Pretty sure this also requires the banks to then accept those attestation keys. ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		lucb1e on Jan 21, 2025 \| parent \| context \| favorite \| on: Reverse Engineering Bambu Connect Pretty sure this also requires the banks to then accept those attestation keys. Graphene pushes for them to do this, so you can't simply run whatever open OS you want on your device (like on desktop where you can also do online banking), you need to specifically use some third party service that then tells the banking software it's really okay to run on your device. I do find this to be a bit crappy, but at the same time it's quite amazing that Graphene has enough traction to convince many app vendors they should support an open/secure OS!

Arch-TK on Jan 23, 2025 [–]

They don't have the traction. In my experience almost nothing (except for google pay) uses a whitelist for the keys. They just request attestation. This is presumably because there are too many android phone vendors using too many versions of different keys to reliably check for this.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact