Comment by pimterry
20 days ago
I think Play Integrity is the fundamental issue here, and needs to go. That's the crux of the issue.
Allowing apps to say "we only run on Google's officially certified unmodified Android devices" and tightly restricting which devices are certified is the part that makes changes like this deeply problematic. Without that, non-Google Android versions are on a fair playing field; if you don't like their rules, you can install Graphene or other alternatives with no downside. With Play Integrity & attestation though you're always living with the risk of being cut off from some essential app (like your bank) that suddenly becomes "Google-Android-Only".
If Play Integrity went away, I'd be much more OK with Google adding restrictions like this - opt in if you like, use alternatives if you don't, and let's see what the market actually wants.
Banks seem to actually "want" Play Integrity. At least they act like it. I bet they would like for normal online banking on user-controlled devices to completely go away.
Of course they do, and of course they would. Banks are in a crazy legal position where they are financially liable for user stupidity. If my bank account gets breached, it doesn't matter that I didn't take any reasonable security measures, the bank will still have to refund me. If the bank could say "you didn't follow our recommended security practices to use a PW manager and MFA or passkeys, so it's a FAFO situation for you," then they wouldn't be pushing for this stuff. But they can't do that because the government doesn't allow them to.
There is even government regulator pressure now for financial services to be liable for cases where the user legitimately authorizes a transaction to a party that turns out to be a scammer. Of course the banks want to watch your every move and control your devices. They would be stupid not to given the incentives.
In what country do you live? In America, users are liable for the banks stupidity. If they don’t verify credentials and give away all of my money, I do NOT get it refunded, they are NOT responsible, and I am the victim of “identity theft.”
8 replies →
On the flip side, banks have the worst fucking security outside of demanding you use an app. Let me use 2FA that isn't bespoke.
2 replies →
I understand all that but I don't see how that's any less secure than a browser.
6 replies →
If they want to do it properly, they can use the Android hardware attestation:
https://grapheneos.org/articles/attestation-compatibility-gu...
Only because it's there. I don't think the would demand it if it wasn't offered, but once it's there imagine being in a bank and saying to management "it recommend we don't enable this security feature that works on 99.99999% of phones".
As someone who used to work for a bank building applications I would say no. This is definitely a feature companies and organizations like banks would request if it wasn't available.
There are a lot of scams targeting vulnerable people and these days attacking the phone is a very "easy" way of doing this.
Now perhaps there is a more forgiving way of implementing it though. So your phone can switch between trusted and "open" mode. But realistically I don't think the demand is big enough for that to actually matter.
46 replies →
On the other hand, it's not really up to the bank. It's my money, not theirs.
I really wish I wouldn't need to have my money managed by some corporate drones in suits but it's really hard these days to do without a bank account.
This is why I was really into crypto at the beginning; it envisioned giving us control abck over what's ours. But all the KYC crap and the wishes of the speculators for more oversight basically made crypto the same nasty deal as the public banking sector.
It is desired enough that plenty of developers license third party libraries that roll their own device attestation, instead of or in addition to Play Integrity.
What's absurd though is that they have never demanded it for browsers. I think there is a much higher risk of someone being tricked into downloading a compromised browser with a backdoor than someone being tricked into downloading a modified version of their particular banking app. It gives the attacker the same level of control though.
Is this not more or less what Manifest is attempting to do? The headline grabber is that it disables ad-blocking but it's essentially trying to establish the browser as a "trusted" (owned) platform, no?
2 replies →
Banks have never accepted browsers. They don't need to because they can require the web app be paired with a mobile app or SMS code to log in. Before they used mobile apps they issued smartcard readers (at least they did everywhere I lived). The smartcard readers were also used to digitally sign transactions.
In other words, there aren't many banks that let you take sensitive actions with just a browser and that's been true since the start of online banking.
These days they also apply differential risk analysis based on the device used to submit a transaction and do things to push people towards mobile. For instance in Switzerland there's now a whole standard for encoding invoices in QR codes. To pay those you must use the mobile apps.
Edit: people are getting hung up on the "never accepted browsers" part. It means they only use the browser for unimportant interactions. For important stuff like login or tx auth, they expect the use of separate hardware that's more controlled like a SIM card/mobile radio, smartcard or smartphone app. Yes some banks are more lax than others but in large parts of the world this was always true since the start of online banking.
36 replies →
Because it allows them to outsource "security", for "free".
If play integrity went away, all mainstream Android users would suddenly experience a huge increase in captchas and other security measures.
It’s funny to see the volume of comments on HN from folks who are outraged at how AI companies ferociously scrape websites, and the comments disliking device attestation, and few comments recognizing those are two sides of the same coin.
Play integrity (and Apple’s PAT) are what allow mobile users to have less headaches than desktops. Not saying it’s a morally good thing (tech is rarely moral one way or the rather) just that it’s a capability with both upsides and downsides for both typical and power users.
There is no logical inconsistency in disliking abusive scraping, remote attestation, malware, and CAPTCHAs at the same time. Of these, I merely dislike CAPTCHA while I make moral judgments about the other three.
I see creating a mechanism for remote attestation of consumer devices as morally bad because it's a massive transfer of power away from end users to corporations and governments. A scheme where only computers blessed by a handful of megacorporations can be used to interact with the wider world will be used for evil even if current applications are fairly benign.
Yeah, its like the world has been turned into one giant corporation, and the only computers you can use on it are corporate, botted, Active Directory joined, crap. All machines are belong to them.
It is not so simple!
Play Integrity's highest level of attestation features requires devices to be running a security update which is within a sliding window of 1 year.
LOTS of Android devices have not released a security update in many many years. This forces users to unnecessarily upgrade to higher end OEMs.
Google is effectively pushing out Xiaomi, Huawei, and many others that offer excellent budget options. Google is not just offering you the comfort of not having to fill out CAPTCHAs on your phone, most importantly they are playing monopoly.
Why can't "low end OEMs" release security updates?
10 replies →
This is only allowed to exist because the justice system and politicians are mostly tech illiterate.
Play Integrity is not compliant with any antitrust legislation, that's painfully obvious. The sole and only purpose of this system is to remove non-Google Android forks.
As someone working on a product that relies on Play Integrity and PAT to give legit mobile users zero captchas while challenging non-attested clients, I promise you are quite wrong here.
The benefits may not be sufficient to offset the harms you see, but if you don’t understand how and why these capabilities are used by services, I’m also suspicious you understand the harms accurately.
Using Play Integrity for captchas is completely useless, criminals are using unmodified devices farms on racks anyways. Why would they need to modify their device?
Betting on Play Integrity to solve that is betting that devices will become more expensive in the future, that's quite obvious that the opposite is happening, they are getting cheaper and cheaper.
Using your dominance in one market to secure the dominance in other market is illegal monopoly, no matter how convenient it might be for a third party.
> if you don’t understand how and why these capabilities are used by services, I’m also suspicious you understand the harms accurately
Yeah, I see this mentality a lot on HN (and kinda everywhere for that matter). "Anyone who disagrees with me is evil, and must therefore have evil motives for everything they're doing. The reasonable/innocent explanation they give for why they're doing this must actually be a front for this other shadowy, nefarious motivation that I just made up on the spot, because surely nobody ever does bad things for good reasons. Certainly not those evil people who disagree with me!"
I hate having to defend Google here, because I think this is genuinely a terrible, freedom-destroying move, but malware on Android is a real problem (especially in Brazil, Indonesia, Singapore, and Thailand, where they're rolling this out initially) and this probably will do a lot to solve it. I'm just categorically against the whole idea of taking away the freedom of mentally sound adults "for their own good" regardless of whether it works or not, and this particular case is especially maddening because I'm one of those adults whose freedom is being destroyed.
6 replies →
Id be more convinced that this was about malware and your security if you could turn it off.
I think this is mainly just an attempt to kill things like newpipe.
Add blocked bootloaders, remember when Huawei let you just do it if you wanted?
Most devices are just blocked and won't let you unblock. It is stuck it OS.
You can't even try alternatives.
HarmonyOS is open source (according to Wikipedia) but some of the tooling does not appear to be. I.e. can only get the simulator from mainland China.
OpenHarmony and LiteOS are open source, Harmony OS is partly proprietary.