Comment by mavamaarten

17 hours ago

My country launched an identification app (https://mygov.be/) that does the same thing. I have no idea what they're trying to achieve. Security through obscurity? Trying to piss off power users?

I'm a developer and use adb and some dev settings daily. Annoying af to have to disable developer mode constantly.

3 comments

mavamaarten

Reply
the_biot  16 hours ago

It's fundamentally client-side security: the phone tells the server "no, I haven't been rooted" and the server believes it.

Any security system that relies on any form of client-side security is going to have other problems as well, since its designers haven't grasped this basic principle.

  • fc417fc802  4 hours ago

    That used to be a core principle but might not be guaranteed anymore. Depending on the implementation it can be near impossible to bypass modern hardware backed security. As it should be!

    The policy issue at this point is that users effectively aren't in control of their devices anymore.

array_key_first  8 hours ago

I had to turn on developer mode just to reduce blur in Android 16. It's incredible that's locked behind a developer mode setting.