Zum Inhalt der Seite gehen

mastodon - Link zum Originalbeitrag
Revolut is specifically banning GrapheneOS by checking for the build machine hostname and username being set to grapheneos. We've changed these to build-host and build-user. Combined with another change, this allow our users to log in to it again until they roll out Play Integrity API enforcement.

teilten dies erneut

Als Antwort auf GrapheneOS

GrapheneOS
mastodon - Link zum Originalbeitrag
GrapheneOS
There's no legitimate excuse for banning using a much more private and secure operating system while permitting devices with no security patches for a decade. Meanwhile, Revolut's shoddily made app tells users they're banning GrapheneOS because they're "serious about keeping your data secure".
Als Antwort auf GrapheneOS

GrapheneOS
mastodon - Link zum Originalbeitrag
GrapheneOS
Revolut's app will stop working against once they start enforcing having a Play Integrity API result showing it's a Google certified device. This is not a security feature but rather anti-competitive behavior from Google deployed by apps like Revolut wanting to pretend they care about security.

teilten dies erneut

Als Antwort auf GrapheneOS

GrapheneOS
mastodon - Link zum Originalbeitrag
GrapheneOS
Revolut uses a bunch of shady closed source third party libraries in their app and it's one of these libraries banning GrapheneOS. These libraries are a major security risk and put user data at risk of being compromised. Revolut is not taking user security seriously at all and is cutting corners.

teilten dies erneut

Als Antwort auf GrapheneOS

GrapheneOS
mastodon - Link zum Originalbeitrag
GrapheneOS
There's no legitimate reason for any app to ban GrapheneOS users. It has the full standard security model and massive security improvements. There's no logic in banning GrapheneOS. It makes no sense for them to ban anything when they permit a device with no patches for 10 years. It's performative.

teilten dies erneut

Als Antwort auf GrapheneOS

GrapheneOS
mastodon - Link zum Originalbeitrag
GrapheneOS
GrapheneOS fully supports standard Android hardware attestation for verifying the hardware, firmware and operating system along with the app that's using it. See grapheneos.org/articles/attest…. If apps insist on checking device integrity, that's the only way they should do it.

GrapheneOS attestation compatibility guide

Guide on using remote attestation in a way that's compatible with GrapheneOS.
GrapheneOS
Als Antwort auf GrapheneOS

GrapheneOS
mastodon - Link zum Originalbeitrag
GrapheneOS
Play Integrity API checks that Google's monopolies are supported through devices licensing Google Mobile Services and integrating their browser, search engine, advertising, etc. It's anti-competitive and clearly illegal. Multiple governments are taking regulatory action and are in contact with us.
Als Antwort auf GrapheneOS

GrapheneOS
mastodon - Link zum Originalbeitrag
GrapheneOS
Revolut insecurely checks the ro.boot.verifiedbootstate property and forbids it being yellow, which means a locked device with an aftermarket OS that's being cryptographically verified by the firmware. They permit it being orange, which means an unlocked device with any OS.
Als Antwort auf GrapheneOS

GrapheneOS
mastodon - Link zum Originalbeitrag
GrapheneOS
They're specifically banning having a device that's locked with an aftermarket OS rather than banning having an unlocked device or an aftermarket OS in general. Similarly, they're specifically banning the value `grapheneos` for ro.build/.user/ro.build.host.
Als Antwort auf GrapheneOS

GrapheneOS
mastodon - Link zum Originalbeitrag
GrapheneOS
Both of these things and other similar insecure, useless checks are being done by several different SDKs. Revolut's app is full of sketchy, insecure third party libraries. They certainly don't take security seriously as they claim in their message about banning GrapheneOS.
Als Antwort auf GrapheneOS

GrapheneOS
mastodon - Link zum Originalbeitrag
GrapheneOS
We've fixed both of the ways they're banning GrapheneOS for our next release. Since third party SDKs are what's being used to do it, our hope is that this fixes a few other poorly written banking/financial apps doing similar stuff to ban aftermarket operating systems.
Als Antwort auf GrapheneOS

Kevin Karhan
mastodon - Link zum Originalbeitrag
Kevin Karhan
I think banning #Aftermarket - #ROMS, espechally #GrapheneOS, is a hostile, anti-consumer act that should be prosecuted as there is no legitimate reason for it.
#grapheneos #aftermarket #roms
Dieser Beitrag wurde bearbeitet. (4 Monate her)
Als Antwort auf Kevin Karhan

🌸 lily 🏳️‍⚧️ θΔ ⋐ & ∞
sharkey - Link zum Originalbeitrag
🌸 lily 🏳️‍⚧️ θΔ ⋐ & ∞
exactly! i literally said out loud, something like "if i made a country, this would be illegal"
Als Antwort auf GrapheneOS

GrapheneOS
mastodon - Link zum Originalbeitrag
GrapheneOS

These are the full set of changes fixing Revolut's ban on GrapheneOS:

github.com/GrapheneOS/platform…

github.com/GrapheneOS/platform…
github.com/GrapheneOS/platform…
github.com/GrapheneOS/platform…
github.com/GrapheneOS/platform…

Other banking apps banning GrapheneOS will need to be retested after the next release.


use non-GrapheneOS-branded build user/host · GrapheneOS/platform_build@bcd027b

This reuses the format used by the stock Pixel OS. This had to be changed due to apps banning GrapheneOS based on this.
GitHub
Als Antwort auf GrapheneOS

Menhera Lexi
sharkey - Link zum Originalbeitrag
Menhera Lexi
I love how that first commit reusing Pixel stuff could in theory force them to ban pixels entirely or ban specific build dates and times (not sure where your reply ran to, but my response to it was: This dedication has made me want a pixel specifically to install GrapheneOS now)
Als Antwort auf Menhera Lexi

GrapheneOS
mastodon - Link zum Originalbeitrag
GrapheneOS
@lexi We have no issue making further changes if needed. They can successfully ban GrapheneOS if they really want but there's no reason we need to allow them to do it in such a ridiculous way. Our hope is that they aren't competent enough to ban GrapheneOS in the near future and it will take them time to finally move to the Play Integrity API. Ideally they could be convinced to stop, or at least to use hardware attestation with GrapheneOS in the allowlist per grapheneos.org/articles/attest….

GrapheneOS attestation compatibility guide

Guide on using remote attestation in a way that's compatible with GrapheneOS.
GrapheneOS
@Menhera Lexi
Als Antwort auf GrapheneOS

GrapheneOS
mastodon - Link zum Originalbeitrag
GrapheneOS
@lexi We just temporarily deleted our response because we wanted to repost it with more information and several platforms don't see edits we make, that's all.
@Menhera Lexi
Als Antwort auf GrapheneOS

Menhera Lexi
sharkey - Link zum Originalbeitrag
Menhera Lexi
Fair enough, i forget that sometimes. Guess im still used to centralized social media
Als Antwort auf Menhera Lexi

GrapheneOS
mastodon - Link zum Originalbeitrag
GrapheneOS
@lexi A lot of people view our account through a Nostr bridge since we don't have a Nostr project account yet, which we need to get around to setting up at some point. Many people don't realize it's not a native Nostr account but rather bridged so we'll need to deal with that when we make an account there and maybe get the person doing the bridge to unbridge it after a final post about the native account.
@Menhera Lexi
Als Antwort auf Ben Feakins 📷

GrapheneOS
mastodon - Link zum Originalbeitrag
GrapheneOS
@Feakster It works fine, we've tested it. We plan to include some additional unrelated changes before our next release, which might be significantly later today in around 16 hours or so.
@Ben Feakins 📷
Als Antwort auf GrapheneOS

Lawrence Pritchard Waterhouse
mastodon - Link zum Originalbeitrag
Lawrence Pritchard Waterhouse
Honestly, I'm not sure applying those "fixes" is a net-win. Short term it'll unblock those apps, and *maybe* the Play Integrity API will be regulated away in a timely manner, but they'll just switch to something else, e.g. like the GameBoy did: Check for the presence of a trademarked logo, string, or proprietary app being present that you are not allowed to distribute... Long term, the only winning move is not to play. Let those apps *not* work, if they so desire.
Als Antwort auf Lawrence Pritchard Waterhouse

GrapheneOS
mastodon - Link zum Originalbeitrag
GrapheneOS
@lpwaterhouse We can document all their actions against us and take legal action against them. The clearer they make it that they're going out of the way to ban GrapheneOS, the easier it is to win a lawsuit. How would they justify the ban? It's a far more secure OS and they permit an OS with no security patches for 10 years. Europe has market competition laws they're violating. Apps doing it for Google with their Play Integrity API instead of Google doing it themselves doesn't make it legal.
@Lawrence Pritchard Waterhouse
Als Antwort auf GrapheneOS

Stephan Paternotte
mastodon - Link zum Originalbeitrag
Stephan Paternotte
this brings back memories of when #Vivaldi felt compelled to change their default User agent string because poorly designed websites were putting up barriers for alternative browsers.
vivaldi.com/blog/user-agent-ch…

User Agent Changes | Vivaldi Browser

Vivaldi is changing how it presents its User Agent in the upcoming release. Here is an explanation of what a User Agent is and what we are doing.
Ruarí Ødegaard (Vivaldi Technologies)
#vivaldi
Dieser Beitrag wurde bearbeitet. (4 Monate her)
Als Antwort auf Stephan Paternotte

Kevin Karhan
mastodon - Link zum Originalbeitrag
Kevin Karhan

@S_Paternotte meanwhile I see #OpenAI literally using falsified #UserAgent|s and #DDoS'ing clients at work so hard I have to ban entire ASNs and /10 networks just because they ca't be assed to respect the robots.txt and refuse to accept beibg given 403 errors.

-Needless to say banning #GrapheneOS which are by far the most security-focussed and most diligent in terms of #Aftermarket-#Android-#ROM|s whilst not banning #outdated Android versions is like banning a "#SecureBoot|ed" #UbuntuLTS or #OpenBSD installation and going out of one's way to brick #Wine whilst still supporting #WindowsXP in 2025!

The Web Robots Pages

robotstxt.org
#Android #wine #grapheneos #openai #openbsd #rom #ddos #secureboot #windowsxp #ubuntults #aftermarket #outdated #useragent @Stephan Paternotte