Google’s “Web Integrity” Android API could kill “alternative” media clients | Ars Technica - eviltoast
  • Sloan the Serval@pawb.social
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    So, in other words, I’ve been halucinating the fact that these services work perfectly fine on my Omnirom-patched OnePlus 7 Pro?

    • Orion (awooo)@pawb.social
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Nope! The point is that the hardware is deployed, and strong attestation is available.

      But for now, a lot of apps still rely on the old SafetyNet or weak integrity. So the clock is ticking, the more up to date devices running modern Android there are, the more likely these apps are to switch over to the new system and require hardware attestation, because why wouldn’t they once everyone is “ready” for it.

      I’m not sure what you’re trying to argue against, what I’m trying to say is that the technology is very dangerous and must be banned, I’m with you on user control. But I won’t fall into a false sense of security about being able to bypass everything, because we don’t have control over low level hardware as we do with software, so these megacorps have the upper hand.

      • Sloan the Serval@pawb.social
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        I’m not saying it wouldn’t be an issue, ideally this kind of stuff should be banned whether there’s a workaround or not, because the average user is still going to have to deal with. My point is that, well, if you build a 10 foot wall, someone’s going to make a 12 foot ladder to get over it.

        The system relies on an encryption key stored on the device, right? That’s actually a really stupid idea if you don’t want people breaking that encryption. Someone’s eventually going to figure out how to access that. Even the Nintendo Switch, previously notorious for being a completely airtight system, has been jailbroken.