261
No banking apps on your custom ROM? This new initiative could help. (www.androidauthority.com)
submitted 2 months ago by throws_lemy@reddthat.com to c/android@lemdro.id
52 comments fedilink hide all child comments

A new European initiative dubbed UnifiedAttestation aims to build a free and open-source alternative to Google’s Play Integrity checks. The initiative is backed by smartphone maker Volla, while other partners include /e/OS maker Murena and the team behind iodé OS. The feature will be distributed under an Apache 2.0 license.

you are viewing a single comment's thread
view the rest of the comments
[-] brokenwing@discuss.tchncs.de 62 points 2 months ago

GrapheneOS is not a fan of this.

https://grapheneos.social/@GrapheneOS/116200110686604617

[-] barnaclebutt@lemmy.world 65 points 2 months ago

Jeez. They really don't. And, I guess they shouldn't. Their stance is that device certification shouldn't be necessary in the first place which I agree with considering this is not done for computers (don't do this tech bro shitheads).

[-] RobotToaster@mander.xyz 15 points 2 months ago

Grapheneos are also against allowing users root access, which is fine on PCs.

[-] Zak@lemmy.world 11 points 2 months ago

Are they, or are they against GrapheneOS itself supporting it?

Those are different. GrapheneOS exists to be security-hardened and usually should choose security over utility where there's a conflict.

[-] Onomatopoeia@lemmy.cafe 2 points 2 months ago

They arebgwnweally against root, as it "breaks security" in their mind.

Nevermind that all systems, everywhere, have root for some account/some account is root.

[-] zak@social.goodanser.com 11 points 2 months ago

It breaks their sandboxing model, which limits the impact of malicious/compromised apps.

To be clear, I'm not arguing against root here. I daily a rooted phone, and I believe if it's impossible to get root on something, it isn't really yours. You can get root on GrapheneOS; they just discourage it because they're strongly focused on security.

They're right. If a bug in AdAway, which needs root to write /etc/hosts caused it to fetch and execute malicious code, the malware could do anything I can do to my device. The scenario is plausible; it routinely fetches blocklists, and I imagine a sophisticated enough attacker could compromise the delivery mechanism.

I don't worry about that scenario because it's unlikely that kind of attacker will target me. GrapheneOS is meant for people who do have to worry about that kind of thing.

@Onomatopoeia @Zak@lemmy.world

[-] Onomatopoeia@lemmy.cafe 1 points 2 months ago* (last edited 2 months ago)

I don't disagree.

Problem is their binary attitude about root.

Root us used, every day, on every system on the planet.

Even Windows now uses a more granular Admin system - which is a better approach.

In Linux we only escalate as-needed, and strictly limit accounts that are used for services (Windows too actually).

[-] psud@aussie.zone 2 points 2 months ago

Users with low computer skills shouldn't have root on their PCs either

[-] lka1988@lemmy.dbzer0.com 2 points 2 months ago

considering this is not done for computers

It is to some degree, with the TPM. Microsoft Surface laptops come to mind.

[-] gandalf_der_12te@discuss.tchncs.de 2 points 2 months ago* (last edited 2 months ago)

Actually i have been thinking about it and i do believe that it should be done for computers, actually. Like, an attacker could super easily steal your login credentials when they get 10-15 minutes with your computer once. They could do that by booting a custom OS, modifying some of your operating system's system files to install a keyboard tracker or sth, and then just wait for you to enter your password.

I believe it's actually why some banks i know don't allow login anymore if you're not using their Android apps to verify the login.

[-] Zak@lemmy.world 8 points 2 months ago

Secure boot for PCs has been a thing for a long time now. Many Linux distributions support it.

[-] Petter1@discuss.tchncs.de 5 points 2 months ago

Yea, i know no bank that allows login in browser with only basic auth. All use some proprietary 2FA app with fancy QR codes (colour pixel or similar). Funnily, many banks then offer SMS based 2FA in order to restore…

Like make hard and secure login but reset option is old SMS thingy spoofable since… ever?

[-] pucker4676@lemmy.ml 6 points 2 months ago

Bank apps are the worst. So much SMS 2FA. Faux security. Fuck banks.

[-] fascicle@leminal.space 2 points 2 months ago* (last edited 2 months ago)

Ally, capital one, chase support browser login with basic auth, and sometimes SMS 2fa. I've never used a mobile bank app

[-] justalittleguy@lemdro.id 2 points 2 months ago

Personally really wish capital one would add authenticator 2FA... Neither app nor site has it

[-] fascicle@leminal.space 1 points 2 months ago

I'm I'm surprised they don't allow 2fa with like bitwarden or passkeys

[-] gandalf_der_12te@discuss.tchncs.de 1 points 2 months ago

doesn't work for me. i have to request paper letter sent to my home address with the new password, which i have to change after the first login.

[-] pseud@lemmy.zip 18 points 2 months ago

Namely,

Having a European version of the Play Integrity which permits people to use insecure products from specific European companies participating in it while disallowing using arbitrary hardware or software is the opposite of a solution. It's more of the same anti-competitive garbage.

Hate to say it but he's probably right.

[-] Ilandar@lemmy.today 17 points 2 months ago

At this point it's like an unwritten rule of the internet that every GrapheneOS account comment chain will eventually regress into cooker conspiracy theories about other privacy ROM projects. And I still have no idea why Micay has started lumping iodé in with them, because I have been following that project closely for many years and no one there gives a shit about GrapheneOS. As in, they literally do not talk about Graphene (or any other projects, for that matter). They never compare themselves to GrapheneOS, on security or anything else. It's the most bizarre, one-sided internet war.

[-] timbuck2themoon@sh.itjust.works 10 points 2 months ago

Because that dude is nuts. He does a disservice to graphene PR anytime he speaks.

[-] possiblylinux127@lemmy.zip 6 points 2 months ago

The Graphene devs and user base behave like a cult

[-] Zectivi@piefed.social 5 points 2 months ago

As much as I enjoy GrapheneOS, when I hit that part of the chain, I close out. I’m tired of hearing how has attacked GrapheneOS. They used to @ everyone in matrix for it asking for backup, which is why I’m not in their rooms now.

[-] darklamer@feddit.org 2 points 2 months ago

And I still have no idea why Micay has started lumping iodé in with them, because I have been following that project closely for many years and no one there gives a shit about GrapheneOS.

I don't know, but it seems to me that you might have a rather good guess as to why right there.

[-] Ilandar@lemmy.today 1 points 2 months ago

As in, they literally do not talk about Graphene (or any other projects, for that matter).

???????????????

[-] darklamer@feddit.org 4 points 2 months ago

It's quite common for people to feel hurt when they feel ignored.

[-] Ilandar@lemmy.today 2 points 2 months ago

Oh sorry, I think I misunderstood you initially.

[-] MonkderVierte@lemmy.zip 7 points 2 months ago* (last edited 2 months ago)

Yeah whatever. They are their own bubble.

[-] BestBouclettes@jlai.lu 15 points 2 months ago

They're not wrong though

[-] hitmyspot@aussie.zone 5 points 2 months ago

They are if banks don’t allow their apps to be functional on grapheneos.

[-] CorrectAlias@piefed.blahaj.zone 3 points 2 months ago

I have never had an issue with banking apps so long as exploit compatibility mode is enabled for them.

[-] LedgeDrop@lemmy.zip 5 points 2 months ago

I'm baffled. It's almost as though they're missing the point of attestation: which is to give "assurance" to application developers/companies that their applications run in "a certain way".

"A certain way" can have many interpretations, but Googles interpretation means:

  1. No root
  2. No custom firmware
  3. When a users "shares their contacts" with your app, your app gets all their contacts - free from being censored or modified.
  4. When a user "shares their files" with your app, your apps gets access to **all their personal data ** - free from being censored, modified or sandboxed.

iodéOS will have their own definition of what "a certain way" is. Which will probably be identical to Google definition.

Heck, GrapheneOS' attestation has it's own definition of a "certain way" applications run:

  1. No root

I know this, because I run Graphene and I run it rooted. I sign my rooted Graphene with keys, that only I carry and I have my phone setup to only allow OS updates with only my keys.

It does not and will not pass Graphene's attestation, although from my perspective - it meets my security requirements while give me control over my data.

This discussion has nothing with security patches, but everything to do with the accuracy and how much information developers and companies can get off our devices.

[-] MadameBisaster 1 points 2 months ago

While I agree with GrapheneOS in this case, the beef between them and murena etc is always kinda funny to me ;D

this post was submitted on 10 Mar 2026
261 points (100.0% liked)

Android

21839 readers
1 users here now

The new home of /r/Android on Lemmy and the Fediverse!

Android news, reviews, tips, and discussions about rooting, tutorials, and apps.

🔗Universal Link: !android@lemdro.id

💡Content Philosophy:

Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it's in violation of the rules.

Support, technical, or app related questions belong in: !askandroid@lemdro.id

For fresh communities, lemmy apps, and instance updates: !lemdroid@lemdro.id

💬Matrix Chat

💬Telegram channels / chats

📰Our communities below

Rules

  1. Stay on topic: All posts should be related to the Android OS or ecosystem.

  2. No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to !askandroid@lemdro.id.

  3. Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to !androidmemes@lemdro.id.

  4. No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.

  5. No reposts or rehosted content: Share only the original source of an article, unless it's not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.

  6. No editorializing titles: You can add the author or website's name if helpful, but keep article titles unchanged.

  7. No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.

  8. No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.

  9. No offensive or low-effort content: Don't post offensive or unhelpful content. Keep it civil and friendly!

  10. No affiliate links: Posting affiliate links is not allowed.

Quick Links

Our Communities

Lemmy App List

Chat and More

founded 2 years ago
MODERATORS
ijeff@lemdro.id
ladfrombrad@lemdro.id
Paradox@lemdro.id
multimoon@lemdro.id
mikestevens@lemdro.id
Devgard@lemmy.world
limerod@reddthat.com
Netrunner@lemdro.id