Revolut is blocking new logins from Android distributions that aren't certified by Google, incl. GrapheneOS

As seen on:

Revolut used to play very well with custom operating system, Now the way they changed the Play Integrity API you will no longer be able to login.
My advice is fortunately the same as GrapheneOS’s
x.com

Maybe don’t take it as far as management but anything if it means a little and if it means you will should go a long way to show Revolut that we care…

Shoutout to @PrivacyFounder On the other site, this is what appears when you try to login:

I know that if you wanted private payments. Revolut and others Are not the way to go at all but I thought I’d be nice to point out in this ever evolving world and maybe we can make a change on apps like them that do these kind of practices where they do things like take away people’s ability to login because of Play Intergrity API when you could before. It’s all about Digital Rights here

Try downgrade the app, 10.56.2 (build number 1005605917) works on my end.

1 Like
  1. This isn’t my screenshot
  2. Yes while older versions will work an I am in one. The fact alone that revolut does this says alot. And trust me long term this isn’t a viable method. This has happened to me where After many versions that I haven’t updated. Revolut will force you to update anyway at some point.
1 Like

Well this is not Revolut’s first time afaik, I think it might have something to do with the SDK?

What user (customers) should do is to report to Revolut CS as it cannot be solved by GOS, if it is SDK issue then Revolut will push another update shortly to “fix” that.

Yes as I said:

My advice is fortunately the same as GrapheneOS’s
x.com

1 Like

could you please help: where we could find it? In Aurora Store I can’t see any previous version available.
I’m not so sure to user APK Pure or APK mirror

APKMirror fortunately does do curation of it’s APKs so should be a safe bet

(Source: FAQ - APKMirror)

1 Like

thank-you man!

At least if you are logged in they don’t block you

I’m loading up my new phone right now so… too late :rofl:

2 Likes

Companies like these should be held responsible. The fact that they did not create the offending anti-competitive Play Integrity API doesn’t mean their use of it isn’t anti-competitive in and of itself.

3 Likes

Here’s what their customer service had to say:

5 Likes

Positive that they are at least willing to bring it to the developers attention. Though obviously they aren’t the decision makers.


On a related note, does anyone know of any instances of apps actually implementing hardware attestation on GrapheneOS to maintain compatibility?

I quickly moved out my $12 out of there lol, and disabled auto updates. I hope this gets fixed :crossed_fingers::pray:
Tx 4 posting op :+1::+1:

Sorry I recommended them Aproov, as a quick Brave search didn’t make it obvious Auditor could also be used for verification/

What alternative do you use that has one-time use cards and free virtual cards ?

I genuinely believe they are doing this for security. Like they also have done things like PIN scrambling, etc.
So maybe it is up to the security team, and not top-down.

It’s not using auditor, it uses the standard hardware attestation API which is part of AOSP. GrapheneOS recommends referring apps which implement Play Integrity to the previously linked attestation compatibility guide. The hardware attestation API provides much more robust security guarantees than the Play Integrity API. Source.

The Play Integrity API provides no security guarantees when it accepts devices which haven’t received security patches in 8 years, but not GrapheneOS, which offers unrivaled security. Source.

I think we (and even GrapheneOS team) are missing the corporate point of view: There are billions of Android phones out there, with and without Original OS, and their App needs to support them while maintining security.
If Google claims they are “secured” by using their APIs, you bet they will do it instead of handling the phones case by case.
They can´t hold GrapheneOS responisble in case something goes wrong with their security model, but they can for Google.

2 Likes

No, Google accepts no liability for use of their API, that wouldn’t make any sense. What these companies are doing by using the Play Integrity API in this way is blatantly illegal under anti-trust law.

2 Likes

I think my point still stands. They would understandably follow Google guide lines / recommendations over GrapheneOS.
I still think “illegal” is not the correct term. No one is forcing the Apps to use Google APIs instead of something else. They are doing simply what they think is “best practice” specially for a financial insitution.

4 Likes