Will the sandboxed google play permit banking apps to work using TPM and secured credentials?

Is it even possible to store secure credentials properly?

I would expect whatever you initialised before grapheneOS is wiped before you can run the alternate OS.

Is termux possible with a root/sudo function?

> Will the sandboxed google play permit banking apps to work using TPM and secured credentials?

Apps that don't work don't fail due to technical reasons but because upstream says so, i.e. Google Wallet. My banking app works just fine.

> I would expect whatever you initialised before grapheneOS is wiped before you can run the alternate OS.

Yes.

> Is termux possible with a root/sudo function?

GOS doesn't support root by itself since they deem it a security risk, but it's possible.

My banking app works fine on GrapheneOS today, but not every banking app does. If it depends on Google Play Integrity with strong integrity it won't because Google has successfully sold the blatant anti-competitive lie that you need to vendor lock-in your users to their OS to get security on mobile.

Secured credentials work fine, everything works fine except stuff that by design is locked in to Google like Google Pay.

I don't think GrapheneOS team would partner with a vendor unless their security/usability standards were met (considering how long it took since the initial announcement) so I'm expecting feature parity with Pixel variants.

No, grapheneOS fails both DEVICE_INTEGRITY and STRONG_INTEGRITY checks.

I think most banking apps already do work on GrapheneOS (not sure about TPM/secured credentials though). Graphene IIRC keeps a compatibility list somewhere. Some don't work, of course, but more do than I would have expected.

For me, the big question is if Google Wallet & its NFC payments will work. They don't on GrapheneOS currently, but if Motorola plans for this to be a fully Google-certified phone with GApps and everything, it will have to, somehow.