Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add HEK Service-App to attestation compatibility guide #1090

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

add HEK Service-App to attestation compatibility guide #1090

wants to merge 1 commit into from

Conversation

reifenrath-dev
Copy link

Recently I learned that the HEK service app from a German health insurance company also seems to use Play Integrity API and therefore cannot be used on GrapheneOS, so I would like to add it to the list.

@thestinger
Copy link
Member

We need to confirm this somehow. Do you have a screenshot? Can you get logs from View logs in the Settings app? Might need from the OS in addition to the app but the app logs might be enough.

@reifenrath-dev
Copy link
Author

@thestinger thanks for your response. I tried for some hours now to find some relevant parts in the app and system log. Unfortunately I'm not experienced in android development. I also tried to look at the logs of the Revolut App to get an idea of what to look for. I could not find anything saying "Play Integrity API" or similar (which I could also not find for the Revolut App, tough). However, the following lines could be relevant:

12-27 20:53:01.039  6607  6607 W libc    : Access denied finding property "ro.product.name_for_attestation"
12-27 20:53:01.039  6607  6607 W libc    : Access denied finding property "ro.product.device_for_attestation"
12-27 20:53:01.039  6607  6607 W libc    : Access denied finding property "ro.product.manufacturer_for_attestation"
...
12-27 20:53:01.038  6607  6607 W main    : type=1400 audit(0.0:16038): avc:  denied  { read } for  name="u:object_r:build_attestation_prop:s0" dev="tmpfs" ino=11280 scontext=u:r:untrusted_app:s0:c124,c256,c522,c768 tcontext=u:object_r:build_attestation_prop:s0 tclass=file permissive=0
12-27 20:53:01.039  6607  6607 W libc    : Access denied finding property "ro.product.brand_for_attestation"
12-27 20:53:01.039  6607  6607 W libc    : Access denied finding property "ro.product.model_for_attestation"
...
12-27 20:53:03.297  6607  6669 E GoogleApiManager: Failed to get service from broker. 
12-27 20:53:03.297  6607  6669 E GoogleApiManager: java.lang.SecurityException: Unknown calling package name 'com.google.android.gms'.
...
12-27 20:53:03.304  6607  6668 W CondFlagRegistrar: Failed to register com.google.android.gms.providerinstaller#com.google.android.gms
12-27 20:53:03.304  6607  6668 W CondFlagRegistrar: ehvp: 17: 17: API: Phenotype.API is not available on this device. Connection failed with: ConnectionResult{statusCode=DEVELOPER_ERROR, resolution=null, message=null}

Could you point me to what I have to look out for or if you have the time look at the full log?

The full HEK app log:
HEK log 53ae20b42e5e.txt

@thestinger thestinger force-pushed the main branch 2 times, most recently from fde2131 to df7ee49 Compare December 29, 2024 21:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@reifenrath-dev @thestinger