SafetyNet, Play Integrity and Android Auto
GrapheneOS supports hardware attestation and has much stronger security than even the stock Pixel OS but isn't Google certified. Play Integrity and legacy SafetyNet Attestation check for Google certification, not any form of security. We have concrete plans to address this issue.
Due to hardware attestation and the support for it via the strong mode for Play Integrity and legacy SafetyNet Attestation, spoofing the Google certification checks is a lost cause over the long term. This is why we refrained from spoofing the much more commonly used basic mode.
Long term, the solution will be to convince organizations to support GrapheneOS by switching to directly using the hardware attestation API which has alternate OS support. See https://grapheneos.org/articles/attestation-compatibility-guide.
This is much easier to use now that there's an official library for it.
In the meantime, we've decided to work on spoofing the software certification checks due to greatly expanding adoption of this security theater. We could add a notification for apps using this telling users to ask the developers to do it in a better way, not Google certification.
We're aware that an SDK used by many banking apps has recently adopted the weak software Google certification checks. This has greatly increased the priority of a short term workaround. When we have time, we'll contact company making the SDK and some of the banks with our guide.
At some point, these SDKs are going to start using the strong mode and it's going to end the ability to spoof the checks. It's why we refrained from doing it because we know it's setting up events in the future where many apps suddenly lose compatibility from server side updates.
Extending our Sandboxed Google Play compatibility layer to support Android Auto is currently a top priority. It's nearly ready to ship, and after that the developer working on it will move on to a workaround for this to delay needing app developers or governments to solve it.
That’s great news. I know android auto is a big sticking point for many potential users of nostr:npub1235tem4hfn34edqh8hxfja9amty73998f0eagnuu4zm423s9e8ksdg0ht5
It’s like Elon buying twitter. He does the censoring now so he’s happier
X is feeling more and more like the Elon-dog-whistling-verse for fake free speech maxi’s.
Normies that don’t fit into the right wing or praise Elon camp have slowly been disengaging and leaving for Bluesky and Threads.
Bitcoiners should take note of this and spend more time in other places, and yes here on #nostr too. I know many folks in my progressive/left camp need nostr:npub1fpcd25q2zg09rp65fglxuhp0acws5qlphpg88un7mdcskygdvgyqfv4sld's message, so we’re going to them on these other platforms as well.
Rules, not rulers definitely applies here.
The number of ppl jerking themselves off in excitement because Elon said the ::: F word ::: in an interview pretending like he cares about freedom is appalling. He cares only about his well being and bottom line, stop the idol worship
So, uh, hate to break it to all those cheering for @npub1qtvl2em0llpnnllffhat8zltugwwz97x79gfmxfz4qk52n6zpk3qq87dze so far but it seems they’re already censoring transactions intentionally…
Details here:
https://x.com/checksum0/status/1730004768410493183?s=46
How it started: How it’s going:
nostr:npub1qny3tkh0acurzla8x3zy4nhrjz5zd8l9sy9jys09umwng00manysew95gx Perhaps you guys can cover on RHR this week?
Looks absolutely gorgeous.
How’s the weather holding up out there? I hear some of the islands can be wet in November/December
100%
Lifelong vegetarian and I think the issue is many western diets vegetarian foods are probably not as delicious as their non-veg alternatives. Thai/indian/malaysian vegetarian food is next level because they have used many more spices for thousands of years compared to western diets. It is funny to me when Americans refer to salt/pepper (maybe oregano and thyme or cayenne pepper if adventurous) as spicing their food.
The US is not known to respect borders
Fixed it for ya 😉
Always funny when privacy oriented services treat VPN customers like second class citizens
I’m loving it with silent.link
Note you do have to install play services temporarily (I did so on public Wi-Fi), turn on esim management, install the esim from silent link. Then you can again uninstall play services and the esim continues to operate
This may be helpful for apps and services you may want to consider:
Haha that’s the best privacy policy my friend
You’d be shocked to learn the margins in clothing. Often 80%+ so they can afford the 50-60% off to move obsolete inventory and still pocket enough for overhead
I don’t think vanguard has an etf proposal out?
Maybe get an opinion from a real doctor, nostr:npub1k7vkcxp7qdkly7qzj3dcpw7u3v9lt9cmvcs6s6ln26wrxggh7p7su3c04l any thoughts on this? If I had to guess, it’s normal and always happened, just wasn’t reported as frequently. But I am purely speculating
⚡ INSTAZAP ⚡
Today we’re launching the fastest way to pay a zap split.
- Zap at https://makeprisms.com/zap
- Zap 100 people in under 30 seconds
- Zap 100 Nostr devs here: https://w3.do/uVt5f3ta
$boost $like #zap
Nicely done
High fees can't stop the coinjoin of the week! There are 299 inputs in this transaction, switch to a privacy wallet today and make it 300 next time.
Number of inputs: 299
Number of outputs: 251
Value: 23.9421712 BTC
Fee rate: 80.9 sats/vbyte
Input anonset: 6.36
Output anonset: 7.38
https://mempool.space/tx/c88b87d8ede8c8d16ceb0b38ad9867d5e9b9b88dac06e0379cd23df86f3b2378
Is there a simple way to understand how much in coordinator fees I would pay to coinjoin, for example, 1 btc?
“However, the approach favored by Milei is very different to that favored by Bukele. El Salvador’s leader, for example is very much centred on Bitcoin adoption while Milei has historically been a champion of crypto in general. Not only that, Bukele has been a vocal critic of the idea of dollarization.”