Can someone give an example of an app that doesn’t work? I always hear about apps that do work, but is it mostly banking or some other category that doesn’t work typically?
More specifically, Play Integrity API will fail on the Play Service integrity check.
If I recall correctly, this is why Google Pay won’t work on GrapheneOS.
Some banks require the app to be used as second factor to log into their website.
Can you work around it with magisk like rooted stock android? I bought my pixel specifically for graphene but google pay is the main thing preventing me from switching
I’m currently getting MEETS_DEVICE_INTREGRITY with play integrity fix, which is enough for Google Pay to work. The only thing that I haven’t been able to do is drive for Uber or use RCS oddly enough. RCS happened to fix itself about a month ago as well.
As far as I’m aware, there are no work-arounds that allow for circumventing the Play Integrity API. Probably because you cannot avoid the involvement of a Google backend API that is accessed by the app’s backend.
It works like this:
Play Services hands a token to the app, the app sends it to the app backend, and then the app backend lets a Google backend verify the token, which results in a verdict. You cannot manipulate the token.
Both true statements. The banking apps that don’t work aren’t because google wallet doesn’t work, but because they use the same trust policies that Wallet requires in order to run (which GrapheneOS cannot meet because its not a “trusted” OS, per Google)
Like you said, banking apps. The logic behind that is they use google to security check their apps.
A random non-bank example would be the slick deals app. Without play services it would just open then crash.
Many apps use play services for their notification system. So for instance, proton mail works fine but notifications do not.
NFC is not supported, so anything that uses that won’t work.
Not an app, but I was surprised that widgets don’t work unless you’re in the primary profile. Technically they work on any profile, but they randomly get deleted, and frequently. It’s a known bug that probably will never get fixed because the source of it comes from stock android.
I will mention that you can have a profile running play services, which gives you access to many apps that wouldnt normally work. And it’s sandboxed so it has less impact on your information (I don’t know all the specifics but it does limit in some way how much it can snoop into the rest of the OS). Then you can also set up granular controls on your apps to limit them from snooping.
Yeah, that’s why I mentioned having a secondary profile. Some stuff like bank apps you just can’t get away from so a profile with play services running is a workable solution.
If you have a pixel phone already, you can give it a shot. One very nice feature of GOS is that it’s super easy to install - and uninstall if it’s not for you.
Random applications that use the play integrity API won’t work on any third party OSes or ROMs. For example I tried to install some Intuit app on my GOS Pixel a while back (credit karma I think?) and it didn’t work at all
Can someone give an example of an app that doesn’t work? I always hear about apps that do work, but is it mostly banking or some other category that doesn’t work typically?
Anything that uses NFC payments.
<end of list>
Some banking apps allegedly don’t work but i have never encountered one. If your bank has a mobile accessible website, it’s basically a non-issue.
More specifically, Play Integrity API will fail on the Play Service integrity check. If I recall correctly, this is why Google Pay won’t work on GrapheneOS.
Some banks require the app to be used as second factor to log into their website.
Can you work around it with magisk like rooted stock android? I bought my pixel specifically for graphene but google pay is the main thing preventing me from switching
You cannot root grapheneos, so the answer is no. That method does work on other rom’s like lineage.
Last time I checked, it was broken for years already. It’s been a while though. edit: Confirmed: https://xdaforums.com/t/module-play-integrity-fix-safetynet-fix.4607985/ Only basic/device attestation is working.
I’m currently getting MEETS_DEVICE_INTREGRITY with play integrity fix, which is enough for Google Pay to work. The only thing that I haven’t been able to do is drive for Uber or use RCS oddly enough. RCS happened to fix itself about a month ago as well.
As far as I’m aware, there are no work-arounds that allow for circumventing the Play Integrity API. Probably because you cannot avoid the involvement of a Google backend API that is accessed by the app’s backend. It works like this: Play Services hands a token to the app, the app sends it to the app backend, and then the app backend lets a Google backend verify the token, which results in a verdict. You cannot manipulate the token.
google wallet is not required to be tied to any bank accounts, US does not even support NFC within banking apps.
Both true statements. The banking apps that don’t work aren’t because google wallet doesn’t work, but because they use the same trust policies that Wallet requires in order to run (which GrapheneOS cannot meet because its not a “trusted” OS, per Google)
Like you said, banking apps. The logic behind that is they use google to security check their apps. A random non-bank example would be the slick deals app. Without play services it would just open then crash.
Many apps use play services for their notification system. So for instance, proton mail works fine but notifications do not.
NFC is not supported, so anything that uses that won’t work.
Not an app, but I was surprised that widgets don’t work unless you’re in the primary profile. Technically they work on any profile, but they randomly get deleted, and frequently. It’s a known bug that probably will never get fixed because the source of it comes from stock android.
I will mention that you can have a profile running play services, which gives you access to many apps that wouldnt normally work. And it’s sandboxed so it has less impact on your information (I don’t know all the specifics but it does limit in some way how much it can snoop into the rest of the OS). Then you can also set up granular controls on your apps to limit them from snooping.
Thanks! I don’t think this will work for me. Where I live, most of the payments are made directly through banking apps by scanning a qr-code.
Yeah, that’s why I mentioned having a secondary profile. Some stuff like bank apps you just can’t get away from so a profile with play services running is a workable solution. If you have a pixel phone already, you can give it a shot. One very nice feature of GOS is that it’s super easy to install - and uninstall if it’s not for you.
Sadly, I don’t have a pixel.
Random applications that use the play integrity API won’t work on any third party OSes or ROMs. For example I tried to install some Intuit app on my GOS Pixel a while back (credit karma I think?) and it didn’t work at all