Swissquote Bank is in the process of adding official support for GrapheneOS to their main app. They've published a Beta version of the app with GrapheneOS support for us to share with our users. Can use appdistribution.firebase.googl to obtain it via the sandboxed Play Store.

Swissquote previously added GrapheneOS support to their Yuh financial app. They're following our guide on using hardware attestation as an alternative to Play Integrity able to support more than Google Mobile Services hardware and operating systems: grapheneos.org/articles/attest.

Show thread

The link we provided might not work in Vanadium since Firebase appears to use the Client Hints headers to detect the OS version. We set the OS version in the Client Hints headers to the frozen User Agent value which is Android 10. May need to install and use Chrome to access it.

Show thread

We've previously seen an issue where a site used the Client Hints provided OS version to ban using incredibly out-of-date Android versions. We didn't remove the Client Hints headers because that trips bot detection. Reusing the frozen User Agent values was working quite well.

Show thread
Follow

@GrapheneOS What Client Hints is the Tor Browser providing? Maybe it would be good to sync with them or other privacy-oriented browsers if you decide to update the values? This way the anonymity set will be larger.

@elgregor There isn't much reason to sync them. It won't blend in with other browsers. Vanadium having privacy and security features visible to sites means it will be uniquely a Vanadium browser. Expanding the Vanadium userbase outside of GrapheneOS via the Play Store and our App Store once it has more features is what's needed to deal with this.

Sign in to participate in the conversation
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml