Hardware Attestation / GrapheneOS

Feedback & Ideas
1

Hi,

Apologies if this is in the wrong place.

I’ve just migrated across to a new device from my previous iPhone; it’s a Pixel 9 Pro XL running the hardened, open source, AOSP based GrapheneOS. Due to Monzo using the Google Play Integrity API, I have to complete additional security verification and am alerted to my device being rooted. I’d like to suggest Monzo consider utilising the stronger Hardware Attestation API included in AOSP, rather than creating a dependency on Google’s API.
Further information can be found at Attestation compatibility guide | Articles | GrapheneOS

Thanks.

2 Likes
2

Hey @nspr

I’m planning on moving to a Pixel 10 Pro XL when it’s released (from iOS), and I’m planning on using GOS.

How’s the experience for you? Is it usable but just has the GPIA warning, and do all features work as expected?

TIA
Connor

4

I am a life long iOS user (aside from having an S10 for a short period), I took the dive and brought a Pixel 9a and flashed GOS onto it about 3 weeks ago.

What worked well for me was to create a secondary profile that had the official sandbox Google Play services - I created an alias / pseudonym account.
In this ‘Google’ profile, I was able to download all my usual banking apps (and also Google Maps - as the FOSS offerings just doesn’t cut it).

I was able to use Monzo, high street banks and trading platforms without issue. With Monzo, I just had to validate it was me signing into the new device like usual and all good.
However, if you’re wanting to completey de-Google, then yes Monzo need to remove the dependency on the Google Play Integrity API.

However, what has brought me back to iOS (for now) is the lack of contactless pay - unless you sign up for Curve or Google wallet which is not something I fancied. Of course there is the option for phsyical cards but in the 3 weeks I had it, I had caught myself out by leaving my wallet in my bag at work and not being able to get lunch!

Another issue I had with GOS was that although across profiles (Owner and Google in my case), you can see notifications but they do not show the contents. So having to contantly switch between the profiles is infurating. Plus, Signal messenger will not let you sign into more than one mobile device at a time. A new profile is treated as a seperate device (rightly so).

Everything else I loved with it though and it worked wonders and it is something I am working on migrating to as amy daily driver.

1 Like