I'm running lineageOS, and I had to root the phone to make one banking app work (and Netflix and some games.)
It actually passes SafetyNet out of the box, but there's a CTS profile check that some apps do in addition to SafetyNet, and I had to root the phone to make it provide a profile that those apps are happy with. And then I had to install a SafetyNet bypass, because fixing the CTS profile broke SafetyNet.
It un-roots itself every time I install an update, which is kind of a pain in the ass, but someone wrote a script to re-root lineageOS (from a desktop computer), so it's not too bad these days.
Would you mind saying what phone you have, and which script? I'm using a (by now rather old) OnePlus 5 and potentially in the market for an upgrade -- and easy rootability is more my key feature than bling or a 50 megapixel camera....
Overall I'm really happy with my g100. The bootloader was easy to unlock, it has a headphones jack, a microSD slot, the battery lasts 2-3 days, and the performance, screen, and cameras are all good enough that I don't think about it.
The only things that I don't like are that the physical size is a larger than I would prefer, and it's not waterproof. Additionally, the single down-firing speaker is kind of lame when compared to my previous phones stereo front-firing speakers above and below the screen. I'd much rather have a bit of bezel if it meant I could have stereo front-firing speakers (and no camera hole punches!)
Oh, and I had to use a different phone to activate the SIM card to make it work on Verizon, because even though the phone is actually compatible with their network, they don't like it for some reason.
Lineage on a Xiaomi redmi 10 pro, everything working perfectly (also dual SIM and SD card + headphone jack) get about 2 days battery life. Though it's quite old now so I've no idea if it is as good as a OP5 or not lol
The way you have to hide from apps is a bit weird these days using magisk filters, but other than that the entire thing has been set and forget, and I've not had any issues
As @morrbo said, you can get a Redmi Note something, I'd suggest the Redmi Note 13 Pro (not plus, that doesn't have the headphone jack, for some reason).
It is great, and the offical unlock tool works seamlessly.
But you have to wait a week before unlocking, which I guess is there for you to """try""" MIUI. Still not a problem, though.
Yeah, I probably tried all those scripts people guarantee to work. Even with all profiles I tried to load somehow most of those apps knew I was rooted.
Oh, I didn't mention it in the original post, but I'm also using magisk hide, or zygote, or whatever they're calling it now.
Additionally, I've blocklisted certain apps so that they're not even allowed to request root access, because the banking app that forced me to root it in the first place would ask for root permission every time I launched it.
I use GrapheneOS daily and use banking, government, and other sensitive apps without problem. It's a common myth that you can't use those apps on GrapheneOS.
It's not a myth. I run GrapheneOS, and my bank app doesn't work, the Blind app doesn't work, and another common marketplace app (not amazon) has shadow banned me for using it on a device without hardware attestation. I only found out after reaching out to support and having a lengthy conversation with them.
It's idiotic that they require hardware attestation, but let's not fall into the trap of "it worked for me".
Even with these limitations, I'm okay with continuing to run GrapheneOS.
Even the McDonald's app doesn't work if you install it through Aurora store lol. Even though it's the same signed version distributed through Google play and I have Google play on the device, just not signed into a Google account.
Somehow it detects that it was not installed through Google play and refuses to work with an explicit message stating this reason. I really wonder why they care. The app doesn't even take payment, at least not in this country. You still have to pay at the order portal thing.
Fair enough, but on the flipside I wanted to point out that for at least some of us it's possible to use GrapheneOS with no compromises to the experience. Usually you only hear about those telling you categorically that you "can't" use banking, government and other sensitive apps when that's not true. Anyone on the fence should try it out themselves.
You can run all of these apps with GrapheneOS, in that regard it's very different than LineageOS because it has a compatibility layer as a first class feature [0]. You can either create a different user profile and install the play services there or create a work profile (with shelter) and install google services there.
I keep my banking apps in a work profile and shelter completely freezes/disables them when I'm not using them. Otherwise they work fine.
I do want to note that I'm fine with only using apps from F-Droid in my main profile. I mostly use NewPipe, FairEmail, KeePass and Harmonic (HN client) and that's about it. I don't tend to create accounts on websites but if you use social media this setup will probably not be the most compatible.
It's honestly mind blowing though. I've never ran a custom ROM with such a "vanilla" experience, even getting OTA updates within a week of them being out for Android.
That's probably what those apps use, then. Because all those tricks people mentioned never worked. Some explicitly failed saying that my ROM signature wasn't official.
Have you actually tried using your banking application on a recent (post introduction of sandboxed Google Play) GrapheneOS?
Restricting things to only Google ROMs basically also means your banking app won't work on a bunch of non-google Android phones and even most banks don't want to go that far.
When I started using GrapheneOS several years ago, I quickly realized I had jumped a lot further down the FOSS rabbit hole than I realized.
Today, I consider the inability to use government or banking apps on a device that travels in my pocket a feature, not a bug, but it was indeed a steep and sometimes unpleasant learning curve.
