot mode. Crazy.

    • m-p{3}@lemmy.ca
      link
      fedilink
      arrow-up
      130
      arrow-down
      1
      ·
      9 days ago

      On the other hand, it makes it easy to find which apps aren’t to be trusted with your data.

      • themurphy@lemmy.ml
        link
        fedilink
        arrow-up
        62
        ·
        9 days ago

        Also very obvious when an app or website have an US and an EU version. You just know they buttfuck the Americans because no rules.

        Even Apple had to make two versions of iOS.

    • dutchkimble@lemy.lol
      link
      fedilink
      arrow-up
      5
      ·
      8 days ago

      Maybe graphene will find a way into duping those apps to think you have a regular android phone?

    • Avid Amoeba@lemmy.ca
      link
      fedilink
      arrow-up
      1
      ·
      8 days ago

      Err, you could firewall an app from your data in Private Space or Shelter for older Android versions. That should work on any Android device.

  • AstralPath@lemmy.ca
    link
    fedilink
    arrow-up
    101
    arrow-down
    1
    ·
    9 days ago

    Fuck both of these companies. Never used McDicks app in the first place. Spyware bullshit.

    • 4lan@lemmy.world
      link
      fedilink
      arrow-up
      6
      ·
      edit-2
      7 days ago

      It’s crazy how they can just do illegal things because they have so much money…

      Do I own my phone or not??

        • theroff@aussie.zone
          link
          fedilink
          arrow-up
          3
          ·
          6 days ago

          Graphene shills have been banging on this point for donkey’s ages. Reality is that many people use phones that are out of OEM support and many OEM ROMs are bundled with questionable software (Oppo, Samsung etc.) There are some decent criticisms to be made about LineageOS, but others to be made about Grapheme, like its Google-suggestive configurations, which is quite bad for security and privacy. Graphene says this is all optional and not part of the OS, but doesn’t include any equivalent F-Droid installer.

          • DoeJohn@lemmy.world
            link
            fedilink
            arrow-up
            2
            ·
            6 days ago

            Yeah. As much as I love GrapheneOS and all the security work, sometimes I feel like their “ideal” setup is to just install GrapheneOS on the latest Pixel phone and use only the 5 or so built in apps, as everything else is insecure, brings additional code baggage and can introduce flaws. I don’t think anyone can live like that.

    • Wilmo Bones@lemmy.world
      link
      fedilink
      English
      arrow-up
      55
      ·
      9 days ago

      Right people who install various apps like McDonalds apps etc, are these even typical to GrapheneOS users? I’d think most would avoid superfluous data stealing apps.

      • HereIAm@lemmy.world
        link
        fedilink
        arrow-up
        16
        ·
        9 days ago

        I’ve been thinking of switching the GrapheneOS. I certainly enjoy my privacy, and are taking steps to move to sources that don’t harvest my data. Outside of YouTube and android I’ve completely degoogled myself, even replaced Maps with magic earth and OsmAnd. I even swapped full time to linux a handful of months ago as a gamer with a VR interest. But I’m not so hardcore to not use any service that might sell my data. I still use vanilla firefox, food ordering apps, and discord for example. So while I’m not someone who goes to extreme lengths to protect my data, moving over to GrapheneOS doesn’t seem like a huge inconvenience compared to the gains you get.

    • Sips'@slrpnk.netOP
      link
      fedilink
      arrow-up
      7
      ·
      8 days ago

      Sorry but it seems I might have been mistaken by calling out Uber on this one. Thought i read about Uber during this but I cant find back to it. Have changed the title.

    • jagged_circle@feddit.nl
      link
      fedilink
      English
      arrow-up
      1
      ·
      9 days ago

      What do you mean webapp? Isn’t the app that you install a webapp? And isn’t a website not an app because you dont install it?

      • seang96@spgrn.com
        link
        fedilink
        arrow-up
        6
        ·
        8 days ago

        PWA - Portable Web App, Apple was going to make this the primary way to run apps but then decided an app store and private stuff was more profit and their support for it tends to be on the suckier side, but has gotten better over the years. You install a PWA in your browser by either “Install” or “Add to home screen” or something like that depending on browser and device being used.

        • jagged_circle@feddit.nl
          link
          fedilink
          English
          arrow-up
          1
          ·
          8 days ago

          Apparently not. I guess some apps you install in the browser. Which is an important distinction, if they’re using the word correctly

          • bitwolf@lemmy.one
            link
            fedilink
            arrow-up
            2
            ·
            edit-2
            8 days ago

            Yes both are PWA capable. However I stand corrected. The McDonalds webapp now redirects you to the play store when you try to order.

            Guess they don’t want me as a customer. (Not that I’d eat McDonalds anyway).

            riders.uber.com is fully functional though, I use it often

  • zako@lemmy.world
    link
    fedilink
    arrow-up
    76
    arrow-down
    2
    ·
    9 days ago

    the problem here is not the banks or apps, the problem is Google Play Integrity API, which is supposed to enforce to run apps in secured phones and it is used to ban secured ROMs such as GrapheneOS and it allows to run apps on outdated phones without security patches.

    • kevincox@lemmy.ml
      link
      fedilink
      arrow-up
      125
      arrow-down
      3
      ·
      9 days ago

      which is supposed to enforce to run apps in secured phones

      The point of the Google Play Integrity API is to ensure that the user is not in control of their phone, but that one of a small number of megacorps are in control.

      Can the user pull their data out of apps? Not acceptable. Can the user access the app file itself? Not acceptable. Can the user modify apps? Not acceptable.

      Basically it ensures that the user has no control over their own computing.

      • umami_wasabi@lemmy.ml
        link
        fedilink
        arrow-up
        26
        ·
        edit-2
        9 days ago

        It’s simply the “secure” isn’t meant for users but the cooperations. Make it “secure” to their busibess.

        • NotMyOldRedditName@lemmy.world
          link
          fedilink
          arrow-up
          1
          arrow-down
          9
          ·
          edit-2
          9 days ago

          It’s used to help secure the businesses app yes. It helps with things like preventing resource abuse which would cost the company money. E.g. querying mass amounts of data on a loop to increase the companies bill.

      • zako@lemmy.world
        link
        fedilink
        arrow-up
        4
        ·
        9 days ago

        If you install GrapheneOS, you do not need root, so GrapheneOS is in control of the phone not the user. The key here is if GrapheneOS is secure enough to be certified by Google Play Integrity API. is it security or other issue? perhaps Google is not supporter of FOSS ROMs, perhaps it is not fun of how GrapheneOS removes permissions to Google Apps, …

        If it is not security, this is a kind of monopoly to control which ROMs are allowed to run apps.

      • Anivia@feddit.org
        link
        fedilink
        arrow-up
        1
        ·
        8 days ago

        Can the user access the app file itself? Not acceptable

        This is possible on any Android phone, no root or custom rom required

    • jagged_circle@feddit.nl
      link
      fedilink
      English
      arrow-up
      6
      ·
      edit-2
      9 days ago

      Oh, the banks and regulators are to blame. Especially in Europe.

      Find me a PSD2 bank bank that doesn’t require a phone number

        • boonhet@lemm.ee
          link
          fedilink
          arrow-up
          4
          arrow-down
          3
          ·
          8 days ago

          So the Play Integrity API is literally why I moved to iOS. My bank apps didn’t work with Lineage and the stock OnePlus ROM just sucked ass after the ColorOS or whatever update. I figured I might as well go iOS if I can’t have a custom ROM anyway, and so far it has indeed been a much nicer experience than stock Android. If you can’t TRULY customize everything, might as well at least get stability and consistency out of it, right? Plus at the time, there wasn’t a single Android OEM out there with truly long OS update support.

          Anyway, if this succeeds and custom ROMs are considered to have sound integrity, I might just move back to Android. Graphene seems cool, I haven’t tried it yet because I’ve never owned a Pixel.

          • jagged_circle@feddit.nl
            link
            fedilink
            English
            arrow-up
            5
            ·
            edit-2
            8 days ago

            How would iOS be better? There is no blob-free, secure version on their devices at all. Right?

            • boonhet@lemm.ee
              link
              fedilink
              arrow-up
              1
              ·
              8 days ago

              It’s not for privacy. But without access to custom ROMs, Android is shit.

                • boonhet@lemm.ee
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  8 days ago

                  Sure, but my point was if you can’t even use ROMs because then you lose access to your bank (and now McD apparently), there’s much less reason to use Android - certainly was so 2.5 years ago when they were mostly all promising 2-3 years of support for flagship devices and Apple had a track record of 6-7 years.

  • Anivia@feddit.org
    link
    fedilink
    arrow-up
    58
    ·
    8 days ago

    Time to switch away from Auth I guess. Not even using GrapheneOS cause I have a Samsung phone, but this is not acceptable

  • penquin@lemm.ee
    link
    fedilink
    arrow-up
    54
    ·
    9 days ago

    Webapps everything you can like I do with Firefox and ublock origin. Fuck these assholes.

  • AlecSadler@sh.itjust.works
    link
    fedilink
    arrow-up
    47
    ·
    9 days ago

    This surprises me because McDonald’s app is hands down the worst app I’ve ever encountered in the history of all Android apps.

    It’s is sluggish, ignores touches/taps half the time, doesn’t adhere to Android best practices for flow, crashes a lot, errors a lot, etc.

    But OK McDonald’s. Fuck off.

    • ililiililiililiilili@lemm.ee
      link
      fedilink
      arrow-up
      4
      ·
      8 days ago

      I can add that it requires location permission (even when you attempt to search manually with zip or city). What a shitty, dystopian timeline we are experiencing when we’re mandated to run privacy invasive spyware, just to get a fucking discount on nugs.

  • BigDanishGuy@sh.itjust.works
    link
    fedilink
    arrow-up
    52
    arrow-down
    7
    ·
    9 days ago

    OK McDonald’s, I will not use your most cost effective ordering method. I guess I will just have to order my 10 individually custom cheeseburgers at the counter instead. I might have to have e the order read back, and change my mind about a few burgers.

    • Railcar8095@lemm.ee
      link
      fedilink
      arrow-up
      111
      arrow-down
      1
      ·
      8 days ago

      As a former employee… That does nothing. Crazies that spend 15 min to order some fries were common.

      If you go at rush hour it can be annoying to the employee and other customers, but at the end of the day nobody will remember and you would have spent 20 min and 10 dollars (which is 9 dollars material profit for MacDonald).

      Just. Don’t. Go. To. Macdonald’s.

    • purplemonkeymad@programming.dev
      link
      fedilink
      arrow-up
      6
      ·
      9 days ago

      I don’t know about other places but they haven’t had a counter for years round here. They have big screens that you go up to to order and pay, then you get a number and pick it up when called. Even if you wanted to do this, no one is going to listen to you trying to order at the kitchen.

      • boonhet@lemm.ee
        link
        fedilink
        arrow-up
        2
        ·
        9 days ago

        Entirely different country, but they still have a counter in addition to the screens; the counter is for when you want to pay cash

    • bountygiver [any]@lemmy.ml
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      2
      ·
      9 days ago

      that’s just screwing with the workers though, and the workers sure as hell is not going to get paid extra for your custom order

      • Woht24@lemmy.world
        link
        fedilink
        arrow-up
        13
        arrow-down
        5
        ·
        9 days ago

        This viewpoint is so stupid.

        The cashier is paid to take orders, whether they take 1 long obnoxious order or 3 small orders, it’s the same shit.

        People are so swept up in ‘kindness and support’ (internet circlejerking), they think that the fact you inconvenienced some 17 year old, representing a massive corporation, as a fuck you to the company that employs them, you’ve committed some moral sin against your fellow man.

        • neomachino@lemmy.dbzer0.com
          link
          fedilink
          arrow-up
          8
          ·
          9 days ago

          That worker doesn’t want to be there, that’s likely one of 3 jobs they need to barely scrape by.

          You holding them up from doing other tasks they need to do to keep a job that barely feeds them is doing nothing but making their day a little harder. It affects the company 0%. The company is faceless and doesn’t care how much you abuse the worker bees as long as they get your money.

          I don’t know what the answer is aside from not patronizing the company at all, but I know that’s not it.

          • Lag@lemmy.world
            link
            fedilink
            arrow-up
            5
            arrow-down
            1
            ·
            9 days ago

            If the company is always too busy, they will need to hire more workers or the existing ones will leave.

            • neomachino@lemmy.dbzer0.com
              link
              fedilink
              arrow-up
              3
              ·
              8 days ago

              I highly doubt it, if the store is too busy they’ll likely either do nothing because why would they or if it’s really bad add some robots who can handle the workload so they can get rid of those pesky employees.

              In the past few years almost all of the fast food places in the closest plaza to me have been working on a skeleton crew. Lines wrapped around the building, 2 miserable employees, upset customers, but the money is still coming in.

              Most people can’t just leave their job, even a days wage can crush a lot of people.

          • UnderpantsWeevil@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            8 days ago

            The company is faceless and doesn’t care how much you abuse the worker bees as long as they get your money.

            Hey now, sometimes the company employs security that’s extremely bored, incredibly racist, and looking for a low income punching bag to hassle.

            • neomachino@lemmy.dbzer0.com
              link
              fedilink
              arrow-up
              1
              ·
              8 days ago

              Ahh how could I forget about the bored, racist, wannabe cops with nothing better to do. The perfect face to any modern company.

        • GHiLA@sh.itjust.works
          link
          fedilink
          arrow-up
          2
          arrow-down
          7
          ·
          8 days ago

          the cashier

          Who is also the manager, making drinks, doing the fries because that bitch called in sick…

            • PrettyFlyForAFatGuy@feddit.uk
              link
              fedilink
              arrow-up
              1
              ·
              7 days ago

              depends on the situation. otherwise good employee who rarely if ever is sick and works hard calls in about being unable to work? absolutely fine

              Person who i know knows exactly how many days a year over how many periods of absence it will take before HR get involved using it as a second pool of paid holiday days and leaving us high and dry to deal with the things she’s paid to help the team with then yeah, bitch

              her name was karen too…

              • Dragon Rider (drag)@lemmy.nz
                link
                fedilink
                English
                arrow-up
                1
                arrow-down
                1
                ·
                7 days ago

                Person who i know knows exactly how many days a year over how many periods of absence it will take before HR get involved using it as a second pool of paid holiday days

                This is a dick move if you don’t tell your coworkers how to exploit the loophole too, and a heroic act if you do.