We have moved to a new Sailfish OS Forum. Please start new discussions there.
0

XA2 with Sailfish OS 3.2.1 considered a ”Jailbroken” phone by Android app. [duplicate]

asked 2020-01-27 19:41:39 +0200

DK-Sailor gravatar image

updated 2020-01-27 21:01:31 +0200

Today I installed a new mobilebank app released at beta level from the Danish bank Jyskebank. The Android app installs fine but the app stops at startup with this warning (translated from Danish) displayed:

"Access not possible

Due to security reasons you cannot use this because your mobile phone is jailbroken."

It seems the app checks and find the bootloader unlocked and therefore blocks the app from starting with the above message. I’m afraid this could be the beginning of a new rather big problem for ”alternative” Android versions.

1) Has anyone else experienced this problem?

2) Does anyone know if its possible to develop a solution that can re-lock the bootloader after installing SFOS?

3) Is it possible that Jolla somehow could reach an agreement with Sony that would solve the problem (allow relocking)?

4) If above is not possible, is it feasible that a software solution could be made showing the bootloader is locked, even it's not?

jailbroken warning in Danish

edit retag flag offensive reopen delete

The question has been closed for the following reason "duplicate question" by coderus
close date 2020-01-28 16:57:58.586193

Comments

5

1) No 2) Not possible 3) Unlikely 4) Unlikely

Thank your bank and welcome to the victims.

4carlos ( 2020-01-27 20:02:24 +0200 )edit
2

You can try magisk ( https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445 ).

I'm, personally, just visit bank's website.

Nerevareeeeeeee ( 2020-01-27 20:48:53 +0200 )edit
2

Relocking the bootloader is not possible, as that would prevent Sailfish OS from booting as AFAIK it is not signed by Sony like the official firmware images created by Sony are.

And even if the image was signed, the app is still effectively running in an emulator and might use some stupid tricks to detect that.

In any case, I also recommend using the Bank website instead of adding to the legitimization of banking apps telling you how you should use your mobile phone.

MartinK ( 2020-01-27 21:18:07 +0200 )edit
3

The mentioned mobile banking app version, is in beta. The old version is still working, and accessing my bank accounts from a web browser is not a big problem in this case, though many websites work very poorly on a smartphone.

But to me this is a symptom of where Android apps may be going and for example the most used online payment solution in Denmark ”MobilePay” is only available as a mobile phone app.

The main Android apps Sailfish users are in need of are security focused apps like banking apps, official apps, transport apps, etc. many only available as apps, not via browsers.

Jolla has invested a lot of effort in upgrading the old Alien Dalvik solution to version 8.1 and this work may shortly prove to be wasted for the community if we can only use Sailfish on a Sony unlocked phone – I hope Jolla will consider this and seek to make Sailfish available for the community on some hardware not locked to Android OS. Or seek some alternative solution that could enable Android security focused apps that checks the bootloader.

DK-Sailor ( 2020-01-27 22:00:49 +0200 )edit

Yes, I've seen this a few times, IIUC the last time with the My EE app. So far I have been able to either: (1) use the web site, or (2) say "OK, I'll switch to one of your rivals then" (like I did with Monzo, for example). I've been lucky so far that I haven't hit a real dealbreaker, although this will get harder as more and more aspects of daily life switch to mobile platforms. Here in the UK we aren't as far down this road as in Scandinavia, but even so.....

pakman ( 2020-01-28 12:57:57 +0200 )edit

2 Answers

Sort by » oldest newest most voted
0

answered 2020-01-28 08:05:41 +0200

hsjpekka gravatar image

Do you use microg? https://together.jolla.com/question/209300/how-to-microg-in-sfos-31/

I got similar problem with Nordea app in my Jolla 1 few years ago. Or was the term "rooted" in stead of jailbroken. Now I have xperia 10 with microg, and Nordea works.

edit flag offensive delete publish link more

Comments

I am using microG.

All the Android apps that I need has been working beautifully since Sailfish 3.1. I also have a Nordea app which always worked fine. Otherwise I’m using MobilePay, public electronic mail service, travel apps, parking app, etc. I know people using car rental apps. Most of these apps are not available through browsers.

My main concern, and the reason I bring this up, is that I have not seen or heard of this before, and if it becomes the trend that this type of apps, which most of us need, are checking the bootloader, then I hope Jolla, and the deep-tech part of the community, will look into this, searching for a solution.

DK-Sailor ( 2020-01-28 10:36:26 +0200 )edit
5

Phones with an open bootloader are increasingly being classified as unsafe by banks. A two year old Android phone without any updates is safe.

Find the mistake?

4carlos ( 2020-01-28 11:03:56 +0200 )edit

type of apps, {...} are checking the bootloader

Like I've stated under the main question, the apps themselves cannot see the actual bootloader, they don't have necessary access rights for that.

The closest thing is they can ask if the smartphone passes Google's DroidGuard checks.

microG has an implementation of DroidGuard, but it's currently broken by changes by Google.

DrYak ( 2020-01-28 17:30:09 +0200 )edit
1

@DrYak Thank you very much for you reply's. I was quite convinced that “Jailbroken” related to the open boot-loader, but I understand from your reply that you believe this cannot be detected by an app, that sounds good.

As mentioned I have had microG and fakestore up and running smoothly for quite some time. Based on your reply I hope updates to microG may eventually solve the problem. Thanks.

DK-Sailor ( 2020-01-28 17:39:31 +0200 )edit

Yup, that's the hope: that once he fixes more pressing issues (maps, logins, etc.) mar-v-in will be fix the microG DroidGuard Helper, so that it's able to pass SafetyNet tests again and keep the few banking apps happy.


It's also possible that the reverse becomes true: with the raising concerns about Google's privacy invasion and the raising popularity of Google-less solution (see /e/-foundation) maybe some app developer would consider not relying on Google tech ? (Some devs already make apps that can function with google's blobs. WhatsApp is the most widespread example)

DrYak ( 2020-01-28 19:35:58 +0200 )edit
0

answered 2020-01-28 16:57:48 +0200

coderus gravatar image

Duplicates: https://together.jolla.com/question/215532/question-hide-root-privileges-for-android-apps/ https://together.jolla.com/question/28907/problem-android-application-believes-that-it-is-installed-on-a-rooted-device/ https://together.jolla.com/question/104701/android-apps-not-running-because-of-rooted-device/ https://together.jolla.com/question/85593/unable-to-use-android-apps-that-detect-rooted-phones/

Use search, dont create new questions

edit flag offensive delete publish link more

Comments

1

I do not consider this a duplicate of the links you provided.

Three of the four links are 4-5 years old and related to root (su) detection in old Jolla phones long before Sailfish X. The fourth question also relates to root detection which I would consider being different to ”Jailbroken” which I expect is detection of unlocked bootloader in my XA2.

DK-Sailor ( 2020-01-28 17:27:14 +0200 )edit
1

https://together.jolla.com/question/215532/question-hide-root-privileges-for-android-apps/ is the only one, that has any relevance to this issue, and in the comments above at least a possible reason is found. There are however instructions in the linked question on how to debug it to maybe find out more.

This article should also be helpful.

So, should this question be reopened, or should the info here be appended to the other?

Tanghus ( 2020-01-28 20:44:28 +0200 )edit
1

And there's more about Danish banking apps. I haven't gotten around to debugging them yet.

Tanghus ( 2020-01-28 20:46:09 +0200 )edit

Question tools

Follow
4 followers

Stats

Asked: 2020-01-27 19:41:39 +0200

Seen: 1,121 times

Last updated: Jan 28 '20