Google’s “Web Integrity” Android API could kill “alternative” media clients - eviltoast
  • Keith@lemm.ee
    link
    fedilink
    English
    arrow-up
    64
    arrow-down
    1
    ·
    1 year ago

    As someone who uses root (not at the moment but plans to) as I believe in owning my devices, fully, this is horrible. We still need to oppose this.

    • LiveLM@lemmy.zip
      link
      fedilink
      English
      arrow-up
      44
      ·
      edit-2
      1 year ago

      I know right? The article touches on this:

      Google said the inspiration for the original Web Integrity project was Android’s Play Integrity API, which already scans your phone for root privileges and denies access to things

      ^^^ this should have never, ever been a thing!

      • 0xD@infosec.pub
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        6
        ·
        1 year ago

        That is just standard and a completely sensible security measure for preventing people from tampering with an application. It cannot replace proper, server-side security measures but is a big step. Especially for stuff like banking applications.

        • BaldDude@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          9
          ·
          edit-2
          1 year ago

          I never really understood that:

          If I’m using my browser to do banking via the website, Having root privileges and tampering with the Browser running the applications is not an issue.

          If i use the banking app, Having root privileges suddenly become a problem.

          –> To me, it doesn’t look like the problem is technical, but that users are accepting things on mobile that they wouldn’t accept on a PC.

    • SkyeStarfall@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      21
      ·
      1 year ago

      The problem with root is that banking applications and many others straight up actively try to detect it and refuse to work if you are rooted. Android is in the process of being completely locked down.

      • limerod@reddthat.comM
        link
        fedilink
        English
        arrow-up
        20
        ·
        1 year ago

        Not just root. Some even detect if you have usb debugging enabled and warn or refuse to work unless you turn that off.

        • SkyeStarfall@lemmy.blahaj.zone
          link
          fedilink
          English
          arrow-up
          3
          ·
          edit-2
          1 year ago

          Last si rooted there were also workarounds, but they didn’t always work, relying on the workarounds being updated to fight ever more advanced detection methods. It was a cat and mouse chase.

          • glorious_puffy@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Apps I use work fine with vanilla magisk. If there are apps detecting root even after enabling zygisk, use magisk delta and enable magisk hide

        • limerod@reddthat.comM
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          What’s the workaround for apps detecting usb debuging or other user apps on your device? I’m not rooted, but use shizuku and WiFi adb for certain features on my android.

        • Pips@lemmy.sdf.org
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          The biggest continuing issue is NFCs, which will require people to accept that non-stock OSes are perfectly fine.

      • sadreality@kbin.social
        link
        fedilink
        arrow-up
        5
        ·
        1 year ago

        Switched to web browser…

        These apps are fucking obnoxious.

        Google wants you to pay for hardware but they get to control it because they can’t trust you lol

        • BearOfaTime@lemm.ee
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Yep, never have a root issue if you access a baking service via a browser.

          And with apps like Hermit you can make a web page very app-like.