From 9a93d0c8dd744a4ff730f5f8007ccdadc43300c6 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Sat, 11 Sep 2021 04:30:56 -0400 Subject: [PATCH] expand banking app information --- static/usage.html | 46 ++++++++++++++++++++++++++++++++++------------ 1 file changed, 34 insertions(+), 12 deletions(-) diff --git a/static/usage.html b/static/usage.html index e06ca87e1..4a9a5d2eb 100644 --- a/static/usage.html +++ b/static/usage.html @@ -772,18 +772,40 @@

Limitations

Banking apps

-

Some banking apps on GrapheneOS will work fine in any configuration of the operating - system, however due to apps requiring the usage of the Google SafetyNet API, which is only - present if the sandboxed Google Play Services are installed, they may fail to launch. Apps - can mandate that they require the "CTS Profile" check to pass, or the weaker, - "basicIntegrity" check, both of which are provided by the SafetyNet API. The latter - will pass on GrapheneOS but the former will not. App developers could instead use the standard - Android hardware attestation API which provides far stronger assurance on GrapheneOS to verify the - integrity of the operating system by following our guide here. Some banking apps - will attempt to use ptrace as a crude form of debug prevention which fails when the user - disables the "Enable Native Debugging" toggle in Settings, in the Security menu. It is - suggested to try with this toggle enabled and then with the sandboxed Google Play Services - installed if your app does not work.

+

Banking apps are a particularly problematic class of apps for compatibility + with alternate operating systems. Some of these work fine with any GrapheneOS + configuration but most of them have extensive dependencies on Play services. For + many of these apps, it's enough to set up the GrapheneOS sandboxed Play services + feature in the same profile. Unfortunately, there are further complications not + generally encountered with non-financial apps.

+ +

Many of these apps have their own crude anti-tampering mechanisms trying to + prevent inspecting or modifying the app in a weak attempt to hide their code and + API from security researchers. GrapheneOS allows users to disable native code + debugging via a toggle in Settings ➔ Security and this can interfere with apps + debugging their own code to add a barrier to analyzing the app. You should try + enabling this again if you've disabled it and are encountering compatibility + issues with these kinds of apps.

+ +

Banking apps are increasingly using Google's SafetyNet attestation service to + check the integrity and certification status of the operating system. GrapheneOS + passes the basicIntegrity check but isn't certified by Google so it + fails the ctsProfileMatch check. Most apps currently only enforce + weak software-based attestation which can be bypassed by spoofing what it checks. + GrapheneOS doesn't attempt to bypass the checks since it would be very fragile and + would repeatedly break as the checks are improved. Devices launched with Android 8 + or later have hardware attestation support which cannot be bypassed without leaked + keys or serious vulnerabilities so the era of being able to bypass these checks by + spoofing results is coming to an end regardless.

+ +

The hardware attestation feature is part of the Android Open Source Project and + is fully supported by GrapheneOS. SafetyNet attestation chooses to use it to + enforce using Google certified operating systems. However, app developers can use + it directly and permit other properly signed operating systems upholding the + security model. GrapheneOS has a + a + detailed guide for app developers on how to support GrapheneOS with the + hardware attestation API.