undefined | Better HN

0 pointsmicrotonal3d ago0 comments

The Play Integrity API even works on GrapheneOS, but will only pass basic integrity (which is enough for most, but not all banking apps). It doesn't pass strong integrity, which does remote attestation. If your bank does that, ask them to add remote attestation for GrapheneOS as well.

0 comments

prophesi2d ago

For most apps, yes, they won't require the MEETS_STRONG_INTEGRITY check in the Google Play Integrity API. But if your apps _do_ choose to use that Google Play Integrity API for a strong integrity check, then they won't be able to whitelist GrapheneOS's keys for it to pass. Unless you can convince Google to whitelist them.

Thus it's best if they use Android's hardware attestation API instead, as you can then decide to whitelist GrapheneOS to pass that strong integrity check.

j / k navigate · click thread line to collapse

0 pointsmicrotonal3d ago0 comments

0 comments

prophesi2d ago

Thus it's best if they use Android's hardware attestation API instead, as you can then decide to whitelist GrapheneOS to pass that strong integrity check.

j / k navigate · click thread line to collapse