While this is awesome, I'm kinda skeptical on the premise on two points.
Almost nobody cares about privacy, and this is going to be super expensive. I might be fine with paying extra, but the economy might not work out, like it didn't for Blackphone. Fairphone is barely alive as well. Seeing as phones are just source of ad money Google can drop the prices on their phones as well.
Some European countries and banks already require crap like Play Integrity for essential apps. So far it's possible to hold out, but for how much longer?
GrapheneOS user here. Every single banking and financial app I use works. Both European ones and non-European. Some require changing per-app settings, but nothing crazy. There's a good chance that your banking app will work.
We're working with a major Android OEM on the future generations of their existing devices meeting the official GrapheneOS requirements so we can officially support their devices. People will be able to buy the regular devices and install GrapheneOS at no extra cost. We're talking about selling devices with GrapheneOS preinstalled but that's not a requirement for the partnership to be a success and other companies could still do it as they do now with Pixels.
Play Integrity API doesn't impact GrapheneOS as much as other alternatives not focused on privacy and security in a similar way. A subset of the apps using the Play Integrity API are explicitly permitting GrapheneOS via hardware attestation including multiple banks like Swissquote. We're working on convincing more banks to permit it. Our hope is for regulators to invalidate the current approach and require defining clear security standards which need to be fairly enforced. The status quo of some banks banning using a much more secure OS that's even much more heavily using hardware-based security features while permitting a Google Mobile Services OS with no patches for 6 years is a massive antitrust issue. It impacts every alternative hardware platform and OS since Android app compatibility is important for competing. The obstacles to getting approved should also not be unreasonably high. It's better if apps don't do this but we can accept they are going to do it if it's a fair system permitting competition, unlike the Play Integrity API.
You don't have to carry two phones. The idea is that the second phone stays home powered off and is used as an access token for the bank's website. There is no reason to carry it around. Pay cash in stores or use a credit card when cash is inconvenient.
I think this is a pretty outdated view of banking. I open a banking app at least a few times a day. In the EU just about every online transaction has to be approved in the app, we also use various payment apps for quick person to person transfers, use the app to generate disposable virtual cards for online purchases, etc.
I could cut myself off from the modern financial world and just use online banking like it's 2010 but that's a pretty big ask.
The US is way, way behind in banking P2P technology / fintech adoption. In many parts of Asia, even uneducated street vendors now accept digital payments via mobile phones (that's how easy it is). See - https://www.forbes.com/sites/pennylee/2024/04/17/the-us-lags... and
I would rather not have the kind of "financial innovation" that requires non-free apps running on non-free operating systems on locked down hardware. These apps, by design, track how people spend their money.
Traditional banks have about as much data about how you spend your money as any modern fintech. The banking system is non-free, locked down and centralized to begin with. How you access it is just a matter of cosmetics and policies.
> These apps, by design, track how people spend their money.
That depends - In India, for example, I am free to use either (1) a private company's app (like PayTM, Google Pay, PaisePe etc.) (2) a Government app or (3) my Bank's app to make digital payment using the Unified Payment Interface (UPI) (or all 3). And, if I don't want to use any mobile app, I can still make offline payment through my mobile phone over USSD - https://razorpay.com/blog/how-to-make-offline-upi-payments/ ...
(You are right though that it is prone to abuse in the absence of strong privacy and data protection laws - digital payment does allow new form of surveillance capitalism to the corporates and new avenues of authoritarian control to the government).
Barclays in the UK offer (or used to) a hardware device with a keypad allowing the user to do a challenge-response using the bank card's chip and PIN. Not sure if they still do, though.
What if one doesn't own an android/iphone device? Banking is a fundamental need, so most countries regulate them to cater to a wide range of users. In this case it's possible that the bank could be compelled to provide you a 2FA device if you don't have one.
I don't think there is such regulation. Many banks simply do not have any other means of authentication any more. They can't give out 2FA devices because their systems just don't support them.
That's because they're stupid or doing something suspicious, probably both.
There's legitimately zero reason to allow 2FA only on your own propreitary app. You can't even make a financial argument - allowing other TOTP methods is cheaper because now you don't need an app!
> Article 7 Requirements of the elements categorised as possession
> 1. Payment service providers shall adopt measures to mitigate the risk that the elements of strong customer authentication categorised as possession are used by unauthorised parties.
> 2. The use by the payer of those elements shall be subject to measures designed to prevent replication of the elements.
No, because phones that lock keys in hardware effectively prevent that, and that works only with hardware that prevents its owners from having full control an doing what they want with their hardware.
"Unextractable keys" works with hardware that you don't "truly own".
What if you truly want the security properties provided by a device which can keep keys in a way where you fully control their use but its extremely hard for anyone to extract them?
it costs basically nothing to change banks. you sign up to a new one and they transfer your account and direct debits. you just tell your employer where to send your next salary payment.
Sorry, not available where I live and not the bank I can use for what I need. I won't give personal details but my options were limited for multiple reasons.
Maybe the real focus should be treating Android as a single purpose environment rather than your real/life depending one.
Maybe the better approach would be focusing on getting postmarketOS to work, and use an emulation or recompilation layer that is running Android in a box (pun intended). Anbox and others were still too painful to use for daily usage, but maybe you can get rid of everything except the things that Play Integrity checks against? Maybe we can make waydroid work?
Waydroid is not a private or secure way to run Android apps. It uses an old fork of LineageOS and throws away most of the privacy and security model with how it's implemented. It does that to run Android apps on top of a much less private and secure base OS. Compatibility is far worse and it in no way avoids the Play Integrity API checks. Most banking apps do permit GrapheneOS and some of the apps banning using a non-stock OS or non-GMS devices with the Play Integrity API have explicitly permitted GrapheneOS via hardware attestation including Swissquote. Banks have no reason to ban GrapheneOS since it has all of the standard privacy and security model combined with major privacy and security improvements. They're often willing to permit it once they understand what it is and how they can verify it with a standard Android API. Convincing every app using Play Integrity to do this case-by-case is painful and unrealistic, but regulation can require permitting secure alternatives meeting defined security requirements.
why not the other way around? aosp already has a much better security posture, already runs almost everything virtualised, and will soon run 'desktop linux' apps in a vm
in fact statements from graphene suggest they hope to eventually move away from linux on the host
it won't be a special graphene phone, they are working with the OEM to make their next flagship meet graphene's security requirements; it'll just be another phone they support that isn't a pixel
Almost nobody cares about privacy, and this is going to be super expensive. I might be fine with paying extra, but the economy might not work out, like it didn't for Blackphone. Fairphone is barely alive as well. Seeing as phones are just source of ad money Google can drop the prices on their phones as well.
Some European countries and banks already require crap like Play Integrity for essential apps. So far it's possible to hold out, but for how much longer?