Final on Nostr: Revolut insecurely checks the ro.boot.verifiedbootstate property and forbids it being ...
Revolut insecurely checks the ro.boot.verifiedbootstate property and forbids it being yellow, which means a locked device with an aftermarket OS that's being cryptographically verified by the firmware. They permit it being orange, which means an unlocked device with any OS.
They're specifically banning having a device that's locked with an aftermarket OS rather than banning having an unlocked device or an aftermarket OS in general. Similarly, they're specifically banning the value `grapheneos` for ro.build.user/ro.build.host.
Having the verified boot state at orange is unsafe, it means verified boot is disabled. There is no verification of OS integrity after each boot and update. There is no protection against exploit persistence nor a threat choosing to push a malicious update that is not signed with the same key as the originally installed operating system.
Both of these things and other similar insecure, useless checks are being done by several different SDKs. Revolut's app is full of sketchy, insecure third party libraries. They certainly don't take security seriously as they claim in their message about banning GrapheneOS.
We've fixed both of the ways they're banning GrapheneOS for our next release. Since third party SDKs are what's being used to do it, our hope is that this fixes a few other poorly written banking/financial apps doing similar stuff to ban aftermarket operating systems.
These are the full set of changes fixing Revolut's ban on GrapheneOS:
https://github.com/GrapheneOS/platform_build/commit/bcd027b1273db32d6361092c635bf52a5d08c0e7
https://github.com/GrapheneOS/platform_build_soong/pull/24/commits/cc62edd5c3af000a6089fe2cceef10b9458f8aae
https://github.com/GrapheneOS/platform_system_core/commit/971110e37d73b5acb6e806b62146dcdcb29277b2
https://github.com/GrapheneOS/platform_frameworks_base/commit/5c85337ba0c4f5e40811a5a753754f7ccc2bc72f
https://github.com/GrapheneOS/platform_frameworks_base/commit/29c31dcdb5f826f1032a1a4da4dc584dbee8f01d
Other banking apps banning #GrapheneOS will need to be retested after the next release.
They're specifically banning having a device that's locked with an aftermarket OS rather than banning having an unlocked device or an aftermarket OS in general. Similarly, they're specifically banning the value `grapheneos` for ro.build.user/ro.build.host.
Having the verified boot state at orange is unsafe, it means verified boot is disabled. There is no verification of OS integrity after each boot and update. There is no protection against exploit persistence nor a threat choosing to push a malicious update that is not signed with the same key as the originally installed operating system.
Both of these things and other similar insecure, useless checks are being done by several different SDKs. Revolut's app is full of sketchy, insecure third party libraries. They certainly don't take security seriously as they claim in their message about banning GrapheneOS.
We've fixed both of the ways they're banning GrapheneOS for our next release. Since third party SDKs are what's being used to do it, our hope is that this fixes a few other poorly written banking/financial apps doing similar stuff to ban aftermarket operating systems.
These are the full set of changes fixing Revolut's ban on GrapheneOS:
https://github.com/GrapheneOS/platform_build/commit/bcd027b1273db32d6361092c635bf52a5d08c0e7
https://github.com/GrapheneOS/platform_build_soong/pull/24/commits/cc62edd5c3af000a6089fe2cceef10b9458f8aae
https://github.com/GrapheneOS/platform_system_core/commit/971110e37d73b5acb6e806b62146dcdcb29277b2
https://github.com/GrapheneOS/platform_frameworks_base/commit/5c85337ba0c4f5e40811a5a753754f7ccc2bc72f
https://github.com/GrapheneOS/platform_frameworks_base/commit/29c31dcdb5f826f1032a1a4da4dc584dbee8f01d
Other banking apps banning #GrapheneOS will need to be retested after the next release.
quoting nevent1q…e8plRevolut is specifically banning #GrapheneOS by checking for the build machine hostname and username being set to 'grapheneos'. We've changed these to build-host and build-user. Combined with another change, this allow our users to log in to it again until they roll out Play Integrity API enforcement.
There's no legitimate excuse for banning using a much more private and secure operating system while permitting devices with no security patches for a decade. Meanwhile, Revolut's shoddily made app tells users they're banning GrapheneOS because they're "serious about keeping your data secure".
Revolut's app will stop working against once they start enforcing having a Play Integrity API result showing it's a Google certified device. This is not a security feature but rather anti-competitive behavior from Google deployed by apps like Revolut wanting to pretend they care about security.
Revolut uses a bunch of shady closed source third party libraries in their app and it's one of these libraries banning GrapheneOS. These libraries are a major security risk and put user data at risk of being compromised. Revolut is not taking user security seriously at all and is cutting corners.