Comment by mavamaarten
5 hours ago
My country launched an identification app (https://mygov.be/) that does the same thing. I have no idea what they're trying to achieve. Security through obscurity? Trying to piss off power users?
I'm a developer and use adb and some dev settings daily. Annoying af to have to disable developer mode constantly.
It's fundamentally client-side security: the phone tells the server "no, I haven't been rooted" and the server believes it.
Any security system that relies on any form of client-side security is going to have other problems as well, since its designers haven't grasped this basic principle.