Certain banking apps use a buggy anti-tampering library which was broken by a security improvement in the most recent #GrapheneOS release. It wasn't reported during 2 days of Alpha/Beta testing. We've paused rolling it out to the Stable channel and we're working on resolving it.
Compatibility issue is caused by these apps having hand-written 64-bit ARM assembly code that's making system calls with the 32-bit ARM compatibility layer even on devices unable to run 32-bit ARM code at a CPU level. They depend on a quirk of how 32-bit ARM compatibility works.
Unfortunately, it means we need to temporarily revert the removal of the kernel's 32-bit compatibility layer on devices without 32-bit support. Banking apps are holding back security with their anti-tampering libraries. They do this to make it harder to audit their insecure apps.
final [GrapheneOS] 📱👁️🗨️
npub1c9…7sqfm
2024-07-12 02:45:44
Author Public Key
npub1c9d95evcdeatgy6dacats5j5mfw96jcyu79579kg9qm3jtf42xzs07sqfmPublished at
2024-07-12 02:45:44Event JSON
{
"id": "e8007a26e94725e53004ab9656638609404b70d0807643b7327556e3af4b9c05",
"pubkey": "c15a5a65986e7ab4134dee3ab85254da5c5d4b04e78b4f16c82837192d355185",
"created_at": 1720745144,
"kind": 1,
"tags": [
[
"t",
"GrapheneOS"
],
[
"t",
"grapheneos"
]
],
"content": "Certain banking apps use a buggy anti-tampering library which was broken by a security improvement in the most recent #GrapheneOS release. It wasn't reported during 2 days of Alpha/Beta testing. We've paused rolling it out to the Stable channel and we're working on resolving it.\n\nCompatibility issue is caused by these apps having hand-written 64-bit ARM assembly code that's making system calls with the 32-bit ARM compatibility layer even on devices unable to run 32-bit ARM code at a CPU level. They depend on a quirk of how 32-bit ARM compatibility works.\n\nUnfortunately, it means we need to temporarily revert the removal of the kernel's 32-bit compatibility layer on devices without 32-bit support. Banking apps are holding back security with their anti-tampering libraries. They do this to make it harder to audit their insecure apps.",
"sig": "32c242a49b0e72296ba91a457a922481e3bad5575683a5c6ee3fe98f77f9e8de57986b0728a79fef596cb329f8325db88a66433b98194d83c452279ba88721e2"
}