Issues with MobilePay #421
Comments
|
That's not the WebView. You're confusing Custom Tabs with the WebView. You can't change the WebView implementation. |
thestinger
changed the title
Is there a way to change custom tabs then? |
|
That appears to be a Custom Tab, which is a regular browser app tab displayed over top of the app which opened it. It provides a way to open it in the browser's activity via the menu. Users often confuse this with the WebView, but it's not the WebView. You can tell it's not the WebView from the fact that it has the standard menu allowing you to open it in the browser activity. Any browser can provide Custom Tab support, and your default browser will be used. If it doesn't have Custom Tabs, it will open up in the browser activity directly instead of that being an optional step. The issue may be that the app is incompatible with having third party cookies enabled. Open it up as a regular Vanadium tab via the menu and check if it works if you grant it an exception from third party cookies being disabled. You could also try enabling JavaScript JIT in case it uses WebAssembly since WebAssembly doesn't work without JIT yet. |
bad timing but I edited the original post where i stated i've tried enabling JS JIT, but I will try again see if I can figure out something. Thanks a lot for your fast and thoroughly replies! |
|
Ok so I've just tried with "open in vanadium", with Javascript + Javascript JIT and thirdparty cookies enabled. It still gave me the same error as before, which was this: "Teknisk fejl, prøv igen senere" I'll try again with brave and chrome and see if there is a different result |
|
Vanadium disables sending device model, etc. via Client Hint headers. It's quite possible they require having either the user agent or client headers providing that info. They may detect Vanadium as a bot because it doesn't look like a request from Chrome with regular configuration. |
that could very well be the reason, since MitID and MobilePay are super finicky apps. Is there a way to change this somehow? |
|
Suggest just using Chrome as default browser for this temporarily. If you need to use this regularly, maybe make a separate user profile with sandboxed Google Play, this app and Google Chrome to use this there, and just end the session when you're done with it to avoid wasting a bunch of memory. |
The problem is that chrome is already set as the standard webbrowser, but it still opens in vanadium. the 7 other apps that worked fine opened in the standard browser app, which was brave. With brave it worked perfectly fine, but I just couldnt get mobilepay to open in/with brave at all, which was why I thought it was webview to begin with |
|
https://discuss.grapheneos.org/d/5391-mobilepay-danish-not-working <-- in this thread they also said the solution was simply to have chrome as the standard webbrowser, but someone commented 3 days ago saying this didnt work. Should I maybe try to download an older version of MobilePay, and if so, how do I do that? Maybe through aurora store? |
|
Also a note: AFAIK this is widerspread issue than just mobilepay. the company that is providing these solutions for authentication for danish citizens also provides it for swedish, dutch, belgian, finnish and norwegian citizens (https://www.criipto.com/ - scroll down to "supported eIDs") |
|
Companies deliberately going to out of the way to break compatibility is an antitrust issue. It's not really something within the scope of what we can resolve. If they're purposely trying to disallow using anything other than a Google browser and Google certified OS, what can we do about that? It's their choice to break it. |
They arent. MitID worked fine on the 7 other apps as I stated. And as you said, its not webview but custom tabs, meaning I should be able to change whether it opens up in vanadium, brave or chrome. The issue is I dont know how to change this, if you do, please let me know. |
|
Or can I somehow change client hints in chrome://flags? I've tried searching but I didnt find anything. |
|
EDIT/TEMP SOLUTION 2: Download version 5.26.0 of mobilepay (I used aptoide to do so), have chrome or brave installed & set as standard webbrowser, then login as before. MitID will work and you can login and update MobilePay to the latest version using aurora store or play store, if you want. |
|
@fortXIV Unfortunately, that solution does not seem to work anymore. 5.26.1 does not work at all, and 5.26.1 has the same original issue. I have filed a support ticket with MobilePay with examples and information, and is waiting for an answer. |
Try using 5.26.0 from aptoid. That was the exact version that fixed it for me. I tried reaching out to Criipto and MobilePay but only Criipto responded. Also make sure to have chrome or brave set as standard browser |
|
Has been determined that MitID and associated ecosystem is purposely breaking support for Vanadium by disallowing using a browser without the same OS / hardware / browser version headers as Chrome or another of the browsers they support. You'll need to ask them to stop disallowing people from using Vanadium. They're doing this deliberately and it's not within the scope of the project to try to work around apps deliberately disallowing people from using another browser. |
|
@thestinger I agree. This is not a GrapheneOS problem. This is a MobilePay problem. I am just trying to help fellow MobilePay users. I am not asking Graphene OS til fix anything. As far as I know, there is nothing to fix. |
Yeah, as I wrote, this workaround doesn't work for me. But thanks. |
|
Definetly is a MobilePay issue, but I see why they potential have done it tho. Its more or less a national banking app on your phone that everyone uses (in Denmark), and has been used by people to de-fraud citizens. Maybe thats why their security is so tight, which is unfortunate for us GOS users. |
|
They appear to be blocking Vanadium because we removed the client hint headers providing information such as OS version, device model, etc. It's ridiculous to be blocking browsers that are not leaking this information. We aren't going to add a toggle for adding back the information. It's anti-competitive and is nonsense. Blocking browsers not sending exactly the same metadata as whitelisted browsers does not improve security. |
|
@fortXIV You're completely wrong. None of this improves security. In fact, this platform appears to have extremely poor security and relies heavily on meaningless client-side checks that are trivially bypassed. It's a scandal that this is so poorly implemented, not a good thing. Client-side checks like these are not security. They are security theater, designed to appear to provide security to mask the lack of security. |
|
Actual banking apps, and E-boks has a working MitID implementation. I feel like MobilePay could easily have that as well. |
yes, they definetly could. MobilePay was the only app that was ever a headache to get working on GOS for me. I think ill email them again asking them to fix this issue. |
|
Checking that a browser sends the expected client hint headers giving the platform, device model, etc. is not security. Vanadium could send fake values instead of removing these headers but that makes very little sense. These headers are extremely new so there is no legacy software using them. Anything that is broken by removing these headers was recently made software that's incredibly broken and incorrect. It shows their platform is insecure when they rely on checking this for security. Client side checks like this are not security. MitID itself along with the apps and overall platform associated with it has proven to heavily use this security theater approach which has repeatedly broken it for GrapheneOS and Vanadium users. It's anti-competitive behavior to only allow iOS, Android, Chrome, Firefox, etc. and not alternatives. It's likely against EU law to deliberately lock people into using those by forbidding compatible implementations. Each app that's deliberately breaking support for GrapheneOS will need to have legal/political action taken to correct the issue if they won't do it themselves. We're going to have substantial resources available and it makes sense for us to start dealing with this sooner rather than later. |
|
They should really buy a Pixel 8 to run GrapheneOS and keep this working including Vanadium support. A lot of people use it and want it working. They could be using https://attestation.app/articles/attestation-compatibility-guide instead of all the sketchy workarounds in their app. |
|
Fun observation. Another danish app, Skatteguiden, altso uses CRIIPTO for handling their MitID login. It works without any problems. I also heard back fom MobilePay support. They agree that the problem is not within Graphene OS, but the browser the OS uses. They then refer to the technical requirements for MitID. They said that they would relay the information, but that they are currently in a merger with norwegian app Vipps, so no major changes would be made to the MobilePay app. |
|
It's not a problem with the web browser. It's a bug in their code. They're hard-wiring checks for optional headers in a way that's guaranteed to keep breaking including in Chrome. They need to stop doing it. |
I got a similar response last week |
|
Commenting to add, from this (https://discuss.grapheneos.org/d/5391-mobilepay-danish-not-working) discussion thread on the GOS forum, it works if you install Chrome, set it as default browser, then disable Vanadium. Once Mobilepay is activated, you can revert config. |
|
Awesome find @libach81. That workaround works for me as well. |
EDIT/TEMP SOLUTION 2: Download version 5.26.0 of mobilepay (I used aptoide to do so), have chrome or brave installed & set as standard webbrowser, then login as before. MitID will work and you can login and update MobilePay to the latest version using aurora store or play store, if you want.
The past couple days i've ripping my hair out since I cant use mobilepay (vital money transferring app in Denmark). The issue here is when they ask to very with MitID, I either get this error when trying to authenticate using my other phone (an iPhone): "Teknisk fejl, prøv igen senere" or it just keeps waiting for me to accept the request, when I already have (
). I know for a fact it's not MitID (Government mandated auth app, basically) acting up since it has worked perfectly in 7 other apps, that also require MitID.
I've tried calling their service department, ive tried installing chrome and brave + android webview indepedently (seems like you cant change webview on GOS?) so Im not sure what to do or where the issues lays 100% since im not THAT technical. Hopefully issue gets solved or we can somehow find a fix.
EDIT: I've also tried giving it access to JS JIT & all cookies amongst other things, nothing seemed to make MitID unstuck in vanadium custom tabs
The text was updated successfully, but these errors were encountered: