WingNews

nimbius|1 year ago

the only app ive seen balk at bootloader status (to date) is google wallet. Using a phone to pay for stuff is an opsec nightmare youd only entertain so long as becoming an integrated and saleable asset in a data brokers portfolio is a life goal. 'pm uninstall' and move on, the custom rom is still far more valuable from a security perspective than bending the knee to some bespoke ecosystem payment app (especially if you have an older device.)

the point of oem unlock, and rooting at all, is diametrically opposed to the vendors interest in nearly every facet. The vendor will bark "hackers" as a thinly veiled threat for the uninitiated, but we are initiated. what the vendor doesnt need you doing is erasing their telemetry and walled garden spyware. they dont need you developing alternatives to their store and to their apps, and they especially dont need you turning this effort into something as simple as an ubuntu installation for older phones they expect to follow the strict trade-in model of "buy a new phone every year"

arguably Asus refunded the purchase because this person isn't playing by the rules and being a good consumer.

lxgr|1 year ago

> Using a phone to pay for stuff is an opsec nightmare

Do you mean "privacy nightmare"? Security-wise, Google Pay beats using your physical card since it uses a device-specific number that can't be skimmed by terminals and reused online.

> the custom rom is still far more valuable from a security perspective than bending the knee to some bespoke ecosystem payment app (especially if you have an older device.)

I'd argue that it only makes sense if you have an older device that's otherwise not receiving any more security updates.

paulryanrogers|1 year ago

Bank apps, Netflix, and Disney+ also won't work. There are spoofing measures though I've been burned by unlocking and rooting too often to try again, at least not while my devices are still under warranty.

jjmarr|1 year ago

I'm in Canada and I can literally just tap the card itself on the reader. Every card has this ability and it can't be skimmed.

cqqxo4zV46cp|1 year ago

Your claim that using a smartphone for payments is a privacy(?) nightmare sounds quite baseless.

The more pertinent factor is probably the fact that you’re using an operating system built by an advertising company.

franga2000|1 year ago

It sure isn't what it used to be, but if you buy the right phone and make a few moderate compromises, it's still a great option.

Installing crDroid on my OnePlus 9 Pro took half an hour, another half to install Magisk Delta with a few modules. The universal dark mode alone (Xposed module "DarQ") is worth the effort, but also the ability to clone apps, have proper clipboard sync, make full-system backups and customise the look and functions of my OS to a currently unparalleled degree.

The only compromise is I can't seem to be able to do NFC card payments (send or receive), one of my 4 banking apps needs a custom patch every few months to start working and a friend tells me the McDonald's app doesn't work.

freedomben|1 year ago

Do you keep a factory image for your OnePlus 9 pro in case you want to restore it? If so, how do you go about doing that?

After OnePlus decided to stop publishing factory images, I decided to stop buying their phones. It's a real shame, because they really do make some great stuff and prices are quite reasonable generally speaking. I used to buy a new OnePlus phone nearly every year. The OnePlus 6 was one of my favorite phones of all time.

ktosobcy|1 year ago

Eh... that's why I'm pondering going back to OnePlus (after short affair with Samsung for the past 2 years) because it's somewhat annoying not being able to tweak stuff...

Alas, it's also annoying that some dumb banks (I'm looking at you ING Poland) consider rooted device as "insecure" but thay have no problem if I open a bank page using admin/root account on the computer)

ravenstine|1 year ago

This is rubbish. I'm running GrapheneOS and have left my bootloader unlocked, and there's no app that has refused to work. The only caveat is some of them need Google Play services. No, I am not rooted, but my last phone was rooted and there might have been one or two apps out of dozens that wouldn't work with root even with Magisk trying to hide the root status. Using a custom ROM is easily one of the beat choices I have made.

nebulous1|1 year ago

Do you use a banking app? Last I read depending on the type of check used some apps can still be problematic.

Fire-Dragon-DoL|1 year ago

What are the downsides with GrapheneOS? I had a few problems with root (Netflix and banking apps) but would love my privacy. My main reason for root is the firewall to block outgoing connections from apps that are not supposed to do it

ThePowerOfFuet|1 year ago

You should not leave your bootloader unlocked if you care about the security of your device and data.

Unfortunately, locking (and unlocking) it wipes user data, so it should be relocked right after installation of GrapheneOS.

collegeburner|1 year ago

what? safetynet is absolutely a pain in the ass. i think there are some xposed and magisk modules or whatever that can work around it but that's a cat-and-mouse thing and can break. lot of bank and financial apps, lot of stuff with DRM will break.

63stack|1 year ago

No, parent is 100% correct. Unlocking your bootloader trips SafetyNet.

udev4096|1 year ago

GrapheneOS is not a ROM. It's an OS.

Semaphor|1 year ago

If you root, you can bypass those issues in most cases. I have 3 apps detecting it, that I can bypass, and only the German health insurance app from TK detects it (according to the internet, it's getting past most solutions somehow). It's not something I'd recommend the average person, but for people who care enough to fiddle, it's still the best way.

I think since my first Android (HTC Desire Z/T-Mobile G2) I spent a total of 1 week on stock, never was a fan of any of them.

arsome|1 year ago

Largely depends on your priorities and level of effort.

You can bypass all current app checks using Magisk and Play Integrity Fix, but it's a bit of work to maintain and can break occasionally. You gain in this case full control of your device like a desktop OS, block ads, modify app behavior, disable unwanted system features, but you have to put in effort to maintain it.

However if you don't want to deal with that, you can also just not use those apps, use it like you would a Librem or PinePhone, load primarily open source software to it, optionally don't even bother with play store, etc. Might not be for everyone, but if you don't care that much for Google Wallet or multi-player games on your phone, it's not a bad option.

BizarreByte|1 year ago

> but it's a bit of work to maintain and can break occasionally.

Which is a major problem because my tolerance for my bank's app not working when I open it is so low it might as well be non-existent.

I personally gave up this fight.

zamalek|1 year ago

> where apps check for unlocked bootloaders and rooted OS

Magisk and PINE[1] have solved this for me. Yes, even Google Wallet is all good with my LineageOS ROM. PINE is an auto-updating PIF.

[1]: https://github.com/daboynb/PlayIntegrityNEXT

ac130kz|1 year ago

Stock ROMs are still filled with ads and useless extras, rarely providing meaningful features over an AOSP like LineageOS.

jMyles|1 year ago

> Long is gone the time where unlocking bootloaders and installing custom ROMs was the best path to follow.

...wha? I just installed GrapheneOS on my Pixel 8 Pro and it is, by a decent margin, the best custom ROM experience on a phone I've had to date.

npteljes|1 year ago

I have it on my Pixel 7a, and it's a great experience, but I also don't need to run apps that check for phone "security" or integrity. This is the case OP is talking about.

https://grapheneos.org/usage#banking-apps

encom|1 year ago

>GrapheneOS

This was not a project I expected to use Discord for support. Sad.

yooastan|1 year ago

This is untrue, I do this now with my Pixel and have to no issues.

NayamAmarshe|1 year ago

With KernelSU, this is no longer the case. It's Magisk that causes most problems.

myself248|1 year ago

Huh.

I guess I must not run any of those apps?

(no title)

discuss