Google tries to defend its Web Environment Integrity - eviltoast

I’m happy to see this being noticed more and more. Google wants to destroy the open web, so it’s a lot at stake.

Google basically says “Trust us”. What a joke.

  • 1984@lemmy.todayOP
    link
    fedilink
    English
    arrow-up
    50
    ·
    1 year ago

    Yup I noticed this also. I used a rooted phone without Google apps on it and so many apps simply refused to work. They use Googles api in the background which means Google finds out about literally everything we do on our phones. They already own the entire operating system but we can’t even run apps without them being in the middle.

    This is all similar to using Microsoft Windows or Mac OS so I guess people are so used to this behavior that it’s somehow ok.

    But I’m a long term Linux user and I’m used to the OS not calling home and not reporting what apps I use. And this is how it should be. I’m so over big tech it’s not even funny anymore.

    • Zak@lemmy.world
      link
      fedilink
      English
      arrow-up
      23
      ·
      1 year ago

      I used a rooted phone without Google apps on it and so many apps simply refused to work. They use Googles api in the background

      This has nothing to do with being rooted but with Google encouraging people to build apps using its proprietary libraries to make Google Android more valuable than Android Open Source Project. There may be a connection to the EU’s attempts to stop Google from forcibly bundling several of its other apps with the Play Store.

      For most use cases, good alternatives are available and it’s just a matter of developers being lazy, but I’m not sure there’s another good option for chat apps to get timely notifications without high battery consumption. MicroG provides an open source alternative to Google’s libraries and works for most apps, including chat notifications.

      • Max-P@lemmy.max-p.me
        link
        fedilink
        English
        arrow-up
        6
        ·
        1 year ago

        It’s a bit worse than just Google libraries, apps can use Play Integrity which uses hardware attestation to validate it’s bootloader lock status and that it’s running a vendor signed and Google approved ROM.

        Current bypasses emulate older devices without the necessary hardware, but those will eventually stop working and there won’t be bypasses unless someone leaks some master keys or finds TPM exploits to trick it into signing the integrity request. It’s very bad.

        • Zak@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          Yes, but they’re two separate issues. Many apps that don’t care whether you have root or a third-party Android build use Google’s libraries.

          Patching apps is another workaround. It won’t beat server-side checks, but I think those are still fairly rare. ReVanced makes it easy to do, though I’m not sure there are patches related to SafetyNet yet.

    • Max-P@lemmy.max-p.me
      link
      fedilink
      English
      arrow-up
      12
      ·
      1 year ago

      It’s even worse without Google apps, but I was talking about SatetyNet/PlayIntegrity specifically.

      The mere act of unlocking the bootloader, without even modifying anything, will cause all the problems I outlined, and it’s the same API that Google is proposing to use by browsers to check for device integrity.

      Stuff depending on Google libraries, eh, that annoying but people can and will reimplement those, be it microG or Wine/Proton. Not being able to see the weather I literally could get just looking out the window because my bootloader is unlocked? That’s insane.

    • Clegko@lemmy.world
      link
      fedilink
      English
      arrow-up
      9
      ·
      1 year ago

      This is all similar to using Microsoft Windows or Mac OS so I guess people are so used to this behavior that it’s somehow ok.

      Not so much used to it, but just kinda sigh and accept it because I like my apps to work. I’m a long time Linux user as well, and I still have to keep a Windows box around for random shit that just refuses to work on Linux for various bogus reasons.