Long click on the app in GrapheneOS ->> app info ->> and scroll down to "EXPLOIT PROTECTION COMPATIBALITY" - toggle this on when app is installed under the new user account with not many others apps that could potentially leak much data.
This often makes apps like Uber, Bolt and banking apps to magically work
That doesn't help with attestation at all.
Uber, Bolt work without changing exploit protection settings and without attestation for me so far.
If you read the article, you will understand that there can't possibly be a setting that will go around the attestation. If the app requires, it will not work.
Yes it doesn't help with attestation but most apps can work when toggle is on.
Two different problems indeed.
I have run a number of talks about GrapheneOS in 2025, the last one was at nostr:nprofile1qqspj38xer7c32wvjjp3phj6acygdayu83dkn7ttmdu5q8w5r4mc2wspzemhxue69uhky6t5vdhkjmn9wgh8xmmrd9skcqgdwaehxw309ahx7uewd3hkc2grc3l where I glorified the attestation at GrapheneOS, comparing it with CalyxOS lacking it. I think it is good we have it at GOS. Many apps can work inside the browser, who wants to run X on Graphene OS as an app? It's a little spy better to be used in the browser anyway. I get your point at it may become a vector of the attack in some way, but open source software wins every time, even better when with privacy features
It would be fun to see apps running on GrapheneOS only, as a form of awareness building activism!
For instance a fork of signal Molly- GrapheneOS users only until May 2026, that would be fun to watch ;)) not in the spirit of open source but an interesting twist, reversing dynamics....
I would like to see all nostr clients to follow through, it would make everyone to either come back to X on mobiles or finally get that fckn GOS :D
just for 5 months as a part of GOS campaign ;)
..........
.....
...
*)
GrapheneOS — attestation available: GrapheneOS supports hardware-backed attestation (SafetyNet/Play Integrity-style attestations and Android Key attestation) using its secure elements and strict privacy-preserving design.
CalyxOS — no attestation (by default):
CalyxOS does not provide the same device attestation capabilities out of the box, it avoids enabling attestation services that would reveal hardware identifiers or require Google services. As a result, apps expecting platform attestation/Play Integrity will typically fail or cannot obtain a hardware-backed attestation on CalyxOS unless the user explicitly installs and configures additional components (e.g., microG or other attestation bridges), which may reduce privacy.
