Not universally true, I use banking apps on my Pixel running the latest GrapheneOS. There is literally nothing I cannot do on my phone. I think it's possible that no US banks have apps that can be used as it seems a universal experience among Americans.

Do Android Auto and VoLTE / VoWiFi work on Graphene these days? I also remember Google Maps and Uber being extremely problematic

Android Auto is supported on GrapheneOS:

https://grapheneos.org/usage#android-auto

VoLTE and VoWiFi are supported if your carrier supports it.

Google Maps and Uber work fine, provided you install sandboxed Google Play.

Uber, Google Maps, VoLTE, VoWiFi, and eSIM work. You may need to install the sandboxed Google Play Services from the Apps app.

Android Auto is completely disabled as an opinionated security measure.

Google Pay and some banking apps (ones that require Google's Play Integrity API) will not run. GrapheneOS doesn't attempt to spoof these APIs because they are moving towards cryptographic verification [0]. Most apps don't require this check but if they do you are out of luck unless you can get the app developers to trust GrapheneOS's keys.

[0]: https://grapheneos.org/articles/attestation-compatibility-gu...

Note that Android Auto has been supported in GrapheneOS for a while:

https://grapheneos.org/usage#android-auto

Ya kept wanting to try Android Auto but when they released I failed to find the toggle xD

Nowadays it's the Google's Find My Tag network which will be unsupported.

I think they work if you install Google Play Services (as a sandboxed app). What doesn't work for me is contactless payments with Google Pay however Google Wallet itself works. But I think that is actually intended and for security reasons.

Google Wallet is usable on GrapheneOS, but Google artificially restricts contactless payment functionality to Google-certified OSes.

It's not a real security check that they're doing, but rather just checking for certification, which is very unfortunate.

Using banking apps on a phone is dangerous because if your phone gets hacked (and Linux kernel has extremely large attack surface), the attacker gets access to both the app's session and SMS codes that are used to confirm operations. People who use banking apps must be crazy or don't care about their money.

Excluding phones, Linux desktop, and Windows which doesn’t have a better record in vulnerabilities, leaves out essentially MacOS!

Using desktop and a phone as a second factor to confirm operations is relatively safe. At least compared to using only a phone.

Actually OTP hardware devices are a proper solution to this, but banks are mostly deprecating them, unfortunately.

and why do you think that is? *ponderingfaceemoji

banks and gov sites say it's because of security, but accept SMS. so we know what it's really about

I don't. Deliberately exposing people to risk for fun?

I think I do. It costs money and people in general don't appreciate it. Also while "malware on phone stealing money" is technically possible, it doesn't happen (much?), and most people get scammed in easier and more effective ways (see crypto) instead.

I still hate it, but can't do much about it.

Can give one anecdote: I've been using Graphene for about a year and all banking apps work just fine. In fact, I've never had as little issues with any other custom rom. It's quite crazy just how good Graphene is.

Not a custom ROM maker, though I did get lost trying to plan one for my old Xiaomi Mi A3 (laurel_sprout). Another guy did make a unofficial LOS for it though.

Custom ROMs nowadays require you to be scouring Qualcomm out of tree source repositories (or firmware dumps of equivalent phones, I think, in the case of Mediatek). It's impossible to guarantee quality with this conditions. Even if you just want to have a pristine kernel tree of the original firmware you may find, if it was ever released, it was squashed on the wrong source commit (again, laurel_sprout, though a random Github angel fixed it).

So Google's devices tend, thankfully, to have better sources. Additionally, GOS team is competent and, for now, sustained full-time by donations. Those three conditions are what allow GOS to be a very good ROM.

Do note: it has its quirks, specially with the new trimestral code dumps by Google where half-baked features are on the source (though disabled by feature flags).

I've used GrapheneOS for years and I'm doing banking on my phone just fine.

My banking apps worked for me on GrapheneOS once I installed Google Play services.

The only 'banking' app I've had not work on GrapheneOS is Cash App, but then I just go to the website and use the web UI.

there is (or at least can be) some risk tolerance within any so-called 'threat model.' but i absolutely take your point and agree with you.

nary the case but i suppose if i absolutely needed to access any finances from my mobile device, it certainly wouldn't be from one of said institution's own mobile apps, but via web browser.

> i suppose if i absolutely needed to access any finances from my mobile device, it certainly wouldn't be from one of said institution's own mobile apps, but via web browser.

I used to do home banking from my bank's website. Recently, they created a digital-only branch for customers who mostly do home banking and only rarely need to go in person to the bank. They asked their customers if they wanted to switch and offered services at the same or lower cost than before. I made the switch, but found out that unfortunately the new website lacks some functionalities that are only available from the mobile app. I guess they are assuming that most people would just use their phone anyway and didn't bother to reach feature parity between the website and the app, preferring the app.

crazy. it's remarkable to me that lawyers actually do explicitly, if not expressly, account for these kinds of technical decisions, ultimately made in surreptitious fashion by the business, when drafting usage terms. i.e., you would've (or, a lawyer determind, should've) been able to find notice of this change somewhere buried in the new service terms. i at least have faith in that much.

i hope you switched back, lol.

Your bank doesn't have a mobile website?

It does but have to use the app to deposit checks.

Minor conveniences like this are not worth the complete erosion of privacy, in my opinion. Just go to the nearest ATM to deposit checks (who uses checks anymore, btw?) and use the site for everything else. Not everyone even has a smartphone, and out of those that do, many prefer banking on their laptop over their phone anyway, which incentivizes banks to create feature-rich websites. If the mobile site isn't any good, usually the "desktop site" isn't too difficult to navigate on mobile, if you need to.

The nearest branch or ATM is 2+ hours driving. Desktop site doesn't do check deposits.

  who uses checks anymore, btw?

business organizations. the rest of your points are well said.

Go for a walk every day, and occasionally make your walk to an ATM?

You can also contact your bank and tell them that you want to be able to deposit checks via the Web site.

If enough people do this, and don't use the overly-proprietary app, the bank might listen.

>Go for a walk every day, and occasionally make your walk to an ATM?

There are workarounds, but it sounds annoying and a burden. What if the closest bank branch is an hour on foot away? Or the OP lives in a rural place and it's half an hour drive? I don't have this problem since my bank works with graphene, but I would reconsider using it if most applications I use refused to load.