I currently have a complaint at kifid (instititute for complaints against financial service providers in the Netherlands) against Revolut because it doesn’t work on degoogled phones. They claim it makes it more secure. Can anybody point me to a study or expert opinion on the security benefits of safetynet and how it protects android phones?
My inkling about googled OEM phones is this:
- many are old
- many aren’t receiving patches anymore
- many receive security patches late (weeks or months)
And regarding degoogled phones:
- they are more likely to get security patches more quickly
- they are often maintained longer than OEM phones
- certain ROMs like calyxos and grapheneos (to a certain degree eos) are actually more secure than stock OEMs due to either
- security focus
- faster security patches
- being limited to relockable bootloaders
Revolut claims that allowing these ROMs (or similar ROMs) to run their application would reduce the security of the application. I’m not a security expert so it would be nice to find out if that really is true for android.
This was posted on mastodon and reddit for reach.
It is a security theater and akin to pat your back feel good. Your app is secure, yay!
Same with apps blocking functionality due to VPN usage or detecting USB debugging or developer settings.