It feel like we’re losing to Google, day by day. They aren’t killing AOSP directly, but they are making it useless step by step.
Now it’s Google Play Services, Play Integrity checks, installation source checks… more and more apps just refuse to run without GMS. Banking apps? Most of them don’t work. And it’s only getting worse. I run vanilla AOSP on my main profile, no Play Services. I keep GMS only in my work profile for the apps that absolutely need it. But now even some regular apps that don’t need any play services won’t work on my main profile anymore. They simply block your from running , like le chat.
Maps is google’s most important app there is no way to run without play services. Sure we can use webview or gmaps wv, but they don’t provide turn-by-turn directions. Earlier maps used to work without play services, but two years ago, an update stopped it from working. Now that old version is out of date and no longer works.
Google is slowly making GMS very important to run. The problem with GMS is they require to run as system app and has to have all the permissions by default.
Hope EU puts pressure to make google allow apps to run independently without GMS or atleast install them as user apps(like graphene os sandboxed play services).
If we keep going on like this, AOSP can only run fdroid apps in the future.
Yeah, this is a problem. I attempted to switch to GrapheneOS just a month ago and had to roll back to stock Android. One of my banking apps worked, but 3 others didn’t. My 2FA app didn’t work. I stopped receiving important texts as they were previously RCS and that refused to validate no matter what I did.
Google has made it extremely hard to degoogle.
Same issue, I just did web browser instead
I suggest just exporting and using a different 2FA app, especially an open source one like Aegis
RCS on GrapheneOS is very finicky and requires using AppOps to enable
READ_DEVICE_IDENTIFIERS, and you have to let carrier services and google messages have more permissions to work. You also might have to deregister your previous phone to use the number (i.e. my old iPhone still had my number in the settings, had to remove it). There’s a very long GrapheneOS thread about it, but the link should be the solution.Authy dropped their desktop app and killed the ability to export. I will have to start from scratch, but I definitely plan to.
I spent a week with that discussion your linked plus several other posts, I just couldn’t get it working. I might have better luck next time I try it though.
Why not just access your financial institutions in a web browser?
That was an inconvenience, but one I could make if it was the only issue. It was more the total accumulation of things. My 2FA app pulling support for “unsigned” operating systems coupled with missing work texts due to RCS failure were the main straws to break the camel’s back. Having to find an alternative and then manually change all 2FA was almost a deal breaker in itself. That played into using a web browser for my financial institution access.
Work texts go to the work phone. Work 2FA also on work phone. I use a hardware TAN generator for web banking.
My work 2FA is physical token based, it is my personal 2FA that causing me problems. Email and text authentication is insecure enough that I try and use a software authenticator whenever possible.
Great point about the work phone. I don’t want a work phone as I don’t have any desire to be reachable 24/7 outside of the rotating week I’m on call, but if I was expected to have email and Teams and everything on my phone I would definitely require one. Thankfully my work texts are all for team updates, heads up about issues, scheduling matters, etc, but I still consider those to be important while not riding to a separate work phone
There is always a trade-off with privacy and security. It’s totally okay to decide you prefer convenience over privacy.
If you wanted to give it another shot:
That was why I wanted to move to GrapheneOS, I could selectively use Google services or apps for convenience while still being more secure than stock Android. I’ll have to plan my next attempt out instead of Yolo and adapt, lol.
I do plan to migrate to a new 2FA, but Authy made that hard by getting rid of their desktop app so you can’t port and have to go to each service and manually sign up a new app one by one. I tend to boycott services when they get that anticonsumer/anticompetitive out of principle.
Missing texts is definitely a deal breaker. I hate how RCS was championed as the “open” protocol and yet only google and samsung are able to implement it… we were lied to. Or i feel lied to idk i thought it was an open knowledge spec when we were hearing about forcing apple to support it.
Convenience and security probably.
The website version of a lot of banks require you login (each time) with a customer numer and then random letters from your password and or pin, which takes forever so I never bother unless I need the website.
Im (more) paranoid whenever I use a sensitive website. Quadruple checking the domain name, am i on https (even tho i use no-http and have a password manager). It’s a bit more relaxing using an app.
Theres probably some security downsides (other than user error), but a modern banking site shouldn’t suffer much since they invest heavily in locking down their shtuff.
Just remember that there are no nice reasons why they are working this hard to keep your phone captive.
We can argue about how bad it will get, but there’s only worse things coming from this effort.
Oh, totally, which is why I am working towards as much decoupling as possible. I plan to replace my Nest gear with Ubiquity for cameras and stuff as I can afford it, and eventually set up my own offline automation server. This can only end badly for consumers.
The collusion between services like Authy and Google indicates this to me, but it’s also effective and means I have to pivot in slower degrees. I am encountering similar issues moving to Linux from Windows, so this is a full Silicone Valley issue.
With respect to 2FA, if you want to be more ready for any future next time, you could migrate to an open-source TOTP app. E.g. andOTP. I use this one, it’s fine. The underlying standards don’t change in decades, so you can choose any compatible client and be without trouble for years and years. And it may be good to do in any case, googlified phone or not. Good apps also tend to provide password-protected backups.
I have no knowledge about RCS though, never used it so can’t tell. Otherwise GrapheneOS user for ~2 years, before that LineageOS, before that CopperheadOS for another few years.
Your absolutely right and I will be moving to an open source TOTP solution going forward, it just sucks that great services keep getting enshitified and we have to keep moving to better pastures. LastPass to Bitwarden, now Authy to something else.