cross-posted from: https://slrpnk.net/post/15995282
Real unfortunate news for GrapheneOS users as Revolut has decided to ban the use of ‘non-google’ approved OSes. This is currently being posted about and updated by GrahpeneOS over at Bluesky for those who want to follow it more closely.
This surprises me because McDonald’s app is hands down the worst app I’ve ever encountered in the history of all Android apps.
It’s is sluggish, ignores touches/taps half the time, doesn’t adhere to Android best practices for flow, crashes a lot, errors a lot, etc.
But OK McDonald’s. Fuck off.
It’s almost as if a clown programmed it
I can add that it requires location permission (even when you attempt to search manually with zip or city). What a shitty, dystopian timeline we are experiencing when we’re mandated to run privacy invasive spyware, just to get a fucking discount on nugs.
Fuck both of these companies. Never used McDicks app in the first place. Spyware bullshit.
The mcdonalds app is a scam to get you to agree to their arbitration clause
Care to elaborate? I’m curious.
Never mind. I found an article pretty quick. Thanks for the heads up anyway. :)
Can you share with the class? (Shit service where I’m at D:)
I dont buy mcdogwater anymore but im interested
https://www.mashed.com/1432093/mcdonalds-new-app-terms-conditions-reactions/
They gave away free chips in exchange of you downloading their app and accepting their shitty conditions.
Funny that news nowadays is citing tik tok and reddit comments
https://www.thedailymeal.com/1431937/mcdonalds-app-terms-waive-rights-trial/
I can’t tell you how frustrating it is to not only be subjected to Fox
EntertainmentNews by my family, but to be subjected to their social media segments every 5 minutes (not exaggerating).It feels like when I find those ancient newspaper articles about how so-and-so moved in with her boyfriend before their wedding night or whatever.
Some things never change I guess.
I haven’t switched my phone yet, but will do so soon. Does anyone have experience with compatibility layers on phone, akin to wine? I unfortunately cannot go without my public transport apps, and they’re android or IOS only. I’ve looking into postmarket OS, but open for suggestions.
What public transport apps if I may ask? Most of Western Europe and especially Germany present no issues and even have OSS options, same with Finland.
Thanks for the input, i realise it’s been a while since I checked this! ÖBB Scotty, ÖBB Tickets (could forgo this one) and SBB mobile. I also need Digitales Amt (official government app for things like signing contracts without printing them, ordering your election materials to a different address than usual, checking your medical info etc). Do you happen to know whether that would work?
Don’t know and sadly my Pixel got stolen recently, but you can see if Offi or Transportr meet your needs, they’re available on fdroid.
I guess I have bad news for you regarding the government app: https://discuss.grapheneos.org/d/253-compatibility-for-austria-e-government-app
Anyway depending on your threat model keeping a normiephone as a decoy and mainlining something like graphene os can be a good opsec decision.
Nice, thanks for the tip! Also thanks for going through the trouble of finding out for me, I appreciate it! I’m unfortunately in one of the regions where it’s specifically not available. But the second phone thing might be an option. That, or just a compatibility layer with regular old android after all.
GrapheneOS is Android.
Huh TIL, thanks! So would apps usually work, just like on regular android? Except the aforementioned, of course.
Most EVERYTHING works unless your app dev is PoS like these guys.
Another alternative is MicroG which might work better in light of recent development.
How zealous are you on dumping google?
Well yes and no. The point is to stop using Google. And that entails quite a few things you might expect a phone to do
You can take a look at calyxOS, it’s what I use. Android but with all Google telemetry ripped out. It’s not as resistant as graphene against a govt adversary, but for privacy, better battery (bc google stuff isn’t constantly running) and still being able to use everything, it works great.
You can use Waydroid on PostmarketOS to install Android apps. It basically runs a full VM for you.
Their loss.
Apparently, they don’t need my business. Acceptable.
womp womp.
Time to switch away from Auth I guess. Not even using GrapheneOS cause I have a Samsung phone, but this is not acceptable
Give Aegis a try, it is great.
Aegis is also nice
I don’t know if this is standard on all authenticator apps or not but I like the fact that Ageis makes you enter your password once in a while so you don’t forget it.
I wish aegis had a UI like that… I prefer it to Aegis “Normal” view. They’re almost the same but ente is a little better
Switched to Ente Auth when Authy stopped having a free desktop version. What if I lose my phone? I want both my devices to have access to my codes.
same. i wish i could run graphene or something similar on my moto G stylus. I wish my Pixel 6, 7 and 6a didnt all have defects. the 7 was my favourite.
Authy is no good anyway. Keeps codes hostage with no way to back them up. So many great open source alternatives
Can I simulate another OS environment for these kind of apps?
Is this not a sign of the true intentions on both sides of the dilemma here!?!?
Let us go to the end. We cannot afford to carry on in fear of these bans. Let the lines be neatly placed and the sides chosen wisely. If sustained profits are desired, the walled-gardens must come down.Vote with your dollar and vote again with your data. Wary, but never afraid is the motto privacy comrades!
Agreed. Leave immediately to other services, and tell them why you’re leaving. It might not make a dent, but you’ll be doing the right thing at least.
man, and i was gonna switch to graphene this christmas. if every app can just ban my OS, i might have to rethink this. i would use the website but they restrict so many things to apps now…
Use a browser like Native Alpha or Hermit, which present a website like an app.
And if you use Bitwarden/Vaultwarden for your passwords, it can be pretty seamless.
Well, switching to GrapheneOS shows that you don’t care what those companies do and that you’re willing to fight. It means those companies lose one more customer.
Honestly i didn’t even think of that. i’ll still switch then!
Nice choice. You not switching is exactly what these companies wanted.
I was about to switch bank because for a few days my current one (inadvertently) blocked it on grapheneOS. We sent them a few emails and they fixed in less than a week.
I use a small local credit union that doesn’t appear on their supported list. It’s literally the only thing holding me back, I’m tempted to say fuck it anyway. But I wonder if it might work anyway…
What’s the app name? I could install it and see what happens
If nothing else can you use the browser?
I’ve used Hermit for years to present websites like an app, and am using Native Alpha on my new phone.
Yeah you’re probably right. I’ve gotta get a new phone before I can really attempt it, but I’ll at least try!
- Order a Pixel
- Flash GrapheneOS
- If it works, congratulations! If not, switch banks or revert to stock and return the phone.
TBF, this is the first time I’ve encountered an app not working - and it was before this. It’s just because of Google push towards monopoly via their Play Integrity API that’s ruining this.
play “integrity” should be considered malware, any program that deliberately does something the user doesn’t want it to should.
Banks seem to be hit or miss, happy that mine works. Would rather switch Banks than use a stock Rom, though.
All the Uber stuff works in Browser, both eats and their fake taxi stuff.
Not having a subtle reminder to eat at McDonald’s is probably better for you.
Honestly, if your app could be a website, and includes services not on your website, fuck you, I’m gonna go to the competition.
So, uh, the next version of GrapheneOS will probably come with some Android OS version spoofing tech that solves this - if there isn’t something on F-Droid already.
I mean remote attestation is cryptographically secure (unless there’s some temp implementation vulnerability).
No it won’t. Or at least they said on BlueSky that if there had been a work around for this they would have solved it already.
What aboit downloading thw app feom Aurora Store? I think that would solve most of the problems
How would that change anything?
This makes me want to use GrapheneOS more. If the dataminers don’t want you to use it then it must be doing something right.
Too bad it only runs on Google’s phones…
It’s only officially supported on google phones because sadly those are the only ones that are not modified to fuck which makes installing and supporting other OS’es way too much work.
Giving google money once for a device is not a problem from a privacy or security standpoint.
In the EU almost every phone has an unlockable bootloader, there just isn’t any roms or custom recoveries for a lot of them.
That’s correct, but not the reason grapheneOS chooses only pixel phones. It’s the level of hardware security features.
Also unlockable and presumably has well working builds. It’s not just graphene, but just about every Android project it there that’s best supported on pixels. Other manufacturers have a crazy variety of locking schemes and required tools. Each one is a nightmare to support.
For GrapheneOS, it’s primarily that it’s re-lockable. That’s why other unlockable phones aren’t supported.
The GrapheneOS install process sets new OS signing keys so you can lock the phone again and get full verified boot. However, most manufacturers haven’t implemented this feature.
Yes, that cuts the list down even more.
What do you get, app/feature wise for verified boot vs. Play integrity app? Does it increase the amount of apps that work on it?
No, Play Integrity intentionally checks if it’s a Google-approved key. Android itself has an API to check verified boot and gives info on the signing key - most devs just want to know verified boot is working.
I feel Play Integrity has a short life ahead of if competition authorities realise how exactly it works. “Anti-competitive” is the first thing policy-minded folks think when I explain the API to them.
Wish they’d at least support Fairphone.
If Graphene reached out to them I bet Fairphone would even actively work with them to make it an official OS option.
Fairphone would need to substantially modify their hardware to make that work
Second hand, no money for them
Right? Have to pay google for the privilege
You can always buy a second hand one
Someone installing graphene os for security shouldn’t be trusting random second/third/etc hand hardware lol
There is absolutely no problem with that. The phone is wiped and encrypted when you flash graphene, and it does an integrity check every time it boots.
And you can even use the GrapheneOS Auditor app to perform a manual verification of the OS.
Hypothetically the hardware could have been modified, but that would take some insane level of a determined attacker to be fabricating modified pixels just to sell them on the used market.
It also comes with a hardware auditor, although you need another trusted graphene phone to use it. I don’t know about the details, but sounds very hard to mess with it.
Yes, this would only be a concern for targeted attacks by state actors, in which case not even buying new would be safe.
Thinking about it, in such a scenario buying used may even be safer
Nothing too hypothetical nor an “insane” level of work. Didn’t Israel do just that with some beepers to blow up children?
Shouldn’t trust anything then. They could intercept your new phone and modify it. They did it for switches. But your not worth it for “them”.
Your options are:
Apple phone
Bloated android phone like Samsung etc.
Chinese android phone (xiami etc)
Google phone with Android
Google phone with graphene. This still looks like the best of those options.
Or no phone? I guess people are hardcore enough that will be the option.
Fairphone? Swiftphone? eOS? Linuxphone? PostmarketOS etc?
Is swiftphone its own thing or did you mean shiftphone? I kinda want the shiftphone 8 myself even if they only ship to neighboring countries of mine.
Ah sorry, you’re right. I meant shiftphone.
There’s always package forwarding. I’m about to find out how bad an idea that is.
All of these are insecure as hell. Linux phones especially https://madaidans-insecurities.github.io/linux-phones.html
Fairphone also really fucked up: They signed their own OS with the publicly available (!) AOSP test signing keys. These guys really don’t know that they’re doing, and I would trust their hardware or software whatsoever. And no, installing a custom ROM doesn’t solve this. Considering how bad their security practices are, we genuinely have to assume that there are security issues with the device firmware as well.
/e/OS is based on the already insecure LineageOS, and it weakens the security further, so it’s not a good option either.
None of the options you mentioned can be compared to GrapheneOS. It’s currently the best option if you value your privacy and security. You don’t have to give Google money either, since you can just buy a used device, which is also cheaper and more environmentally friendly. Google also makes repairing their devices pretty easy for consumers and even works with iFixit. Here’s a Mastodon post I recently saw about that: https://social.linux.pizza/@midtsveen/113630773097519792
An used Pixel, assuming I can find one in my country, still costs four (4) times what I need to shell out for a in-market Lineage compatible phone.
Theoretical security is cute, but it has to be adjusted to practical feasibility. The most secure computer in the world is useless to you if you can’t boot it up.
Security-wise you’re better off using whatever OS comes with your device than downgrading to LineageOS. At least most smartphone vendors (except for Fairphone) manage to ship their Stock OS with a locked bootloader and somewhat working Verified Boot.
Xiaomi has the biggest custom ROM scene out there btw despite them trying their hardest to stop bootloader unlocking. You really don’t need to have a company supporting unlocking to make ROMs for them. If they outright block it then that’s an issue.
I read somewhere that on some xiaomi phones in china you need to request it, https://github.com/melontini/bootloader-unlock-wall-of-shame/blob/main/brands/xiaomi/README.md
I use cheap motorola phone with lineage OS, add that to your options
I don’t think LOS has any privacy/security improvements over the stock android?
(IIRC) it’s even worse than stock because you can’t lock the bootloader after installation.
Though if your phone isn’t getting official updates, it’s probably safer with LOS.
(IIRC) it’s even worse than stock because you can’t lock the bootloader after installation.
That’s a problem with the phone manufacturer, not with Lineage.
LineageOS itself drastically weakens security even compared to stock AOSP, for example by exposing root access or deploying insecure SELinux policies
There’s also the Lineage-based DivestOS that attempts to keep up with more security updates, and relocking the bootloader in phones that support it.
Yeah, I myself am using CalyxOS, because DivestOS doesn’t support the Fairphone 5 unfortunately. CalyxOS also has relocking.
Physical access is game over anyway?
Not with GrapheneOS, since you can entirely disable the USB controller from the settings on a driver level, making it impossible to connect the phone to a forensic data extraction device. GrapheneOS also has a convenient auto-reboot feature, which (together with their patches to the Linux kernel and Fastboot recovery OS to include memory zeroing) erases the encryption keys from memory, putting the device in BFU state and requiring the PIN/password to unlock. This is additionally secured by the Titan M2 secure element, which makes use of the Weaver API and drastically throttles brute-force unlock attempts. https://grapheneos.org/faq#encryption
If a business makes it too difficult to use them I just use someone else. I’m sure they understand that but are making a killing at the expense of other people.
There will come a day when there are no alternatives. Ive hit this in many places (EU banks, dating sites, etc)
Use the websites whenever you can. That’s what I do at least. Although I had to stop using Lyft entirely, because they stopped supporting rides from their website apparently. And that leaves just Uber. I actually left my bank for a similar reason. It supported my phone just fine, and it worked without Google Play Services, but the website wouldn’t let me do everything that the app would, and the app required that I have Aurora Store to download their banking app from the Google Play Store, and I wanted to get away from that, so I switched banks so that I could use the bank website instead. From what I can tell, you run into this kind of stuff a lot with FinTech apps. But if you use older banks, like Discover or Wells Fargo or things like that, they tend to work better. Maybe because they’re not up with the newest technology, LOL.
Yeah Revolut is also the kinda app that is almost only a mobile app, not much you can do with their website, last i checked.
Correct. This is the reason not to use Revolut.
Choose Wise instead.
Revolut was the one I was looking at if I’d switch to Graphene.
lol, I’ve observed the same.
Fancy “Digital Wallet” thingy is absolutely decked out in Root detection, meanwhile my older, physical bank’s app doesn’t give a fuck.I’ve never been too fond on the idea of a 100% digital bank so no loss for me!
