cross-posted from: https://slrpnk.net/post/15995282
Real unfortunate news for GrapheneOS users as Revolut has decided to ban the use of ‘non-google’ approved OSes. This is currently being posted about and updated by GrahpeneOS over at Bluesky for those who want to follow it more closely.
Edit: had to change the title, originally it said Uber too but I cannot find back to the source of ether that’s true or not…
I swear I am so close to jumping into the void of mainline linux on phones.
The only main issue is device drivers, but I would be fine happily extracting them from android or making new ones. Modern Android is a complete full stack POS.
This is actually good, see it as an enrichment of your life. The only sad thing is Revolut though.
As an alternative to Authy I recommend Stratum (previously known as Authenticator Pro) https://apt.izzysoft.de/fdroid/index/apk/com.stratumauth.app
This due to its compatibility with Android wear (companion)
Can anyone who has used both Aegis and Stratum compare them?
Seems like my time to move away from Authy. Any drop in alternative for iOS? Ideally I could export services and load them back, not manually adding/removing 1 by 1. Even if I can’t though, suggestion still welcomed.
Paid Bitwarden or self-hosted 2FAuth. Its very lean so you could probably do it on a free Oracle cloud VPS and never pay. Or put Vaultwarden on a PikaPod for very little money per month.
I don’t think it’s a coincidence that the shittiest companies are those, who enforce Google’s broken and monopolistic “Play Integrity” API. Revolut has connections to Russia, McDonalds supports the Israeli genocide in Palestine and Authy has always just been a massive piece of shit, not even allowing users to export their TOTP seeds. These are three companies I would NEVER even consider using anyway.
And “Play Integrity” API actually does NOTHING, absolutely NOTHING for your security as an end user.
You use an outdated, unpatched Android version with multiple severe, publicly known exploits on an insecure device?
Google doesn’t give a single fuck.
You use the newest version of Android with all the patches applied on Google’s own hardware, with a locked boot loader and a hardened operating system?
That’s not allowed by the “Play Integrity” API.
It’s only purpose is to serve Google’s monopolistic business interests.Hear hear!
Small OT: In the article it’s mentioned also the app “IO” (italian for the english word “I”). There are also other important italian apps not working without play services. The serious thing is that that apps are almost mandatory to do the ordinary public administration bureaucracy. We can say that the italian state forces its citizens to use a smartphone with Google Play Services installed. This is no sense.
modern fascism in action… state and corporate fusion. however, WHY DA FAQ would Italian state do this for the benefit of a foreign corporation…
I get US part of NATO but wtf
The italian government is full of fascists at the moment, but for me its more like tech ignorant laws. To make an example this is a comment of mine about piracy shield; I think that story can well explain the ignorance of italian government in tech related stuff.
Oh great, I guess I’ll have to change my payment info for everything now. Fantastic.
Authy has been utter garbage for a long time and if you ever needed a reason to migrate away then now is as good as ever.
Do you have a replacement you would recommend?
I use TOTP in KeepassXC (or KeepassDX on mobile) because it’s fully local and available for desktop.
Oh, I was using Keepass2Android as a password vault, but was a little frustrated with it because occasionally it’ll forget to synchronize with the file before adding an entry and leave a “conflicted copy” I have to deal with manually. If KeepassDX will also do TOTPs that sounds perfect.
Well pick anyone listed here but I recommend Aegis
Why would anyone load an app from McDonalds? You want to give them elevated access to your most personal data for a few dollars of coupons?
What are they taking from you that’s worth more than the discounts they are giving you? Because they are definitely making a profit, or they wouldn’t be doing it.
We are definitely in the era where people think discounts before user privacy. I bet most of people downloading the Mcdonald app do it exactly because of cheeper prices and easy of access.
just had medium fries and coke. i and many i know use the mc D app because of the discounts it gives when i order through my app.
just had medium fries and coke. many people i know, including myself, use the mcd app because of the discounts it offers when ordering through the app. however, i am under the impression that since i use an ios device and have the option to decline being tracked by the app—which i very eagerly press “no” to—i am on the safe side. am i?
No, Apple isn’t your guardian angel with the press of a button.
Apple does extensive audit of mobile apps, including limitations of tracking. So the app cannot spy on something you are not letting it to know. But you are giving it a bunch of info voluntarily.
I’d say using that app on iOS is similar to making a food delivery order using a loyalty member ID. Basically, you are letting the company (McDonald’s) know who you are, what is your phone number, where do you live, and what do you like to eat. And if they wish to, they could use all that to purchase your profile from a data brocker. Or they can sell that info for a few cents to make up on that discount.
just had medium fries and coke. i and many i know use the mc D app because of the discounts it gives when i order through my app.
just had medium fries and coke. i and many i know use the mc D app because of the discounts it gives when i order through my app.
How did you manage to post the same comment 4 times? 🙃
i use my very own #snac instance which is sometimes slow. i pressed the post button 4 times.
just had medium fries and coke. i and many i know use the mc D app because of the discounts it gives when i order through my app.
This sounds like an antitrust legal problem…
The GrapheneOS team is already talking to regulators: https://grapheneos.social/@GrapheneOS/112539378681400395
Odd timing considering I’ve banned McDonalds, Revolut and Authy from my phone.
But like, why?
Fuxk u
He makes a solid point
Just to be clear, they banned all custom roms, not only graphene.
It’s crazy how they can just do illegal things because they have so much money…
Do I own my phone or not??
Most ROMs like LineageOS and CalyxOS drastically weaken the security of Android, so that would actually make sense. GrapheneOS has far better security than AOSP, the Stock Pixel OS, or basically every other version of Android that you would find pre-loaded on a device. https://grapheneos.org/features#exploit-protection
Time to switch away from Auth I guess. Not even using GrapheneOS cause I have a Samsung phone, but this is not acceptable
Give Aegis a try, it is great.
Authy is no good anyway. Keeps codes hostage with no way to back them up. So many great open source alternatives
I wish aegis had a UI like that… I prefer it to Aegis “Normal” view. They’re almost the same but ente is a little better
Aegis is also nice
I don’t know if this is standard on all authenticator apps or not but I like the fact that Ageis makes you enter your password once in a while so you don’t forget it.
Switched to Ente Auth when Authy stopped having a free desktop version. What if I lose my phone? I want both my devices to have access to my codes.
same. i wish i could run graphene or something similar on my moto G stylus. I wish my Pixel 6, 7 and 6a didnt all have defects. the 7 was my favourite.
FYI, grapheneOS devs added a list of apps to their wiki:
https://grapheneos.org/articles/attestation-compatibility-guide#apps-banning-grapheneos
Can Graphene add a feature to run in emulation mode to allow apps to believe it’s on an unrestricted OS?
Unfortunately, this is probably because of the apps started using the Play Integrity API, which is a hardware-based attestation and can only be faked in two ways that GrapheneOS isn’t interested in:
- you can fake an older device that didn’t support hardware attestation yet, or had a broken implementation
- or you can try getting leaked vendor keys and emulate the crypto with those until they get revoked
