Comment by ranger207
9 days ago
> It is impossible to protect data on rooted phones
What makes securing rooted phones different from securing rooted PCs?
9 days ago
> It is impossible to protect data on rooted phones
What makes securing rooted phones different from securing rooted PCs?
Phones are portable, and thus more likely to suffer from a physical attack. But that's about it.
It is, and always was a flimsy excuse to the strip user of control over his own device.
"Secure Boot" isn't actually there to protect the device from an attacker. It's there to "protect" the device from its own user. It's used to "secure" DRM schemes and App Store revenue streams.
>"Secure Boot" isn't actually there to protect the device from an attacker. It's there to "protect" the device from its own user. It's used to "secure" DRM schemes and App Store revenue streams.
1. Basically all the serious DRMs (eg. widevine L1) rely on the content being encrypted all the way to the display itself. The OS, secure boot or not, never sees the content in cleartext, because decryption happens in a secure enclave and is immediately encrypted to the display using HDCP.
2. The "app store revenue stream" excuse doesn't really make sense, because you can easily install third party apps on Android, even though nearly all phones have locked bootloaders.
Which is why even "unlocked" bootloader doesn't let the user load his own code into TrustZone.
The name "TrustZone" is rather ironic. It's most commonly used to run DRM code the user should never ever trust.
This is exactly what it is. Google only implemented playintegrity api to please banks and governments. This is all to lock out users and secure revenue and spying agencies.
I don’t get this too. Laptops are just as portable but don’t have this limitation (yet). This argument that it’s to protect banking and music apps is silly, those products work fine on pcs while maintaining security.
> those products work fine on pcs
In the EU, banking apps no longer do. They require a trusted companion device for 2FA, e.g. a smartphone app or a dedicated chip-and-pin device. This is enforced by the PSD2 directive [1], which has been in effect since 2019.
In contrast to that, you’re always allowed to do banking on an iOS/Android banking app. Banks seem to trust the integrity of the OS enough that they allow the app to be its own second factor.
[1]: https://en.wikipedia.org/wiki/Payment_Services_Directive
To clarify, that line was implying something that makes a big impact:
It matters a lot to distributors why like to trick copyright holders into thinking that DRM is effect, which could only be the case if it works 100% of the time on 100% of the users, which it generally doesn't.
In other words, security against the user.
Magic rock complicated. Grog say Grug too dumb to do magic rock right, so only Grog have secret magic rock key.
Grug pay Grog many shiny rock for make magic rock work, or Grog use key and magic rock stop working.
???
What?
https://grugbrain.dev/
Nothing. They just perceive the users as more stupid and incapable of handling their personal property properly.
The scariest part is, they might actually be.
If PCs were newly invented today, they may well have been locked down from the start. You already seeing the big names, Apple and Microsoft, with MacOS and Windows, respectively, inching along in that direction.