Dear companies. Please stop using SMS for "authentication". We have 2FA like TOTP. A phone number is a temporary thing that I always change (I only keep a VoIP permanent phone number that often does not work with SMS).
SMS often do not work and they are not secure (sim swapping attacks). Also, you need to pay some SMS delivery service, thus you raise my prices for this obsolete auth tech.
At least allow opt-out and stop requiring phone numbers.
Funny thing is some banking apps don't want to work on GrapheneOS and don't even support a third party 2FA app (like Authy), so instead of biometric authentication using the app they send stupid SMS
If you can't get a banking app to work create a secondary user profile, install sandboxed Play Services and install the app there.
If it still doesn't work, enable Exploit Protection Compatibility Mode first via 'App Info', still have issues then finally enable native code debugging for it.
Check this link for a community compiled resource on Banking App Compatibility and contribute if you can:
https://privsec.dev/posts/android/banking-applications-compatibility-with-grapheneos/
I turned on Exploit protection about three months ago, it didn't help then and I didn't want to deal with it anymore, since it's just my bank that I don't even use much, so I don't really miss the app. Anyway, I tried it again today and the app suddenly works after enabling exploit protection 😄
By the way Great job Graphene, best OS 🖤
"By the way Great job Graphene, best OS 🖤"
Thankyou and I'll pass this on. 🤝
