Pay securely with an Android smartphone, completely without Google services: This is the plan being developed by the newly founded industry consortium led by the German Volla Systeme GmbH. It is an open-source alternative to Google Play Integrity. This proprietary interface decides on Android smartphones with Google Play services whether banking, government, or wallet apps are allowed to run on a smartphone.

top 34 comments

sorted by: hot top controversial new old

[–] beyond@linkage.ds8.zone 29 points 10 hours ago (2 children)

GrapheneOS is critical of this initiative here and I think their criticism has merit. This simply moves the gatekeeper from Google to a handful of OEM's who won't let you use anything other than their blessed OS's.

[–] potustheplant@feddit.nl 6 points 8 hours ago

Agree. This type of systems are not even necessary.

[–] Delascas@feddit.uk 3 points 9 hours ago (1 children)

Has the GrapheneOS team ever, once, been supportive of ANY other custom ROM initiative? I ask this as someone with both a GOS Pixel10 and a FairPhone 6 running /e/ on my desk this week.

For as good as their security approach is, their constant shit talking of others also making efforts to free us from big tech helps no-one.

Oh the irony of using the phrase "blessed OS's" coming from the GOS camp.

[–] detren@sh.itjust.works -1 points 8 hours ago

Yeah it seems they really let perfect be the enemy of the good.

[–] John_CalebBradberton@lemmy.world 2 points 5 hours ago

This is a fantastic initiative.

[–] devtoolkit_api@discuss.tchncs.de 5 points 7 hours ago

This is huge. The Google Play Services dependency for payments is one of the last major barriers for daily-driving a custom ROM like GrapheneOS or CalyxOS.

Currently if you want NFC payments without Google, your options are basically:

Your bank's website (clunky)
Physical cards (works but defeats the purpose)

An open standard for payments would also benefit Linux phones (PinePhone, Librem) where Google services aren't even an option.

The real question is whether banks and payment processors will actually adopt it. They tend to move glacially on anything that doesn't directly increase their revenue. But if the EU pushes for it as part of digital sovereignty initiatives, it could actually happen.

[–] Corngood@lemmy.ml 82 points 18 hours ago* (last edited 18 hours ago) (2 children)

Furthermore, a peer review process is planned, through which the consortium members will mutually check and certify their operating systems and smartphone or tablet models. “This is intended to create transparency and replace trust with traceability.”

Still doesn't sound very open.

I should be able to tell my bank to only trust devices running an OS signed by the grapheneos key, and more importantly I should be able to tell them to trust an OS signed by my key.

Edit: I don't mean to shit on this too hard. It might be the best next step.

[–] Dojan@pawb.social 17 points 12 hours ago* (last edited 12 hours ago) (1 children)

I don't get why it has to be that complicated anyway. I should be able to just give them my key, why does a OS or device vendor need to be a part of it? When I get a card I need to verify my identity somehow, times past that was me going to the bank, signing a form and showing my ID card. Fucking Tim Apple or Satya McGoogle didn't have a role in that, why should they now?

Sidenote; I know Satya Slopella is Microsoft but I don't frankly care to learn what the pedo in charge of Google is called.

[–] eleijeep@piefed.social 1 points 12 hours ago (1 children)

I don’t frankly care to learn what the pedo in charge of Google is called.

Blunder Pinochet. Or is it Sundial Pinoy. Or Thundercat Pyjamas.

[–] Dojan@pawb.social 2 points 11 hours ago

Compost. That's all they're good for.

[–] benagain@lemmy.ml 48 points 17 hours ago

It is kinda insane though that we've had public/private keys since the internet started walking and somehow we end up with all these over-complicated or pointless ways to use them.

[–] Nyadia@lemmy.blahaj.zone 57 points 17 hours ago (7 children)

I see this topic come up often in conversations about degoogled Android and it makes me wonder what if anything I'm missing out on by just using cash/card for payments, cause not once have I been at checkout and thought to myself "man, I wish I could do this with my phone instead" but people talk about this like it's almost a dealbreaker that makes it hard for them to seriously consider switching to Graphene or Lineage or whatever.

[–] h_ramus@piefed.social 33 points 16 hours ago (1 children)

In a lot of counties banks are becoming mobile first. Want to login in the browser? Authenticate with your mobile app to approve. Don't have a mobile phone with the requisites of the bank? Well, go to the branch, take a ticket, wait and then tell them what you want to do with your money. It's not just about paying, banks are moving online authentication to be dependent on Google or Apple, whatever poison you pick.

This seems like same shit different flies. Still dependent on some centralised approval which doesn't help openness and security. We need alternatives to the duopoly but this ain't it, chief.

[–] pishadoot@sh.itjust.works 2 points 5 hours ago (1 children)

I've never encountered what you're describing. There's always other ways to authenticate than through a mobile app, at least from my experience, and I think I've used about a dozen different banks/credit unions over the past 15 or so years. Last credit union I cut ties with had ZERO MFA for their web portal, except on account creation. Like, no SMS, no email, nothing - just user+pass, and making sure you have the right background picture of the login screen you picked on account generation (like, a duck or a football or whatever). Completely ridiculous in 2025 (when I cancelled my account).

Regarding the OP, I think any new competition in this space right now is good, even if it ends up just being a triopoly vs a duopoly (fat chance with this thing but we can hope).

Ideally though we need an open protocol/standard that can be implemented through any manner of device software.

[–] h_ramus@piefed.social 3 points 5 hours ago

Some countries are all-in on the digital transition and for a lot of things shops don't even accept cash anymore. Digital QR code transfers are preferred. Be thankful that the banks that you deal with haven't gone down this path.

2 factor TOTP exists and is secure enough for corporates to have adopted long time ago. Banks can adopt similar authentication methods but choose not to.

On the OP, not sure what the solution could be. However, going down this path seems flawed.

[–] puntinoblue@lemmy.ml 1 points 8 hours ago

I don’t use the phone that often as a debit /credit bank card but I use it for payments (bills invoices etc.), paying on line, transferring money to people and accounts, and just managing accounts. The phone app is very useful for those functions - especially if the alternative is going into a bank and queuing.

A phone OS that will not work with banking apps is not really a contemporary solution. iOS or Android are the only reliable options at the moment in the US/Europe - Iiuc Open Source Android has to sandbox Google Play for banking apps to work so that’s not viable long-term solution, as Google will only make that more difficult in the future.

Given the issues with the judges at ICC and US payment systems, building an alternative to Google and Apple is a high priority

[–] newtraditionalists@kbin.melroy.org 11 points 16 hours ago (1 children)

Right there with you. Access to my money relying on a device that needs to be charged is just stupid. I'm stranded somewhere, my phone runs out of battery, suddenly I have zero dollars. No thanks.

[–] Chewy7324@discuss.tchncs.de 2 points 16 hours ago (1 children)

I keep a single bill in my phone case for emergencies (be it an actual emergency or I just want to eat at some place which only takes cash).

If my phone battery runs out I'm stranded anyway, since I can't call anyone or use my public transport ticket.

[–] newtraditionalists@kbin.melroy.org 5 points 16 hours ago

Im truly struggling to understand what you mean. If your phone battery runs out, and you cant call anyone, do your legs and mouth suddenly stop working? Walk to a bus/train/transport station, use your words and pay for a trip home. obviously, if your money relies on the phone battery, yes you are truly stranded. But if you have a card or cash, you are not. It's quite simple. I guess you just have no imagination and can't fathom that people existed without phones or something? I'm asking in earnest, what do you mean?

[–] NewOldGuard@lemmy.ml 12 points 17 hours ago

I agree, it’s a nice-to-have but it’s far from necessary. I like having the option as a backup in case I forget my wallet, but I’ll live without it

[–] root@lemmy.world 3 points 13 hours ago

I agree, with the caveat that it's very nice to be able to pay with my phone/ watch if/when forget my wallet, rather than having to go back home to get it.

[–] JoeMontayna@lemmy.ml 2 points 13 hours ago

It's the hardware, and it feels like mobile in particular is intentionally designed to not be modular. I suspect that is by design to keep it under control of the big companies.

[–] Eyck_of_denesle@lemmy.zip 2 points 14 hours ago* (last edited 2 hours ago)

India primarily uses Phones to pay. And I'm sure there's a big community there that uses custom ROMs.

[–] JoeMontayna@lemmy.ml 10 points 13 hours ago (1 children)

Honestly if there was an alternate and functional phone/OS/app store that early adopters who are a little technical can embrace, it would be the #1 platform in under 5 years. People in the know are chomping at the bit to get away from these big monopolzed platforms, and once it gains steam and polish, people will flock to it.

[–] daisykutter@lemmy.dbzer0.com 1 points 11 hours ago (1 children)

There are already alternate app stores, and alternate OS and phones that are functional and niche. The real issue is that the Android people knows is not open source, AOSP is the thing open sourced, but thats far from what we use on a daily basis as Android, and Google makes sure every time it can to put hurdles between functionality and open source, some of those hurdles can and are being worked on, some others are out of reach for the open source community

[–] JoeMontayna@lemmy.ml 1 points 4 hours ago (1 children)

I've never developed on Android, but would it be hard to port most apps to AOSP at this point if the developer wanted to?

[–] fallaciousBasis@lemmy.world 1 points 3 hours ago

It'd be effortless.

[–] Armand1@lemmy.world 9 points 16 hours ago

I agree it would be good to have third party integrity checks to not require Google Services etc. as part of the chain.

In GrapheneOS, many Google Play integrity check pass, but payments still do not work. You are notified when an app uses the integrity API, but probably only because they have spent a bunch of work sandboxing Play Services. This is what you see when you look at those details:

integrity checks in grapheneos

I guess the obvious problem is that so many apps rely on Google Services, such as for payments, opening the store, checking for integrity etc. On stock android, you can't pick and choose these services separately or use third party ones, unlike using a third party keyboard, for example. Everything is one big proprietary, data guzzling lump.

[–] flango@lemmy.eco.br 3 points 13 hours ago

PIX neles

[–] zjti8eit@lemmy.dbzer0.com -2 points 8 hours ago

Why not just use cash? Untraceable, nearly ubiquitous acceptance, are they just too lazy to go to the bank?

[–] Retail4068@lemmy.world 2 points 13 hours ago

This works be fantastic and I might actually switch at that point.

[–] penguin@lemmy.pixelpassport.studio 5 points 18 hours ago

Really hope this happens

[–] ohellidk@sh.itjust.works 3 points 18 hours ago (1 children)

Would be cool, but i doubt any users in the US can benefit from it since google is so dominant.

[–] dubyakay@lemmy.ca 2 points 8 hours ago

iPhone is dominant in NA.