I’m lucky my banking app works (GrapheneOS), as it’s now requiring 2FA with the app anytime I login on the browser. Can’t use an actually secure form like TOTP. At least they now allow passwords over 8 characters (yes, serious).

(Meme in comments)

  • Chewy@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    38
    ·
    8 months ago

    The hardware attestation feature is part of the Android Open Source Project and is fully supported by GrapheneOS. SafetyNet attestation chooses to use it to enforce using Google certified operating systems. However, app developers can use it directly and permit other properly signed operating systems upholding the security model. […] Direct use of the hardware attestation API provides much higher assurance than using SafetyNet so these apps have nothing to lose by using a more meaningful API and supporting a more secure OS.

    https://grapheneos.org/usage#banking-apps

    My banking apps work on GrapheneOS, so I guess they are using hardware attestation instead of SafetyNet. LineageOS won’t pass hardware attestation because it doesn’t support locked bootloader.