MobilePay stopped working, again

Hi Otto,

You’re right, Mobilepay stops working after few days. I use it very rarely but I just opened it and got the same error message as you did.

At the moment it’s little bit difficult for me to judge the situation, as I just have changed from Galaxy S9 (A13 community) to Pixel 8 (A15 official). It worked great on my old phone but it looks like it doesn’t work on my new phone. Both are official /e/OS phones, so bootloaders are locked etc. But does A13 / A15 make the difference, I can’t tell as the Galaxy S9 is not in use anymore.

The shitty part of this issue is, that Mobilepay is just too popular payment method between private people, so it’s slightly hard to live without it.

Hi all, I’m sorry about these problems with MobilePay, please know we are working very hard with the Murena team to make sure that as many apps as possible work well.

This message is to ask if you would please also contact the developers of any app that is not working. This is a big battle for us and the support from our community in this would be very appreciated (and we have seen it have success in the past!)

Hi Rik, unfortunately, we don’t have any official way of reaching developers behind the MobilePay app.

I contacted VIPPS MobilePay in summer, and got this reply from them 8/7-25 (translated by Bing and me):

”Vipps MobilePay is required by the banks to use Chrome Custom Tabs in the Android app when performing MitID verification. Previously, we carried out this verification in a WebView. The difference between Chrome Custom Tabs and a WebView is that the former runs in an external process outside the app, while a WebView runs inside the app.

We have already implemented this solution in the Android app, but until now, we had a feature that allowed users without a browser supporting Chrome Custom Tabs to continue using WebView. We have gradually limited this feature and in the future, we will remove this option entirely.”

VIPPS MobilePay wouldn’t answer more questions from me, and said that I could complain to the Norwegian Finanstilsynet, which oversees banks in Norway (as MobilePay is Norwegian owned). I haven’t done that yet, because first I wanted to contact some Danish banks to see if they could confirm that they made these requirements.

I only got answers from Danske Bank and Jyske Bank (the largest and third largest Danish banks, respectively). They wouldn’t confirm this and said they didn’t know how the banks put forward requirements to MobilePay. Or if they even do. The only thing I got confirmed was that both the bank apps from Jyske Bank and Danske Bank work with other browsers. Meaning that the banks would then require something else from MobielPay than what they require from their own apps… which just sounds weird and doesn’t support MobilePay’s case.

Now, a new problem has arisen: That MobilePay evidently has build in a regularly check via Google Services API to see if the connection is “secure” according to Google… This means that we now can authenticate via Brave and get into the MobilePay app - only to be denied access again some hours later. But at least this mean you have access for a little while, which is better than before…

I still plan to complain to the Norwegain Finanstilsynet, I just wanted to find out how to build my case. Ideas are welcome! I will focus on a) that MobilePay is a monopoly in Denmark and therefore has a special responsbility as a public service provider to include everybody, and b) how can they choose Google’s definitions of what is “secure”? The last bit I would like some ammunition for

Hi everybody - let me just add a little additional information that is relevant both in Finland (for you @Rik) as well as in Denmark.

Because, in my understanding, there are more than one problem here - there are at least two, and one of them has nothing to do with MitID:

1. The first problem is ONLY relevant in Denmark:

When you intall the MobilePay app you have to identify yourself in some way. In Denmark that is done via MitID verification. There are two common ways to use MitID - either you use the MitID app, which unfortunately won’t run on e/OS (that’s another story - although it is in fact quite similar), or you use a dedicated external device that shows a code (kodeviser).

The latter method used to work. But as @Bettina writes, MobilePay has changed the way they check the MitID verification. Previously, it was done internally in the app via WebView, and that worked fine. But for some reason (they claim it’s a requirement from Danish banks, but the Danish owner of Mobile Pay, Danske Bank, refuses that explanation) they have changed it, so now the MitID verification is now carried out in Chrome Custom Tabs, i.e. in browser external to the MobilePay app. This is where it gets interesting for you @Manoj. Because if you try to carry out that verification in the built-in e/OS browser, it fails. But it turns out, that if you e.g. install the Brave or Vivaldi browser it goes well. However, you need to make sure that the verification is carried out in one of these browsers and not in the default e/OS browser. Some have written that you have to delete the e/OS browser to do that. However, that’s not necessary. You just need to follow the recipe that @autobahn has been so kind to provide here Danish users of Fairphone E-OS - #10 by autobahn

This first problem can easily be overcome as described.

2. The second problem is relevant for all MobilePay users whether in Denmark, Finland or anywhere else:

Since the MobilePay app can be used to create a lot of financial mess, MobilePay wants to be sure that it’s running on a safe device. This is a tricky question to answer, so instead of figuring that out themselves, MobilePay rely on Google Play Services API. This is, of course, a big problem from a privacy point of view.

Exactly how the check works, I don’t know. But I have some indications that the verification will fail if a) an app is installed outside Google Play, b) the version of Google Play is outdated, c) the phone doesn’t support Google Play Services, d) or the phone is rooted. In any case, the check will fail in e/OS. But how can MobilePay work for a short time then?

Well, it turns out that the MobilePay app is only doing the check periodically to identify whether something has been compromised since the app was installed (first check) or since last time it did the check. So when you install the app, and you have gone through the identification process (as described in 1. above for Denmark) the app works fine. But as soon as it has made the first check and gotten a negative reply, it blocks itself with the error message that @otto.liljalaakso has posted.

There is a workaround, although it’s cumbersome, but at least you don’t have reinstall the app: You can delete the app storage (Settings → Apps → MobilePay → Storage and cache → Clear storage). Now you will start all over, as if you had just installed the app. This means that you will have to do identification process again (point 1. above for Denmark) and then you can use the app - but only until it does the first “safety” check whereafter it will block itself again.

As far as I can tell, there is nothing the e/OS team can do about this. If we want the MobilePay app to run on e/OS we have to put pressure on MobilePay to stop checking via Google Play Services API. In the current circumstances where Europe desperately is trying to break free from American big tech ASAP, there might be a realistic possibility to pull that through if we’re very vocal about the issue on social media and the media in general. At least, here in Denmark it’s a hot potato as we say.

Thanks Lars for the excellent description!

Do you have some pointers reg. how we could argue that using “Google Play Services API” is a security concern in EU / European countries?

I’m thinking something like this, but would like some input for my complaint to (first) the Norwegian Finanstilsynet (because MobilePay is Norwegian owned) and then the Danish Ombudsmand:

1. Relying on Google / Alphabet to define security & device integrity for us is dangerous, because it means that American laws and politics decide, not Danish / Norwegian / European.

2. Even if you buy and pay for your smart phone, you don’t control it, Google does. And if they decide to change the way they carry out their security & device integrity checks, they don’t have to tell us how or why. The only defense we have is to use degoogled / non-google/apple-operating systems like f.ex. Murena eOS - but MobilePay makes this impossible when they lock in to Google’s ways of doing things.

3. Google does not comply with GDPR, and we have no way of knowing what they use our data for. A private organisation like MobilePay shouldn’t force citizens to stay with a company that doesn’t follow EU/national law.

4. If Google decides that the MobilePay app shouldn’t even be present in the Play store anymore, because of politics, they can do it.

So both for emergency preparedness reasons (beredskab), for privacy / GDPR reasons, for rule of law reasons (basing integral infrastructure on EU/National law, not American) AND for security reasons, MobilePay should stop tying their systems to Google/Alphabet/Apple.

See also the enclosed article in Danish by IT specialist Poul-Henning Kamp: Aldersverifikation | Version2

Great points @Bettina. And you’re right that the company Vipps MobilePay is registered in Norway. However, Danske Bank owns 27,8% of the shares.

Here are my comments to your points:

1. Good point: As MobilePay is used in Finland as well, you could change your point to reflect that: Norwegian / Danish / Finnish / European law.
2. Right - you might want to emphasize that Vipps MobilePay is not in control of their solution, which means that their business can be ruined, if an American big tech company decides, maybe because of political pressure, to exclude a certain brand of smartphones or a certain version of open source Android. The the former is probably the case for Huawei, and the latter is the case for e/OS.
3. Exactly - but you can even make it more strict: If Vipps MobilePay’s product is depending on a platform that is not GDPR-compliant, there is no way they can claim their product to be GDPR-compliant. We haven’t really seen this argument been used in cases like this before, as far as I know, probably because it’s delicate: If MobilePay is not GDRP-compliant according to this argument, neither is MitID, just to take an example. I should know as I’m working professionally with GDPR, and in my mind there can’t really be any question about that. So that’s not where the battle will be. No, the battle will be about whether Google Play Services is GDPR-compliant or not. Because if Google Play Services is not GDPR-compliant that will mean that the same is the case for all Google Android Mobiles in Europe, i.e. they will all be illegal . Some of us are not in doubt, but officially that’s not the consensus. So the real issue is to prove that Google Play Services is not GDPR-compliant. As a side note, I just searched for whether Android is GDPR-compliant and that let me to this website. And the first thing I notice is that the site itself is not GDPR-compliant in its use of cookies. A fundamental principle in GDPR is privacy by design and privacy by default. This website fails on both as Google cookies are set by default and the only option you have is to click OK. So much for Google’s understanding and ambitions in relation to GDPR .
4. Yes, that’s one thing - meaning that you will not be able to install the app anymore. But it’s worse than that: By depending on Google Play Services’ approval of the app, I’m pretty sure Google has the power to pull the plug on MobilePay from one day to the next. That would mean the end of the company very, very quickly. Has that been included in their risk assessment, and if it has, what’s their plan B? I’m pretty sure there is none, because if there was a plan B, why not make it plan A instead? So this is a huge business risk for Vipps MobilePay - especially as the US president threatens Denmark over the dispute about Greenland.
5. A final point: I’m not a lawyer, but as you have also pointed out yourself, MobilePay has a de facto monopoly in Denmark - at least if you disregard the smartphone-based payment solutions from American big tech. In my view, that means that Vipps MobilePay has a to live up to more stringent requirements from society - very much in the same way as TDC had to share the phone network with competitors when it was privatized. This means that even though MobilePay is made by a private company, they should have to comply to requirements set by the Danish parliament. Unfortunately, as long as state-owned solution like MitID isn’t any better in this respect, we can’t expect Vipps MobilePay to take that argument seriously.

Thanks for your excellent input, @Lars_O ! I have updated my notes

Regarding how to argue that Google doesn’t comply with GDPR, I’m not sure how to approach it. My first thought is that people would probably argue that there are no personal data on OS level? I don’t even know if that is true (as there problably are data equivalent with “IP address” on a pc? Which is considered personal data IF you can tie to the person. And I would imagine that is very easy to do on a regular Google smart phone, as you log in with you google account and probably use your google gmail, which is again tied to everything you do). But I don’t know much about how smart phones work, and if this is enough of an argument?

I therefore wrote to someone to hear if they could help.

I’m not sure what more I can do for now… But I’m still happy to get all this input! The more concrete I can be in my complaint, the less easy it is to wave me off.

You’re welcome @Bettina. Just a note regarding personal data: If you use a Google Android smartphone you have to have a Google account. When you use the smartphone you’re logged into that account. And I’m pretty sure that with all the information Google has, they can link a Google account to a physical person: For instance, your name is required to set up your account, and if you have saved your home address on Google Maps, it’s a no brainer. I’m totally sure Google can point to who you are. So not only do they know who your are, they will know your IP and your location in real time. So yes, they have access to personal data on OS-level - no doubt. Of course, they will claim that it’s not transmitted to anybody, but hey .

The issue here is that if there is a public consensus that Android is GDPR-compliant, it’s very much uphill to prove otherwise.

@Lars_O But didn’t you just prove it…?

However I do know that cognitive dissonance prevents people from believing facts, so there is that…

I did just that. Their reply below. You will have to translate it from Danish though.

Best wishes.

"Tak for din mail.

Vi kan sagtens forstå dine frustrationer - specielt med den verdenssituation vi har i øjeblikket.
Som det fungerer lige nu, er det dog et krav, at MobilePay kører på en certificeret Android- eller iOS-enhed og er installeret fra Google Play Store eller App Store. I afsnit 2.3 i vores brugsbetingelser forbeholder vi os retten til at stille krav til enhedens operativsystem. Vi foretager løbende justeringer af disse kontroller. Det er bl.a. af sikkerhedsmæssige årsager - det er en kombination af vores egne vurderinger og vurderinger, som vi er forpligtet til at følge af tredjeparter, som f.eks. banker og andre betalingsaktører.
Når det er sagt, så er der intet, der er skrevet i sten. Vi arbejder løbende på at forbedre appen og i den forbindelse sender vi naturligvis dine tanker omkring det videre til de ansvarlige på området.
Link til betingelserne: https://strtermsprod.blob.core.windows.net/terms-and-conditions/2025-11-12-PrivateUser-DK-019a778f-aca4-7657-93d2-8a2cbaf3c7f2.pdf

Hvis du fortsat ønsker at slette/opsige din MobilePay aftale, kan du blot besvare denne mail med dit MobilePay mobilnummer samt den mailadresse, du har tilknyttet din MobilePay. Så opsiger vi aftalen hurtigst muligt.

God weekend.

Med venlig hilsen / Best Regards,

Support Specialist
Vipps MobilePay AS

Hi Bettina.

You can send a complaint to this address:
klage@vippsmobilepay.com

There should be an alternative adress for non Danish users (check the corresponding web page).

I recommend you all do this as well, this is the only way to put pressure on them.

Hi Martin, I already did! That’s why next step is the Norwegian Finanstilsynet.

The funny part of the issue is that even I’m not able to login, I still receive notifications when people send money.

So the question is, should I continue to keep this super crippled app, hoping that they will fix it someday (not likely), or just ask their customer service to wipe my account together with a final complaint? Hard decision…

So, I’ve logged in to MobilePay several times over the past 10 days, and the longest I’ve been allowed in was 20 hours, but usually it’s a lot shorter. However, at least I can log in and send money, and that’s better than before. When I’m out, I usually pay and ask people to transfer to me, because that works regardless

But I still decided to send the complaint, and if you want to read it, the English version is here: https://www.hartmannconsulting.dk/wp-content/uploads/2026/01/20260124-klage-til-Finanstilsynet-over-Mobilepay-Bettina-Hartmann.odt

The Danish version: https://www.hartmannconsulting.dk/wp-content/uploads/2026/01/20260124-klage-til-Finanstilsynet-over-Mobilepay-Bettina-Hartmann_DA_Bedit.odt

If you want to send a complaint yourselves, you are welcome to pick from mine

PS - If you need to translate it, you can create a profile on the EU login and use their translation tool: https://webgate.ec.europa.eu/etranslation/translateTextSnippet.html
(I was required to use a security key as the second factor login).

Tak for at du bruger tid og energi på dette Bettina. Det er næsten endnu mere latterligt med MitID app, de er også umulige at kommunikere med.

Mvh.
Martin

Det kunne jeg forestille mig! Jeg bruger kodeviser, så det hjælper jo lidt på det…

I had E/OS on my phone, and i had this problem often. It was just annoying to having to login again everytime, so i went back to Stock ROM back on my phone. The issue is still happening, I literally have the normal android ROM and this mobilepay error still happens. Is my phone permanently “modified” forever because i had E/OS installed on it? I’m almost buying a new phone because of this issue. Any advice to fix this issue yet?

@Intherasion if you have rooted your phone, I’m afraid that you’re stuck in that situation. As I wrote under point 2 in my previous post ( MobilePay stopped working, again - #24 by Lars_O ), MobilePay will periodically check with Google Play Services API if the device is safe. And if the device has been rooted, the answer is going to be negative, which means MobilePay will refuse to run.
If your phone was not born with e/OS you have broken the seal between the phone and the original OS, and, as far as I’m aware, that seal is very hard to reestablish - if at all possible. So even if you have reinstalled your original OS, Google Play Services will still deem your phone as rooted and MobilePay will refuse to run after a while.

Just found this thread after experiencing the same problem (in norwegian, with vipps: Henrik Sørlie: "Erfaringer med #vipps på @murena@mastodon.social …" - Vivaldi Social ). Thank you for taking the time and effort to write this letter, Bettina. Just read it and it’s very good. Hopefully it will make someone look into this. In the mean time I’ll contact vipps as well. The more people they receive this feedback from, and the more public it is, the more likely a change. Your letter provides some excellent talking points in that regard.