I took the plunge into GrapheneOS a week ago. I picked up a new Pixel10 Pro and never even tried the stock OS (except to unlock the boot loader).
I've got almost everything working the way I want. There were a few non-essential banking apps that won't install. The most annoying problem I had is when I tried to install Strava, which I cannot get working. The app installs, but it will not let me sign in. I guess I need a replacement, because I use that app a lot.
The most hilarious is McDonald's app - it refuses to work without Play Integrity check. I wonder what braindamaged reasoning is behind this. Do they want to position themselves as a bank or something?
I recall a year or so ago, there's been a story about someone hacking McDonalds loyalty program, with that app doing something stupid like storing your balance on the client or something. It seems instead of firing whatever offshore sweatshop that made that, they just doubled down on "mitigations".
Was it this it this one by Eaton Works?
https://news.ycombinator.com/item?id=42462354
the app actually did the play integrity thing long before that :P
Fastfood apps typically offer deals to new customers.
I suspect this is an attempt to prevent folks from spinning up many new accounts to get these deals.
What would anyone use an app to order food from McDonald's? Just walk into the restaurant, pay cash, and walk out with the food.
McDonald's app (other other similar apps) offer discounts to ordering through their app.
For example, McDonald's has a long running campaign, 99¢ for coffee. Any size, iced or hot.
Also on the homepage: "Volkswagen started blocking GrapheneOS users"
Huh, it works just fine in the UK. Wonder if they have different builds (or completely different apps) for different regions. Or maybe it's the GrapheneOS compatibility layer that makes it work? Not sure.
Play Integrity has several levels. GrapheneOS MEETS_BASIC_INTEGRITY, which I believe only requires a locked bootloader and no superuser.
There's also been some discussion of spoofing MEETS_DEVICE_INTEGRITY, since before Android 13 it didn't rely on a TPM, and many apps don't want to lock out older devices, but it's been decided against it [0].
[0] https://github.com/GrapheneOS/os-issue-tracker/issues/1986
I saw on the GrapheneOS forums that some people had managed to get it working, but I was unable to do so.
My bootloader is locked, because I re-locked it after installing GrapheneOS. The app runs, but refuses to let me log in. I even tried (temporarily) using a browser to login, and let the browser switch to the app in the process. Nada.
It's ridiculous that Google bills their "DEVICE INTEGRITY" initiative as a security feature, when GrapheneOS, which is a more secure platform, cannot use it.
Hmmmm.... Actually you can have an unlocked bootloader for the basic integrity level.[0]
[0] https://developer.android.com/google/play/integrity/verdicts
"Strava is an American internet service for tracking physical exercise which incorporates social networking features."
Sounds like spyware, to be honest.
I run Strava on my Pixel 10 Pro Fold running GrapheneOS. IIRC you need to have Google Play Store installed (with zero permissions, preferably) to make Strava work.
Both Google Play Store and Google Play Services are installed, with minimal permissions. Strava still does not work.
I know a friend is using Strava on his Pixel 10 running graphene so there should be a way
There should be a way, but I have not yet found it, and I've spent some time on this. I've installed/uninstalled Strava about a dozen times, rebooted each time, tried various permissions, but stood my ground on some of the permissions. Should I give Strava access to my photos and my microphone? I'll never go that far.