Comment by chmod775
10 days ago
At the end of the day someone could always grab this code, remove the verification step, and distribute that as a new app.
10 days ago
At the end of the day someone could always grab this code, remove the verification step, and distribute that as a new app.
That "someone" doesn't understand how hardware backed platform attestation works.
The wikipedia page does a pretty good job at explaining it: https://en.wikipedia.org/wiki/Trusted_Computing
Yes, they do. There's nothing in the spec this app implements that actually requires that step. The app just chooses to do it in this case.
Or rather is planning to. Right now it doesn't even have that integrity check, despite fully implementing the verification flow.