Swissquote Launches Official Support For GrapheneOS
-
Swissquote has launched official support for GrapheneOS for their main app instead of it only being available for Yuh:
Swissquote - Apps on Google Play
Trade, invest and bank! Your all-in-one banking solution for smarter finances.
(play.google.com)
What’s new
- We now officially support GrapheneOS!
- Bug fixes and minor improvements
They're verifying GrapheneOS via hardware attestation.
The code added for verifying GrapheneOS would be easy to extend on the server side with support for other alternate operating systems. They could also support future non-Google roots of trust to permit hardware not certified by Google. It still restricts what can be used but is at least extensible.
More apps using the Play Integrity API should implement this. It can initially be integrated to allow either the Play Integrity API or hardware attestation. Hardware attestation can be used to fully replace the Play Integrity API at the expense of legacy device support but that's not mandatory.
See https://grapheneos.org/articles/attestation-compatibility-guide for more information. Apps implementing this need to add new verified boot key fingerprints when GrapheneOS adds support for more devices since per-device keys are important for security. For our own devices, we could simply have our own attestation root of trust.
GrapheneOS (@GrapheneOS@grapheneos.social)
See https://grapheneos.org/articles/attestation-compatibility-guide for more information. Apps implementing this need to add new verified boot key fingerprints when GrapheneOS adds support for more devices since per-device keys are important for security. For our own devices, we could simply have our own attestation root of trust.
GrapheneOS Mastodon (grapheneos.social)
-
Swissquote has launched official support for GrapheneOS for their main app instead of it only being available for Yuh:
Swissquote - Apps on Google Play
Trade, invest and bank! Your all-in-one banking solution for smarter finances.
(play.google.com)
What’s new
- We now officially support GrapheneOS!
- Bug fixes and minor improvements
They're verifying GrapheneOS via hardware attestation.
The code added for verifying GrapheneOS would be easy to extend on the server side with support for other alternate operating systems. They could also support future non-Google roots of trust to permit hardware not certified by Google. It still restricts what can be used but is at least extensible.
More apps using the Play Integrity API should implement this. It can initially be integrated to allow either the Play Integrity API or hardware attestation. Hardware attestation can be used to fully replace the Play Integrity API at the expense of legacy device support but that's not mandatory.
See https://grapheneos.org/articles/attestation-compatibility-guide for more information. Apps implementing this need to add new verified boot key fingerprints when GrapheneOS adds support for more devices since per-device keys are important for security. For our own devices, we could simply have our own attestation root of trust.
GrapheneOS (@GrapheneOS@grapheneos.social)
See https://grapheneos.org/articles/attestation-compatibility-guide for more information. Apps implementing this need to add new verified boot key fingerprints when GrapheneOS adds support for more devices since per-device keys are important for security. For our own devices, we could simply have our own attestation root of trust.
GrapheneOS Mastodon (grapheneos.social)
