Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
lollobomb 2 days ago

I am a long time GrapheneOS user, amazing project. One thing that is not clear to me is the support for NFC payments. Las time I checked, NFC payments on Graohene didn't work at all, but I am reading on this thread that some users do manage to pay via NFC? Did Iget this right? Mind explaining how?

I do not use banking apps (I only use banks that allow me to log in via browser using a 2FA which is not a proprietary app, like a FIDO key or other physical dongle), but do I get it right that Revolut would allow me to pay via NFC in this case? Is this something geo-dependent?

prophesi 2 days ago | parent | next [-]

The issue isn't with NFC. It's passing the Play Integrity check that app developers optionally can use to prevent devices that don't pass the check from running their app, or remove parts of its functionality. IIRC I don't think any custom ROM's can pass the check. So you might be able to pay via NFC with a banking app if they don't implement the Play Integrity API. For Graphene's thoughts on the matter (2024):

https://grapheneos.org/articles/attestation-compatibility-gu...

2 days ago | parent | next [-]
[deleted]
lollobomb a day ago | parent | prev [-]

Yes, I know the issue, but my question was more: is Revolut one of such banking apps?

acheong08 a day ago | parent [-]

Yes https://discuss.privacyguides.net/t/revolut-is-blocking-new-...

mbananasynergy a day ago | parent | next [-]

GrapheneOS community manager here: They weren't using Play integrity and we were able to work around what they were doing, so Revolut should work again. They can decide to use Play Integrity in the future, though.

lollobomb 13 hours ago | parent [-]

Hey, thanks, I missed the news! Will try again!

lollobomb a day ago | parent | prev [-]

OK, and then these HN users who report being able to pay via NFC with Revolut on Graphene OS are lying? Sorry, I am confused :|

mbananasynergy a day ago | parent [-]

Revolut currently works fine on GrapheneOS. If they decide to adopt Play integrity, it won't work unless they whitelist GrapheneOS, which banks have started doing.

kytazo a day ago | parent [-]

Impressive! Glad to be able to use Revolut again. Wondering, is this a change or their end or some workaround implemented by Graphene?

strcat a day ago | parent | prev | next [-]

NFC payments work on GrapheneOS. Curve Pay works with GrapheneOS and is available in the UK And European Economic Area (EEA). PayPal launched tap-to-pay which works with GrapheneOS but has very limited regional availability. Many European banks provide working tap-to-pay with GrapheneOS.

The issue is apps banning using a device not licensing Google Mobile Services or a non-stock OS via the Play Integrity API. Google Pay does this and a lot of banks outsource tap-to-pay to Google Pay instead of providing their own like many European banks. GrapheneOS users in Europe have multiple options. Users in the US often use a smartwatch for this purpose which includes the option of Garmin Pay rather than only Apple Pay and Google Pay.

The choices depend on the region. It would be nice if the Play Integrity API was forced to permit GrapheneOS via hardware attestation verification by regulators. We're pushing for it in Europe.

WhyNotHugo a day ago | parent | prev [-]

AFAIU, there's two forms of NFC payment:

- Adding your card to Google Wallet. - Using a banking app which actually implements payments via NFC.

Many banks used to implement the latter, but dropped it in favour of "just use Google Wallet". In the Netherlands, it seems to be all of them. This varies a lot per region.

I believe that the "just use Google Wallet" banks are the ones that don't work.

Also (as others have mentioned): many banks perform integrity checks, to ensure that you're using a software chain signed by Google.