Call it anec-data but all my banking apps work in GrapheneOS, and I have several installed. There is one that reduces functionality if SafetyNet fails (have to do the 2fa flow every time I restart the app, can't set as a trusted device and notifications don't work) but it still works to access my account.
That said... I haven't tried to use NFC payments and do carry around a secondary iPhone 15 as my "business phone" these days that pretty much just has payment/banking apps on it, just in case one bank or another decides to suddenly nuke their app on my main phone...
I replaced that phone with a new one and didn't bother setting up the fingerprints. It doesn't seem to bother me too much and maybe there's some small security benefit to not having the biometric authentication enabled.
The hardest to get working were: S-push tan (a 2fa app for the bank "Sparkasse", their normal app is far easier to get running) and lately revolut. but as i said, i always got it working.
Also it seems whatsapp blocks open bootloaders if you get enough warnings for using a custom modded version (A message pops up that tells you to get whatsapp from the official places, which i did) but hiding the open bootloader was enough to get that working.
Also with just root its easier than with root + Custom Rom, which was my setup.
So yea, it wont work out of the box, but its pretty simple to get working.
It requires that the card issuer support Fidesmo though. Many here do but I'm not sure what it's like elsewhere.
To be able to do it, you have to authenticate with your card issuer in a mobile app, similar to how you might when setting up Android Pay or Apple Pay. The mobile app then uses your phone as a bridge between the issuer and the NFC chip in the accessory so the relevant data can be written in a secure way.
But not Google Wallet, and with GrapheneOS as the connected device?
At least one of my cards required Google Play Services to have the location permission when initially adding the card though.
It's crowdsourced and therefore incomplete but https://plexus.techlore.tech/ has reports of compatability with the complete absence of Google Services or a replacement like MicroG.
Here in Switzerland my experience is that the big banks like UBS and the cantonal banks tend to work, while the smaller things like McDonald's and my credit card providers tend to break because they have nonsense Play Integrity requirements.
We really need a more foolproof technical solution for this if general purpose computing on the mobile phone is to be preserved. Perhaps some type of a remote control scheme to operate on a "slave" device. Failing that, if I do need one of such apps needing "strong" integrity, I'd probably look into getting an iPhone for those.
The manufacturers will do something about it when their hostile behaviour starts to affect their bottom line. They have been ripping us off for far too long.
Normal people just want to buy a phone and use it and they can do that today. They don't want the added complications. There is a reason Amazon is so popular and massive. The goal should be to add simplicity and not add complexity if want something to be popular.
As opposed to corporations extracting an insane amount of wealth from the struggling public? Such shallow dismissals ignore the fact that ordinary people know how exploitative these companies are and that they are interested in resisting - if only they knew how.
> Normal people aren't hyper concerned about boot loaders, sideloading or custom ROM's.
I have been guilty of this too. But let me say this. We on HN have been quite contemptuous towards 'normal people', especially regarding their technical competence.
Besides, you pretend as if everyone needs to know all those stuff to take advantage of it. Back in the past when mechanical watches and repairable automobiles were common place, we all took advantage of their serviceability, despite that only a rare few of us knew how to service it. We just paid those independent experts to do it for us. Everybody knew some basic economics to realize how this was in their favor. The argument that serviceability has no use to the majority is a disingenuous and harmful, all by itself.
> Normal people just want to buy a phone and use it and they can do that today. They don't want the added complications.
Just go ahead and ask these 'normal people' whether they prefer a serviceable device or one that suffers deliberate obsolescence in less than 3 years and forces them to buy an entirely new one.
> There is a reason Amazon is so popular and massive. The goal should be to add simplicity and not add complexity if want something to be popular.
Look at how many of these 'normal people' actively try to avoid the likes of Amazon. Their insane wealth allows them to manipulate the market in their favor. People learned this well during the post-pandemic hoarding epidemic.
So please stop pretending that essential features and freedoms are too complex to be worth it. People can take advantage of them even if they don't know how to do it themselves - like by paying independent professional servicemen. And at least in the current smartphone market, its complexity is entirely the contribution of the OEMs. Also, one of the reasons why the old PCs running windows 10 doesn't have to be junked immediately (due to win 11 requirements) is because it is so easy to install an up-to-date and modern OS on it.
Security, convenience etc are false arguments against user freedoms, and are most often the result of the deliberate choices by the OEMs. They're are just consumer gas lighting tactics.
Narrator: "In fact the market did not fix itself"
And you completely neglected an important part of my question. They didn't just lock the boot loader and the root. They also put measures in place to retain remote control of the same. Why not share that control with, or simply transfer it to the owner? Please don't argue with me that this is harder than what they've done for themselves.
We all know the answer for that - profits - something they can't ever be satisfied with. As an engineer, I know that such extra privileges can be made foolproof. It can be designed to prevent normal users from accidentally messing it up, while power users and service professionals can easily navigate their way to a full customization. I know this because I still retain that control on my laptop. There is absolutely no reason why it has to be different on a phone.
But OEMs won't consider it, talk about it or even entertain public discourse about it. Instead, they spend plenty of money on projecting the consumers they exploit as too naive and incompetent to take care of a device they paid dearly for. This is an absolutely vile and reprehensible corporate behavior that gets excused only because they captured their regulators.
> They didn't just wake up yesterday and go "let's mess with those nerds."
Of course not! Instead, they just woke up yesterday and decided "let's screw our entire consumer base". What you've demonstrated here is another example of their dirty tactics. Frame this as a fight between them and the 'nerds' and pitch the consumers against each other. Let's just end the charade that this sort of overreach hurts only the nerds. It truly harms all consumers. People who are old enough to remember service shops and repairmen know what I'm talking about. But these crony capitalists have been at it for so long now that there is an entire generation who doesn't know what's possible with user serviceability. That's the sort of leaching that they've inflicted upon the society.
And, security is never an honest or acceptable excuse for restricting user freedoms. Anybody who argues that information security and user freedoms are mutually exclusive is out to sell techno snake oil. Yet another reprehensible behavior that needs to be reined in.
Also, this isn't a 'nerd' problem. The economics of smart phones would be much saner if phones weren't so deliberately anti-recycling. Thus it affects all consumers. Framing this as a 'nerd vs corporation' fight is misleading at best.
I'm growing less tolerant of the use of security as a convenient excuse for these big companies to restrict their customers on their own devices. There are always alternatives that don't involve infringing on consumer rights. And most of the time, that alternative is rather trivial. But the OEMs just ignore it and never mention it while excusing themselves. That's intentional gaslighting.
Yes, it is more secure against the user. That is not a desirable characteristic for the user, it is a desirable characteristic for the controller of the operating system.
I think the market is working just fine. (To which people usually say "for now". Well yeah, the sun hasn't gone supernova... for now)
The opposite is pretty much true when it comes to security I am generally forced to use an apple device since I can be relatively sure that my keys will be safe (not including state sponsored actors, at that point I would have bigger problems).
Now something for the market to actually solve would be poor hardware security in general making locked bootloaders serve no purpose, having strong built-in security at the SOC would diminish the advantages gained with locked down systems and would allow us to have BYOK without compromising on the general populations security.
But I'm also quite happy with my Google Pixel 9 Pro XL and I have no reason to change. And unless Google changes their bootloader-stance in the future I might continue buying Pixels anyways. But its always good to have more options.
I'm genuinely curious. What's your motivation in making up such a pointless argument/justification?
1. We had serviceable devices and vehicles for ages. There was an equally tiny group of people who knew how to service them. However, everyone used to benefit because they paid those tiny group to do it for them. They benefited because those servicemen had incentives that were more aligned with the consumers, than with the manufacturers.
2. This is not like asking the OEMs to develop a feature that serves a tiny group. The size of that group is no excuse to go out of their way to restrict them. This is an explicitly hostile and actively malicious move. That's why I said your mother's unwillingness to use the feature is no excuse to deny the same to others. But you ignored that argument altogether.
3. The 'tiny slice' is not nearly as tiny or insignificant as you'd like others to believe. Plenty of people, especially the teenagers and the youth like to tinker around with devices. The success and popularity of earlier Arduino and Raspberry Pi are undeniable testimony to that. It's also from this group of tinkerers who started from their garage that we got the next generation of innovators like Bill Gates and Steve Wozniak. These sort of restrictions deny the next generation their own such pioneers and the free-market competition.
OEMs rely on misleading and dishonest arguments like this to gaslight the consumers into unfair deals and squeeze out every bit of unfair profit. In a fair world, such attempts would be strongly condemned and penalized with a loss of marketshare. And it's about time that became a reality.
However, my question wasn't that at all. My question was, what's your motivation in repeating their argument here? How does such an anti-consumer argument help you in any way? Is it consumer Stockholm syndrome?
It's not inherit to the device. Accepting updates signed by a specific key is inherit to the device.
Now we are going from gas lighting to just making up excuses to justify what benefits you (the OEMs). This is exactly what I've been accusing them of, all the while. Their justifications are technically false, misleading, arbitrary, unfair, shallow and opportunistic.
I don't understand how this works, why/how are a carrier lock and a device lock related? Shouldn't one be a lock on the baseband chip and the other on the main firmware?
For years, carrier lock on iOS devices was simply a software switch. In a lot of devices, still, if you have an unlocked boot loader you can run patched baseband firmware that doesn't care that it hasn't been told the magic numbers to unlock itself.
Unlocking the bootloader will also of course let you eliminate the carrier’s bloatware that they get paid to install and load onto it, including the things that they shoved all the way into the Android “non-disableable” list.
Tracfone called this “cellphone trafficking” all the way since the 90s when people would buy their loss leaders, flash ‘em, and flip ‘em to third world markets for top dollar.
You have to pass an actual, 'notoriously difficult' test?
What are they testing?
here are some past papers. For example:
https://github.com/MlgmXyysd/Xiaomi-BootLoader-Questionnaire...
Regarding the Service in Android's four major components, please do not select the correct statements from the following [Multiple Choice Question]
1. Service must perform time-consuming operations in the main thread, otherwise it may cause stuttering
2. Among Android's four major components, Service runs in the background and definitely will not block the main thread
3. Service's lifecycle does not depend on the Activity that starts the Service
4. A Service can only be started once; multiple calls to the startService() method have no effect
5. Service can use the stopSelf() method to stop the service
It show not only how hard the problem, but they also play on words. You also need to answer 13 questions in 15 minutes. And scoring more than 85 points to have a chance to unlock it.
https://www.bilibili.com/video/BV1jPbXzaE9d/
Because the exam difficulty is too high, some people even go to official repair centers requesting a downgrade, and snatch the phone when the technicians unlock and reflash the firmware.
UPDATE: fix the score requirement and the correct answer.
>Because the exam difficulty is too high, some people even go to official repair centers requesting a downgrade, and snatch the phone when the technicians unlock and reflash the firmware.
Are people that interested in unlocking despite the high friction? Honestly, I’m impressed.