by wolvoleo a day ago
Hmm the one thing I'm kinda missing with grapheneos is mobile payments. The banks here in Europe used to have their own nfc apps but in my country they've all moved to Google wallet :( or Samsung pay.
I don't want Google monitoring my payments so I'm using Samsung now but I'd love to have something more open for this.
I was kinda hoping the partner would be Samsung so they might collaborate on a payment system too. I don't think Motorola has anything like that.
If you're in Europe you can use Curve Pay, PayPal and multiple banks which haven't moved to Google Pay. Alternatively, pay in cash if you want privacy.
You cannot pay with cash in a lot of places in my European country. The number of no cash places is increasing by day.
You can use your debit card though.
Curve Pay refused to give me an account on my Murena FP6 and no local bank offers contactless without google pay, so I'm stuck using a bank card like a caveman.
> so I'm stuck using a bank card like a caveman.
What is "caveman" about a payment method that doesn't need to have a charged battery?
Cloning a mag strip is trivial, cloning a tap-to-pay tag a bit more complicated.
> Curve Pay refused to give me an account on my Murena FP6
That's probably because /e/OS uses microG, which is vastly inferior to Sandboxed Google Play on GrapheneOS, and has much worse app compatibility. You should also know that /e/OS is a highly insecure OS, and both Fairphone and Murena are constantly misleading their customers with false marketing and false promises.
MicroG has two huge advantages: you can inspect the code it's running, and you're not tied to Google services. For example you can replace the location service with a privacy respecting one. With the sandboxed play you can't do that, you're stuck with the Google version. The only thing you still need Google for is the push notifications, because the backend of the apps only speaks to them.
It would be amazing if grapheneos would support microG as an option. But they are too much "not invented here" for that to happen.
> you can inspect the code it's running
That's only true for microG itself, not the Google blobs it needs to download and execute in order to function. GmsCompat on GrapheneOS is also fully open source.[1]
> For example you can replace the location service with a privacy respecting one.
GrapheneOS literally does that.[2] It's currently not perfect in regard to privacy because they are using Apple's Wi-Fi positioning service, but proxying it through their own servers, so Apple never gets the user's IP address or any unique identifiers, and link the location information to any other data. One thing Apple currently does better than most network location providers is the fact that they don't just return position data for one BSSID, they actually give you the data for hundreds of nearby BSSIDs as well[3], which is more private, and means that much fewer requests need to be made to the service.
Because of this aforementioned aspect, Apple's Wi-Fi positioning system is also incredibly easy to scrape. GrapheneOS plans to build their own database, and let users download it, so Wi-Fi positioning could be performed fully locally.
> It would be amazing if grapheneos would support microG as an option. But they are too much "not invented here" for that to happen.
GrapheneOS doesn't support microG, because it has worse app compatibility than Sandboxed Google Play, and requires elevated privileges, unlike SGP.
[1] https://github.com/GrapheneOS/platform_packages_apps_GmsComp...
[2] https://grapheneos.org/features#network-location
[3] https://github.com/acheong08/apple-corelocation-experiments
If this partnership with motorolla becomes a success, samsung will follow as will the chinese.
If Samsung gets support for Graphene I would be a happy man.
Motorola phones are Chinese, aren't they? They mention being a Lenovo company in the article.
Yes, Motorola is a Chinese company.
This is a shame for the American old mobile phone industry. There was always potential in the brand and the phones they produce that deserved to be saved.
Now hopefully Lenovo does it justice, unlike Thinkpad which they have milked and diluted everything out of.
If you don't want your payments to be tracked you need to use cash or crypto. Otherwise, just use a credit card. I really don't see how unlocking a phone is easier or more convenient than using a credit card.
The watch is on my wrist, or the phone is already in my hand. The credit card is buried in a wallet that needs to be taken out of and put back into a pocket.
Also “unlocking” isn’t an inconvenient step, on iPhone it just happens automatically. As it should on android if the fingerprint sensor is in a convenient location.
Ease of use is, unfortunately, exactly what Apple and Google request your data for in exchange.
There are wallets like ridge that I use for NFC with card, there’re also phone cases with card holders. It’s not like there’s no solution to this problem..
> The credit card is buried in a wallet that needs to be taken out of and put back into a pocket.
It's a good work-out. Almost as tough as pouring a can of soda into a glass. You'll feel the difference after just a week!
Im on graphene right now and this was an issue, but a ten dollar sticky card wallet on the back of the phone made it identical.
Umm, assuming you have the same opinion as grandparent comment, you don't want google tracking your payments but you'll happily trust google's pinky promise about your fingerprint being stored only on the phone?
I’m not commenting on the security/privacy. Only the convenience. And I find tap to pay extraordinarily convenient - a significant upgrade over the plastic card.
Strapping your card to your phone in one of those magnetic card wallets seems to achieve the same level of convenience, or close, and avoids all of the downsides of running a Googled system.
I personally find using a plastic card more convenient than fumbling for my phone and unlocking it (I don't use biometric unlocking as it's not protected by the 5th.) It's also easier to go somewhere without a phone (yes, it's possible) when you have a card on hand.
Curve works on GrapheneOS. I use it weekly.
I remember Curve being acused of some fishy things happening but I cannot tell you anymre which it was. So I am carefull with Curve.
PayPal's tap-to-pay also works without Google Wallet (and therefore on GrapheneOS). It isn't any more open than Samsung Pay though.
Hate to break it to you, but 100s of third parties are privy to your exact payments including locations. Google could easily buy that information.
I was hoping more banks would introduce support for U2F. In Europe ING was one of the first if not the first, but so far few followed.
Yup, tried Graphene but went back to Android because of NFC payments.
Using your phone instead of a plastic card is that important to you, at the cost of your privacy?
Yes. Until we can use our palms to pay like they do in China. I lost too many cards when I was still using them.
With the adoption of Wero that should stop being a problem. As long as your bank app works on GrapheneOS.
Wero makes it worse not better.
With wero you must have play integrity and you can't even have developer mode turned on which is frankly ridiculous. I don't know of a single app that requires that. Source: https://support.wero-wallet.eu/hc/en-us/articles/25599098295...
They had a great opportunity to make an ecosystem not dependent on google and apple and they utterly failed. You can't even log into it on the web, you must use the app.
That's for the Wero wallet app specifically, no? I use iDEAL through my bank app and it works great, I'd assume it won't change with Wero since it's basically the same thing
Wero extends iDeal in that it comes with its own app/wallet and user account service. A bit like Paypal.
A step backwards, in my opinion. I'm not sure what this system adds that sharing an IBAN doesn't, but then again Tikkie's conquered that market pretty quickly for some reason as well and each bank has had to copy that feature individually.
https://support.wero-wallet.eu/hc/en-us
There are separate sections for "Wero in your bank app" and "Wero in the Wero app", so I assume the Wero wallet won't be mandatory
If you click on a specific bank on the Wero app page, for many banks it will just redirect to the bank's app.
> I don't want Google monitoring my payments
If you don't want Google monitoring your payment you shouldn't use mobile payments. In fact you shouldn't even use cards, because those likely have agreements with Google for data sharing. If you're serious, it's simple, just use cash.
Mobile payments used to work without any interference from Google through a bank's own implementation of the wireless payment protocols. On iPhone you got stuck with Apple's system (they restricted their NFC stack so competitors couldn't do this) but most phones were paying wirelessly without Google ever seeing a transaction.
Over the years banks phased out their NFC support and all moved to Google Wallet on Android, I think the last bank finished their transition a year and a half ago. A real shame.
> used to work without any interference from Google
Google owns the operating system. If they want to see what the apps are doing, they can.
This is like believing that Facebook can't read your whatsapp messages because they're E2E. They own the interface!
That's what GrapheneOS is for