This is a popular thing to say, but is an oversimplification...
Call it anec-data but all my banking apps work in GrapheneOS, and I have several installed. There is one that reduces functionality if SafetyNet fails (have to do the 2fa flow every time I restart the app, can't set as a trusted device and notifications don't work) but it still works to access my account.
That said... I haven't tried to use NFC payments and do carry around a secondary iPhone 15 as my "business phone" these days that pretty much just has payment/banking apps on it, just in case one bank or another decides to suddenly nuke their app on my main phone...
After I got the screen replaced on my previous phone the fingerprint reader didn't show up, and I didn't bother to try fixing it. I hadn't specifically requested a new panel with fingerprint reader, but supposedly it could be enabled, if available, through tools Google provides for Pixels with their Tensor chips. Apps that would otherwise use the biometric authentication can fall back to a pin or pattern, but all of my banking or work benefit-related apps will not save credentials in that case, so I have to rely on my password manager which will use the PIN/pattern for authentication.
I replaced that phone with a new one and didn't bother setting up the fingerprints. It doesn't seem to bother me too much and maybe there's some small security benefit to not having the biometric authentication enabled.
I haven't come across a banking app in the UK that doesn't work with GrapheneOS. HSBC insists you use the AOSP or Google keyboards but otherwise no issues.
Santander at least used to not work, I haven't tried it with the new app they launched. The old app certainly wouldn't work and I was told by customer service there was no way to access it on a phone with an unlocked bootloader.
FWIW, I use Fidesmo. Oversimplified, it allows you to copy your credit card's NFC chip into an accessory you wear. I use a ring but there are other options like bracelets or watch bands. No batteries, no devices, no wireless connectivity. It works anywhere an NFC card works, which here in Switzerland is more or less everywhere.
It requires that the card issuer support Fidesmo though. Many here do but I'm not sure what it's like elsewhere.
That's not how those NFC cards work. They are payment middlemen. They are full cards on their own and just pass on every charge to your other card. Just like Google Pay.
Sounds very likely. Perhaps if you are sufficiently big you could also get a small kickback from someone like VISA? Operational expenses must be fairly low.
The way I described it was oversimplified. Technically, it's more like your credit card issuer issues a new card with the same number and installs it on the chip in the accessory.
To be able to do it, you have to authenticate with your card issuer in a mobile app, similar to how you might when setting up Android Pay or Apple Pay. The mobile app then uses your phone as a bridge between the issuer and the NFC chip in the accessory so the relevant data can be written in a secure way.
NFC payments via Google Wallet running on my Pixel Watch 3 connected to a phone running GrapheneOS works just fine. I use this regularly. (It doesn't require Google Wallet to be installed on the phone.)
At least one of my cards required Google Play Services to have the location permission when initially adding the card though.
It's crowdsourced and therefore incomplete but https://plexus.techlore.tech/ has reports of compatability with the complete absence of Google Services or a replacement like MicroG.
Here in Switzerland my experience is that the big banks like UBS and the cantonal banks tend to work, while the smaller things like McDonald's and my credit card providers tend to break because they have nonsense Play Integrity requirements.
I ran root on my main devices for 8-9 years uninterrupted and always got banking apps (and all others for that matter) to work with at most 40 minutes of tinkering. Ofc thats not something everybody wants todo, but since i love tinkering with tech anyway and always want root that was worth it for me (and OS updates for 7 years instead of 2, used my phone that normally only was supported up to Android 9 to android 15).
And this is with samsung devices which have tripped Knox (Funnily enough, i wanted to unroot since i didnt need it anymore once and then my samsung smartwatch couldnt connect because my device had tripped knox, so i had to root again to hide it. So their anti-root measure pretty much forced me to stay rooted)
The hardest to get working were:
S-push tan (a 2fa app for the bank "Sparkasse", their normal app is far easier to get running) and lately revolut.
but as i said, i always got it working.
Also it seems whatsapp blocks open bootloaders if you get enough warnings for using a custom modded version (A message pops up that tells you to get whatsapp from the official places, which i did) but hiding the open bootloader was enough to get that working.
Also with just root its easier than with root + Custom Rom, which was my setup.
So yea, it wont work out of the box, but its pretty simple to get working.
There are different levels of anti-user checks. Some only detect unlocked bootloader and/or root. Others use the play integrity anti-feature provided by Google. GrapheneOS tells you when apps request play integrity checks, and you'll see that a lot of apps do these requests constantly, even if they don't actually block you for using an unlocked or non-vendor system (custom key but otherwise locked and not rooted like GOS).
We really need a more foolproof technical solution for this if general purpose computing on the mobile phone is to be preserved. Perhaps some type of a remote control scheme to operate on a "slave" device. Failing that, if I do need one of such apps needing "strong" integrity, I'd probably look into getting an iPhone for those.
Good riddance, no more spying, no more ads in notifications (in my country you can use banks via browser. Also, instant transfers by phone number are free).
