this post was submitted on 06 Mar 2026

299 points (97.5% liked)

Android

21570 readers

10 users here now

The new home of /r/Android on Lemmy and the Fediverse!

Android news, reviews, tips, and discussions about rooting, tutorials, and apps.

💡Content Philosophy:

Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it's in violation of the rules.

Support, technical, or app related questions belong in: !askandroid@lemdro.id

For fresh communities, lemmy apps, and instance updates: !lemdroid@lemdro.id

💬Matrix Chat

💬Telegram channels / chats

📰Our communities below

Rules

Stay on topic: All posts should be related to the Android OS or ecosystem.
No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to !askandroid@lemdro.id.
Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to !androidmemes@lemdro.id.
No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.
No reposts or rehosted content: Share only the original source of an article, unless it's not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.
No editorializing titles: You can add the author or website's name if helpful, but keep article titles unchanged.
No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.
No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.
No offensive or low-effort content: Don't post offensive or unhelpful content. Keep it civil and friendly!
No affiliate links: Posting affiliate links is not allowed.

Quick Links

Our Communities

Lemmy App List

See thread

Chat and More

founded 2 years ago

MODERATORS

ijeff@lemdro.id

ladfrombrad@lemdro.id

Paradox@lemdro.id

multimoon@lemdro.id

mikestevens@lemdro.id

Devgard@lemmy.world

limerod@reddthat.com

Netrunner@lemdro.id

299

Microsoft Authenticator might exclude GrapheneOS in the future due to root detection (piunikaweb.com)

submitted 3 days ago by schizoidman@lemmy.zip to c/android@lemdro.id

129 comments fedilink hide all child comments

top 50 comments

sorted by: hot top controversial new old

[–] kyub@discuss.tchncs.de 48 points 3 days ago* (last edited 2 days ago) (8 children)

Use Aegis.

The MS Authenticator contains analytics & telemetry & way too many permissions and should not be used: https://reports.exodus-privacy.eu.org/en/reports/com.azure.authenticator/latest/ (it looks more like a scam than legitimate, but that's exactly what Microslop is in 2026...)

For comparison, Aegis is a legitimate app that only does what it should do: https://reports.exodus-privacy.eu.org/en/reports/com.beemdevelopment.aegis/latest/#permissions

Any other authenticator also works with any MS service so there's no reason at all to use the MS Authenticator unless you like handing over more data to MS for no reason. EDIT: According to comments, your company might have the option to enforce usage of MS Authenticator only. But this doesn't seem to be the default, at least in Germany where I've heard from 2 sources that they can use any authenticator app for M365 for example.

By the way, Graphene OS is NOT rooted, but what does truth or sane app behavior even mean anymore for Microslop in 2026... Just stop using that garbage.

[–] fluckx@lemmy.world 8 points 3 days ago (1 children)

Agree for personal use.

Professionally I've had situations where Ms authenticator was the only option because the only 2FA they allow is push notifications on the authenticator app. :(

I even used freeotp+ for my ORG 2FA and aegis for my personal so I could easily keep them split ( and you can export / securely store the backups somewhere ).

Time to get corps to ditch Microsoft >.>

[–] lka1988@lemmy.dbzer0.com 7 points 3 days ago (2 children)

Professionally I’ve had situations where Ms authenticator was the only option because the only 2FA they allow is push notifications on the authenticator app.

If a company requires me to install specific apps that may or may not work on my device, I expect that company to provide me with a device that can be set up for their stuff.

I've run two separate phones for nearly 15 years now: my personal phone, and a work-issued phone. The work phone is turned off and left on my night stand as soon as I get home, and only turned on again when I'm getting ready to go back to work. I don't carry it 24/7 as some have been led to believe, for some reason. It's really nice to have that separation. And work pays for it.

[–] psud@aussie.zone 1 points 1 day ago

My employer is government so they do provide an alternative. If you can't use Microsoft authenticator, you can get an authentication phone call

load more comments (1 replies)

load more comments (7 replies)

[–] KiwiTB@lemmy.world 97 points 3 days ago (1 children)

So win win.

[–] Daniel_@discuss.tchncs.de 41 points 3 days ago (23 children)

Unfortunately not for me. I use Graphene and my company uses M$croslop.

[–] ViatorOmnium@piefed.social 90 points 3 days ago* (last edited 3 days ago) (17 children)

Work stuff should be on a work phone.

I don't understand why either the worker or the company would ever allow the use of personal devices for work.

[–] Elextra@literature.cafe 25 points 3 days ago (1 children)

Some businesses don't pay for phones but agreed

[–] halcyoncmdr@piefed.social 39 points 3 days ago (1 children)

That's their point. If the company requires you to use a phone, they need to provide it.

[–] bonenode@piefed.social 10 points 3 days ago (2 children)

They can also just let you go for someone else who has no clue about this and gladly would use their private phone for work. Depends on the job and company, of course.

[–] LemmyFeed@lemmy.dbzer0.com 4 points 3 days ago

That's dangerous thinking; "if I don't then someone else will." That's a common excuse that thieves use. And it's you doing the work of your oppressor.

Standing up for what you believe in isn't always easy, but it's always the right choice.

load more comments (1 replies)

[–] KiwiTB@lemmy.world 14 points 3 days ago (2 children)

Because they are cheap and their tech lead is probably incompetent.

load more comments (2 replies)

load more comments (15 replies)

[–] in_my_honest_opinion@piefed.social 19 points 3 days ago (1 children)

It's a dark pattern but you can use any MFA provider with Microsoft services.

[–] Ghoelian@piefed.social 22 points 3 days ago (4 children)

Not necessarily. Microsoft's authenticator has an option where you have to tap a notification to approve, which isn't a standard TOTP thing. If your company requires that version of MFA, you pretty much have to use Microsoft's authenticator.

load more comments (4 replies)

load more comments (21 replies)

[–] ArmchairAce1944@discuss.online 15 points 2 days ago

Fuck em. I just got grapheneOS and I advised my workplace we will need a workaround for authenticator.

[–] shaggyb@lemmy.world 48 points 3 days ago (4 children)

That's fine.

Any job that wants you to use certain software can provide a device it'll run on for you.

[–] cerebralhawks@lemmy.dbzer0.com 9 points 3 days ago

Amen to that. Even if your computers will run it, provide the device. I'm not installing shit on my home computers.

My job has suggested it to me. I say "you know how all these computers run Windows?" They nod. "Mine doesn't. It's a Mac." That usually shuts them up. Never mind that most of what we run will, in fact, run on a Mac, and there's very little a shitty Wintel box mass produced for the enterprise can do that my Mac can't do. I mean, I can run Deus Ex natively on the work computer, if I wanna catch hell for it. (But it would be fucking hilarious, especially if I'm at the part where JC Denton hands in his "resignation.")

load more comments (3 replies)

[–] GreenKnight23@lemmy.world 13 points 2 days ago (5 children)

I mean...okay?

I have a work phone for this exact reason.

work phone stays on my desk. I have removed the microphones. I turn it on at the start of every day, and turn it off at the end of every day.

good luck with that plan Microslop. looks like Microslop is trending too!

1000003153

load more comments (5 replies)

[–] Reygle@lemmy.world 15 points 3 days ago* (last edited 3 days ago)

Oh no

Anyway

Microslop authenticator might not work for my zero Microslop accounts, lack of Microslop sloperating system, OR their piece of shit cloud platform that I refuse to touch?

WHAT WILL I DO

[–] arcine@jlai.lu 20 points 3 days ago (2 children)

That doesn't make sense to me, afaiu :

GrapheneOS is NOT rooted by default, and they explicit recommend NOT to do it, because it invalidates a huge part of their privacy guarantees.

[–] Honytawk@feddit.nl 10 points 3 days ago (1 children)

Yeah, and Microsoft policy is just about rooted phones.

There isn't any reason to mention GrapheneOS, unless it is to generate unwarranted outrage.

Which seems to be working on a lot of folk on here.

[–] AndrewZabar@lemmy.world 4 points 3 days ago

Well it could just be part of the collective corporate alliance that will always do anything they can to make any kind of freedom cost more for everyone. GrapheneOS is taking your freedom and not feeding on the corporate-issued fodder, and well, they don’t like that. So this is just one more small difficulty added to that choice.

This kind of thing is only the beginning. It won’t be long before absolutely nothing will work on any freedom-oriented OS, software, hardware etc.

Some fires need to start, and soon.

[–] cmhe@lemmy.world 4 points 2 days ago (1 children)

privacy guarantees

security guarantees, not privacy guarantees.

With root you can actually control what kind of things each app does and stores, and check what data it transmits to remote servers. But it also breaks/weakens the android security model, where apps can do, store or transmit stuff protected from the eyes of the user of the phone.

[–] BigDanishGuy@sh.itjust.works 1 points 2 days ago

But it also breaks/weakens the android security model, where apps can do, store or transmit stuff protected from the eyes of the user of the phone.

Which just sounds insane to me. It's security through obscurity, which is in and of itself a bad plan, to protect 3rd parties against you ... on your own frigging device.

[–] picnic@lemmy.world 6 points 2 days ago

Now this is shitty. Our company allows only authentication with the app, and I was really happy to give up the shitty phone they offered and just carry one.

I saw the news earlier this or last week, but as my grapheneos is not rooted, didnt think much of it.

[–] gravitas@pie.gravitywell.xyz 18 points 3 days ago (3 children)

Interesting considering grapheneOS does not actually support rooting.

[–] buddascrayon@lemmy.world 20 points 3 days ago* (last edited 3 days ago) (2 children)

This is the thing that kills me about the corporate anti-GrapheneOS sentiment. It is 100% a more secure phone, and yet every measure they implement against it cites security as a reason. Total and absolute bullshit.

[–] brax@sh.itjust.works 10 points 3 days ago

I mean, they argue against rooted phones as a security reason, but my rooted phones used to be much more secure than they were when they were stock.

Just more of the same idiots ruining shit for everybody.

[–] Buddahriffic@lemmy.world 4 points 3 days ago

Because it isn't really about security. It is about control.

load more comments (2 replies)

[–] absquatulate@lemmy.world 16 points 3 days ago (9 children)

This is what I fear will happen to GOS on Motos. Google decides to mark them as rooted so buh-bye banking apps and others that require a "secure" os.

[–] Onomatopoeia@lemmy.cafe 15 points 3 days ago (2 children)

Except they're not rooted - GOS devs don't even approve of root usage

[–] psud@aussie.zone 1 points 1 day ago

They check through Google Play services, Graphene has play services in a sandbox, it can't see enough to report the security of the device accurately

[–] absquatulate@lemmy.world 16 points 3 days ago (1 children)

It doesn't matter if they are or not. Google can deem them modified or not secure devices and they can do fuck all about it.

[–] e8d79@discuss.tchncs.de 15 points 3 days ago (3 children)

The difference being that Motorola is a well established device manufacturer and not just a community project with minimal funding. Google using play integrity to exclude a competitor could be very easily seen as an abuse of market power and they already have problems with antitrust laws.

load more comments (3 replies)

load more comments (8 replies)

[–] mrnobody@reddthat.com 14 points 3 days ago (2 children)

Unless on Motorola devices (soon).

I hope it's like FairPhone where you get to choose android or Murena/e/

[–] VeganCheesecake@lemmy.blahaj.zone 12 points 3 days ago (2 children)

We wouldn't want any Graphene OS device to fulfill the requirements necessary to be certified. That would make it useless.

'Rooted' doesn't mean rooted, it means the Google API it checks against says no. And is unlikely to say yes on any device that isn't 'official Android', with Google Apps having System access.

load more comments (2 replies)

[–] hummingbird@lemmy.world 10 points 3 days ago (2 children)

Make no mistake. If Google does not certify GrapheneOS on Motorola, these devices will be flagged as modified by Googles API just like on any other device.

load more comments (2 replies)

[–] dorumon@lemmy.cafe 8 points 3 days ago (1 children)

Honestly thank you for posting this. Lest I would've lost my Google and Microslop account.

load more comments (1 replies)

[–] cerebralhawks@lemmy.dbzer0.com 7 points 3 days ago

Cool, the fewer people using Microslop apps, the better.

load more comments