Comment by brookst
19 days ago
If play integrity went away, all mainstream Android users would suddenly experience a huge increase in captchas and other security measures.
It’s funny to see the volume of comments on HN from folks who are outraged at how AI companies ferociously scrape websites, and the comments disliking device attestation, and few comments recognizing those are two sides of the same coin.
Play integrity (and Apple’s PAT) are what allow mobile users to have less headaches than desktops. Not saying it’s a morally good thing (tech is rarely moral one way or the rather) just that it’s a capability with both upsides and downsides for both typical and power users.
There is no logical inconsistency in disliking abusive scraping, remote attestation, malware, and CAPTCHAs at the same time. Of these, I merely dislike CAPTCHA while I make moral judgments about the other three.
I see creating a mechanism for remote attestation of consumer devices as morally bad because it's a massive transfer of power away from end users to corporations and governments. A scheme where only computers blessed by a handful of megacorporations can be used to interact with the wider world will be used for evil even if current applications are fairly benign.
Yeah, its like the world has been turned into one giant corporation, and the only computers you can use on it are corporate, botted, Active Directory joined, crap. All machines are belong to them.
It is not so simple!
Play Integrity's highest level of attestation features requires devices to be running a security update which is within a sliding window of 1 year.
LOTS of Android devices have not released a security update in many many years. This forces users to unnecessarily upgrade to higher end OEMs.
Google is effectively pushing out Xiaomi, Huawei, and many others that offer excellent budget options. Google is not just offering you the comfort of not having to fill out CAPTCHAs on your phone, most importantly they are playing monopoly.
Why can't "low end OEMs" release security updates?
They can, it would likely just increase the cost of cheap devices to end users, as the manufacturer now has to provide additional software support and does not want to lose money.
8 replies →
Because they fucking suck. I never heard desktops or laptops being tied to Dell or Asus or what not for run of the mill kernel or os upgrades. If phone makers want to be fucking ass by locking down bootloaders, jealously preventing reversing etc preventing kernel devs etc from doing their own thing then they should accept the just label of being fucking ass or take on the responsibility of supporting it forever.