alt Hacker News>And the winning point is that the bootloader can be unlocked and is supported by LineageOS
Don't banking, security and payment apps detect the unlocked bootloader and prevent them from working on lineageos? At least that's what happened to me after i flashed lineage on my old tablet.
Because then what's the point of a smartphone if it can't do banking, payment, shopping, ticketing, etc? Use it as a gimped pocket web browser and ebook reader? There's not gonna be any mass market adoption for such "smartphones" until they can run all apps out of the box like vanilla androids and IOS phones.
Your average consumer isn't gonna wanna fuck around with signing keys and bootloader relock. Hell, even this tech savvy HN user doesn't want to do that because he has better things to do with his time. The days from my childhood when I always rooted my Android phone, installed custom ROMs with custom kernels, magisk, titanium backup, cerberus to make the phone "my own" are long behind me.
Replies
(at least on pixels and apparently this future motorolla,) it can be re-locked, so it passes the integrity check; however there is an additional layer that needs google signing keys, which of course means you can't pass that one if you can't ship the keys
funnily enough my banking app works but the mcdonalds app doesn't, lol
Switch to a bank that offers a fully functional web or Android app, as opposed to only allowing Google Android
What we need is a way for the OS to trick banking apps into thinking they are running on the platform they expect.
There is the option to register the signing key of the ROM with the bootloader and then relocking it, thereby making those apps happy again.
The biggest issue is that there is a different way to do this for every device, so most custom ROMs don't bother. It's relatively simple and automatable for Pixel devices, so the GrapheneOS installer takes care of it. e/OS/, which is based on Lineage, allows this for some devices, iirc.