Using GrapheneOS in Denmark

For a couple of weeks now I have been using GrapheneOS in Denmark. I wanted to have a secure phone and even more I wanted to have a phone that respected my freedom, that didn’t track me or sell my data.

Denmark is highly digitalized so you “need” a lot of apps to function well in Denmark. I have here combined a list of some of the apps that worked that I wasn’t sure to begin with and some of the apps that didn’t work.

Works:

• MobilePay
• Mobilbank - Lån & Spar Bank
• Min Læge
• Sundhedskortet
• Kørekort
• Apoteket
• Min sundhed
• mit.dk

Did not work:

• MitID
• McDonald’s
• Authy

The Danish government have said the new AltID app for age verification is gonna use strong play integetry check, meaning it will not work. However a growing numbers of politicans seems to think that Danish people should be able to use other phones than thouse approved by either Google or Apple, which would go for MitID and AltID. The Danish government also admitted that when enabling strong play integrity check for MitID it was not because they had ever seen any abuse that would have been prevented by strong integrity check.

The MitID app is easily replaced by the MitID kodeviser. It works much better anyway, I frequently had problems with the app and never had any problem with the kodeviser.

I briefly had a problem with the Kia app for my car. They changed the app to have strong google play integetry check, I complained in a review and some time later it was fixed. I don’t know if it was my complaint that fixed it but I am happy that it was fixed. They did respond both to my complaint and to the review following up thanking them for fixing it so I find it likely that they are aware of the issue and will keep it usable on GrapheneOS.

Bank Norwegian is another weird app. It didn’t allow be to sign in without having the MitID app installed. When I installed it, I could sign in without the app but just using the kodeviser. I think you should be prepared for more “official” apps implementing MitID in terrible ways. A lot of apps also forced the use of Chrome and the having Chrome be the default browser in order to allow you to use MitID and sign in. Feels like the early 2000’s with a works best in Internet Explorer.

Security features I love

I love the two factor fingerprint unlock where I have to provide both my fingerprint and a small PIN.

I also love the duress PIN/Password, I have used it once to reset the phone and it was so cool to see it self destruct instantly.

Another feature i LOVE, is that I can decide myself is apps should have access to the internet or not. I can revoke the right to internet access for any app, meaning if it is just a simple app that works offline I can make sure that it doesn’t track me, sell my data or show me ads.

I really like that Google Play services are isolated, I was not very comfortable with google collecting all my data, and I didn’t really trust even their not so good privacy policy, now I can limit it a lot.

Small things I don’t love

The first one is that I don’t like the fact that a lot of apps for arbitary and often not well understood reasons decide they will not work on GrapheneOS. It especially annoys me since I think it usally a lack of understanding from the developers perspective. The app developers enable strong google play integrity thinking it is a magic bullet that will make their app more secure, while in the real world, it is easily bypassed on less secure devices and it enables the gatekeeping of Apple and Google. This is not the fault of GrapheneOS, but of app developers not understanding what they are doing.

Another thing, is the drawer in the default launcher. I come from Samsung and I miss being able to make folders in the drawer I could and did organize all my apps into folders which was very need. The search function in the drawer is also not nearly as good, if you mistype the first letter of the app you search for, hit backspace, it closes the keyboard and you will have to open the search again. It also doesn’t use any fuzzy search, so while I on Samsung could write “fd” to find “f-droid”, on GrapheneOS the lack of “-” means it would not match.

Even more features I love

A section of features I love could quickly expand into the entire Features Overview of the GrapheneOS page. However I need to also mention, I love how it attempts to patch everything. It feels like some of the secure containers that promises zero vulnerabilities. It seems that every vulnerability gets patched and gets patched quickly. I am crazy about installing patches, on my old phones I looked for updates like 5 places and did it multiple times a day, GrapheneOS is very quickly to fetch and install patches and is actually quicker than I am.

I am a big fan of auditing app, that can help me prevent persistent malware. I am a fan of the build in backup system though it have some limitations (I would like if I could see how long retention my backup have).

Other apps that work

In case you should be worried what works, here is a collection of other apps you might be unsure if it would work, that actually works. My first list of apps that don’t work, is the complete list of apps I have seen not working, there is no longer list for that.

Apps:

• Microsoft Authenticator
• Coop
• Digital Post
• Discord
• e-Boks.dk
• EasyPark
• Kindle
• Lidl Plus
• LinkedIn
• Google Messaging (with RCS)
• Nordnet
• Netflix
• Nordisk Film+
• PostNord
• Skatteguiden
• Rejsekort

And a lot of other apps.