My bank is listed as ok. Ultimately what I’m worried about is getting fully into GrapheneOS and then suddenly my banking app no longer works. What is the chances that the banking app in the future suddenly complains about not being on stock firmware and no longer runs?
I wouldn’t worry too much. First, you can continue to use the older version of your banking app if they change their attestation policy. And second, you can always get back to PixelOS if you need to.
I am in the same boat Op and unfortunately I don´t agree with the answers here.
We know that Google want to enforce Play integrity API by end of January 2025 (About the SafetyNet Attestation API deprecation | App quality | Android Developers)
And I assume Banking Apps will be the first to change as they need to be always on the most secure level (I know, I read the comments from GrapheneOS, it is not really about security for Google but still…)
Also I would be against simply “keep using the older version of your banking App” as we never know how many bugs/issues have been fixed. Banks would also generally “force” you to use the latest versions for all feature.
Again I am in the same boat, I don´t want to invest time and energy into setting up the phone and then in January I have to switch back to stock because of Play integrity issue. Specially that there is no simple way to backup/restore from GrapheneOS to Stock.
And I also saw that GrapheneOS will go in court in case this is enforced because of anti-competitive behavior, but as far as I am aware, currently not yet done, and I doubt any verdict will be quick enough anyway.
Difficult choice… I am looking into the possibility of having stock with Google Apps deleted/disabled and RethinkDNS to block the ones I would use (camera/photo/maybe Wallet). All other accesses can be revoked anyway even for Play Services.
I have spare phone with default android version where I install apps that don’t work on custom ROM, m-banking included. And that one I keep at home, don’t need it with me. However, I was surprised to see my bank’s app also works on LineageOS, so now I have it on both
I use the web versions in Brave on GOS, is that an option? Asking also out of curiosity since my use cases are limited? maybe? and I haven’t used any banking apps in years
I guess that mobile app is for authentication. We have something similar in the Baltic States too, it’s called Smart-ID.
I used to use this nonsense in the past until I found out that my bank is actually reasonable and I can just get an offline PIN generator and use it instead of these proprietary crapware apps.
This is irrelevant. You can always go back to stock OS if the bank decides to change it’s policy.
This isn’t representative, but a relative of mine can still use his banking apps on an Android 7 phone ! ==> Banks need to strike a balance between security and compatibility
Your banking is more secure on Graphene than on Stock
If your bank doesn’t respect your choices, consider switching. Nowadays, instant; free transfers are becoming the norm. You could keep your assets on your existing bank, while transferring your salary to a bank that allows GOS.
You needn’t to always have your banking info at your fingertips. In privacy, the best tool is the one you can get rid of.
This is irrelevant. You can always go back to stock OS if the bank decides to change it’s policy.
I repeat what OP mentioned: "My bank is listed as ok. Ultimately what I’m worried about is getting fully into GrapheneOS and then suddenly my banking app no longer works. "
So yes it is relevant.
This isn’t representative, but a relative of mine can still use his banking apps on an Android 7 phone ! ==> Banks need to strike a balance between security and compatibility
Your banking is more secure on Graphene than on Stock
If your bank doesn’t respect your choices, consider switching. Nowadays, instant; free transfers are becoming the norm. You could keep your assets on your existing bank, while transferring your salary to a bank that allows GOS.
You needn’t to always have your banking info at your fingertips. In privacy, the best tool is the one you can get rid of.
Sorry but you can´t tell people to change banks or to stop using the Apps. They could be bound to it for some reason. They could be building trust for a long term financial commitment etc… It is their life style and they are free.
The question was simple and I am not sure why is everyone is using his own needs as reference to what OP should do.
The thing is, no one can guarantee you that setup that works now, will still work in 2,3…5… years.
Banks do what they want. And they would rather block you using their apps on new pixel with grapheneos, than 7 year old phone which received last security update in 2020. That might change in future, for better or for worse
We need to set a precedent that others banks need to follow. People assuming that only attestation they have is of google or apple, is risky, very risky.