this post was submitted on 06 Mar 2026
296 points (97.4% liked)

Android

21641 readers
61 users here now

The new home of /r/Android on Lemmy and the Fediverse!

Android news, reviews, tips, and discussions about rooting, tutorials, and apps.

πŸ”—Universal Link: !android@lemdro.id

πŸ’‘Content Philosophy:

Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it's in violation of the rules.

Support, technical, or app related questions belong in: !askandroid@lemdro.id

For fresh communities, lemmy apps, and instance updates: !lemdroid@lemdro.id

πŸ’¬Matrix Chat

πŸ’¬Telegram channels / chats

πŸ“°Our communities below

Rules

  1. Stay on topic: All posts should be related to the Android OS or ecosystem.

  2. No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to !askandroid@lemdro.id.

  3. Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to !androidmemes@lemdro.id.

  4. No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.

  5. No reposts or rehosted content: Share only the original source of an article, unless it's not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.

  6. No editorializing titles: You can add the author or website's name if helpful, but keep article titles unchanged.

  7. No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.

  8. No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.

  9. No offensive or low-effort content: Don't post offensive or unhelpful content. Keep it civil and friendly!

  10. No affiliate links: Posting affiliate links is not allowed.

Quick Links

Our Communities

Lemmy App List

Chat and More

founded 2 years ago
MODERATORS
ijeff@lemdro.id
ladfrombrad@lemdro.id
Paradox@lemdro.id
multimoon@lemdro.id
mikestevens@lemdro.id
Devgard@lemmy.world
limerod@reddthat.com
Netrunner@lemdro.id
296
Microsoft Authenticator might exclude GrapheneOS in the future due to root detection (piunikaweb.com)
submitted 2 weeks ago by schizoidman@lemmy.zip to c/android@lemdro.id
129 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Daniel_@discuss.tchncs.de 42 points 2 weeks ago (12 children)

Unfortunately not for me. I use Graphene and my company uses M$croslop.

[–] ViatorOmnium@piefed.social 90 points 2 weeks ago* (last edited 2 weeks ago) (4 children)

Work stuff should be on a work phone.

I don't understand why either the worker or the company would ever allow the use of personal devices for work.

[–] Elextra@literature.cafe 25 points 2 weeks ago (1 children)

Some businesses don't pay for phones but agreed

[–] halcyoncmdr@piefed.social 40 points 2 weeks ago (1 children)

That's their point. If the company requires you to use a phone, they need to provide it.

[–] bonenode@piefed.social 9 points 2 weeks ago (2 children)

They can also just let you go for someone else who has no clue about this and gladly would use their private phone for work. Depends on the job and company, of course.

[–] eleitl@lemmy.zip 4 points 2 weeks ago

You don't want to work for a cheap company.

[–] LemmyFeed@lemmy.dbzer0.com 4 points 2 weeks ago

That's dangerous thinking; "if I don't then someone else will." That's a common excuse that thieves use. And it's you doing the work of your oppressor.

Standing up for what you believe in isn't always easy, but it's always the right choice.

[–] KiwiTB@lemmy.world 14 points 2 weeks ago (1 children)

Because they are cheap and their tech lead is probably incompetent.

[–] popekingjoe@lemmy.world 5 points 2 weeks ago (1 children)

This is Walmart in a nutshell. A majority of the work phones at my store (used for stuff like inventory management) are Samsung Galaxy XCover Pros from like 2016. They were trash the day they released and they're especially trash now. The company is very slowly replacing them with Pixel 8s (like one every six months comes in). It is legitimately frustrating.

[–] limerod@reddthat.com 1 points 2 weeks ago

Why pixel 8 in particular? Wouldn't an A series pixel be cheaper.

[–] cole@lemdro.id 7 points 2 weeks ago (3 children)

my work pays my cell phone bill if I install Microsoft teams, and frankly that's a pretty good deal

[–] Railcar8095@lemmy.world 6 points 2 weeks ago (6 children)

With that money, get a second one and it's it only during work ours. Doesn't even need connection, use WiFi of tethering.

load more comments (6 replies)
[–] Daniel_@discuss.tchncs.de 1 points 2 weeks ago

So does my company

[–] Auli@lemmy.ca 1 points 2 weeks ago (1 children)

So didn't have to instsll intune or anything?

[–] cole@lemdro.id 1 points 2 weeks ago

yeah but you can disable most of it's invasive permissions so I'm ok with it

[–] zelahdieliekeis@piefed.blahaj.zone 1 points 2 weeks ago (1 children)

Not all works would allow it, but why not Graphene on work phones.

[–] ViatorOmnium@piefed.social 1 points 2 weeks ago (2 children)

What happens if the worker doesn't have a smartphone, or has one, it breaks and they don't have money to buy another for while, or what if they install a random app that encrypts their mailbox?

Even if you live in a 3rd world country where employers can force it, it's a stupid decision for the business.

[–] bajabound@lemmy.world 1 points 2 weeks ago

I can tell you what we do. Here's your yubikey. Then most find a new phone after a couple weeks.

[–] zelahdieliekeis@piefed.blahaj.zone 1 points 2 weeks ago (1 children)

I don't understand your line of questioning. If a bad thing happens then a bad thing happens. Potential for bad things indeed makes companies likely to lock down devices if they provide them, hence the qualifier "not all works would allow it." From an employee perspective, if you have the freedom to do it then more secure OS is more secure.

[–] ViatorOmnium@piefed.social 1 points 2 weeks ago* (last edited 2 weeks ago)

I have a work phone.

If didn't have a personal phone, it wouldn't matter.

If it breaks, they have insurance to replace it immediately.

There's no risk it will stop working because I didn't pay the bill.

And I can't install random crap because it's locked down.

And they have options like remotely wipe the device, if they think something weird is happening.

From my side. The phone is turned off the microsecond I clock out.

[–] in_my_honest_opinion@piefed.social 19 points 2 weeks ago (1 children)

It's a dark pattern but you can use any MFA provider with Microsoft services.

[–] Ghoelian@piefed.social 22 points 2 weeks ago (1 children)

Not necessarily. Microsoft's authenticator has an option where you have to tap a notification to approve, which isn't a standard TOTP thing. If your company requires that version of MFA, you pretty much have to use Microsoft's authenticator.

[–] Lets_Disco@retrolemmy.com 5 points 2 weeks ago (1 children)

Aw shit, this sucks because my company uses this authentication method.

I guess when the change finally happens I'll just be saying 'you owe me a phone for this'. Absolutely no way i am going back to Android just for this on my personal phone.

One possible workaround is to add more options to your security info in your work account. For example, I added my number and also a specific password as an option last year when I moved onto Graphene and had to update that info. Would that be an option?

Unsure if that would even work or if those options are more for account recovery (when no longer have access to a specific device)

[–] sudoMakeUser@sh.itjust.works 3 points 2 weeks ago (1 children)

If it cane down to it, I'm sure you could find an old phone or tablet to use just for that for work.

[–] Lets_Disco@retrolemmy.com 2 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

Yeah, this is what might be the final outcome

If i say give me a phone and they say "no, come into the office instead of working from home", I will produce an old phone faster than ya ckuld blink lol

[–] grandma@sh.itjust.works 1 points 2 weeks ago

The crazy part is the old phone will be orders of magnitude less secure than your current one.

[–] KiwiTB@lemmy.world 5 points 2 weeks ago

So does mine, and Oracle.... But that just means no slop installed

[–] ItsMyVault101@piefed.social 4 points 2 weeks ago (2 children)

MS MFA allows to use a different Authenticator App. On the step called "Start by getting the app" you just need to press the blue text above the "next" button which spells "I want to use a different authenticator app", there you can use whatever you prefer, even WinAuth works with this method.

[–] fluckx@lemmy.world 2 points 2 weeks ago

This depends on settings I think. I've had that option not being available on a certain client where I could only use their authenticator app.

[–] AlpacaChariot@lemmy.world 2 points 2 weeks ago (1 children)

I've used the FOSS app Aegis on Android for MFA of what I think was a Microsoft login (it was a website for a railway technical authority in the UK).

The app is on fdroid:

https://f-droid.org/packages/com.beemdevelopment.aegis

[–] Daniel_@discuss.tchncs.de 1 points 2 weeks ago

Thats intetesting, Iam using aegis in private.

[–] Gonzako@lemmy.world 4 points 2 weeks ago (2 children)

Can't use freeOPT?

[–] Railcar8095@lemmy.world 4 points 2 weeks ago

Not sure about this one, but many don't expose the key used to generate the codes, it's linked to your user.

So it's not trivial/possible to use a FOSS alternative.

This happens with okta too.

[–] Auli@lemmy.ca 1 points 2 weeks ago

No MS authenticator also requires internet and gives saysbis this you. Also requires a number.

[–] quick_snail@feddit.nl 3 points 2 weeks ago (1 children)

Gursd they'll have to buy you a work phone

[–] Daniel_@discuss.tchncs.de 1 points 2 weeks ago (1 children)

No they haven't . I get every month money for using my device for work (bring your own device).

[–] quick_snail@feddit.nl 1 points 2 weeks ago

Is that money enough to buy a phone? If not, they're not paying you enough for that.

If so, then you should actually spend that money on what it's meant for

[–] Fmstrat@lemmy.world 2 points 2 weeks ago* (last edited 2 weeks ago)

Old phone with remote desktop.

Works like a charm for many of these types of things. You can also forward notifications into NTFY or Matrix.

[–] excursion22@piefed.ca 2 points 2 weeks ago (1 children)

You can use a different authenticator with M$ accounts. Just choose to set up with a different app. Aegis is nice.

[–] Daniel_@discuss.tchncs.de 1 points 2 weeks ago (2 children)

Iam using aegis for my private logins. As I understand does Aegis not support MS Entra Logins.

[–] excursion22@piefed.ca 1 points 2 weeks ago (1 children)

I believe there's an admin option to allow 3rd party TOTP generators, so perhaps your IT admin turned it off. M$ doesn't make it a terribly conspicuous option when setting up 2FA as well.

[–] Daniel_@discuss.tchncs.de 1 points 2 weeks ago

My admin is unable to do this. πŸ˜’

load more comments (4 replies)