Comment by zx8080
1 day ago
It's because "security" is not a user one, but a security of Google Play Services.
As rooting may tamper the google's telemetry (can we already call it "spying" please).
1 day ago
It's because "security" is not a user one, but a security of Google Play Services.
As rooting may tamper the google's telemetry (can we already call it "spying" please).
Not to mention, play integrity is being used a some sort of "anti cheats" by bank apps and other essential services. Even some government apps in the EU, essentially forcing you to be spied on by google.
The worse part is that, you can do all of those functionality with a browser on linux (or Android), yet to use them as Android apps on a device without gapps (even if jt's not rooted and with locked bootloader) is not allowed. Make this make sense.
> Even some government apps in the EU, essentially forcing you to be spied on by google.
The same in India. I can't use even the government weather app and the disaster alerts app without signing in to google play.
Seeing that this malpractice (of forcing the users into Google's surveillance net) is widespread among seemingly unrelated agencies like banks and government agencies of several nations, I would really like to know who is peddling this draconian scheme among them.
I want to send some angry rants to the app owners/developers and ask for those malicious peddlers to be permanently banned from further interference in cyber security matters of these institutions.
I would not be surprised if Google is sponsoring a lot of this efffort targeting young devs, and "teaching about security". They basically positioning their services as "authenticators" of truth, despite it 100% being cat and mouse game still.
1 reply →
Play Integrity and Play Services are two different things.
Play Integrity is a remote attestation scheme by which apps can ask the OS to prove to a remote server that it is unmodified. It allows apps to refuse to run on devices with root or third-party ROMs.
Play Services is a set of libraries and APIs for things like network-based location, push notifications, and advertising. Nearly all Android phones include it, and users of third-party ROMs can add it at install time (but not later) with packages like MindTheGapps. There's an open source substitute called MicroG that allows most apps to run without it.
1 reply →
moto g15 in hand, deguggled as much as possible right out of the box, no guggle accounts or big tech apps, bank through a browser, but there is defintly a lot of outright fraud as to bieng able to turn off google apps, it is an arcane procedure to turn off notifications, insisting that nothing will work without "play store" installed, though it is clear that going to a linux phone will become the only way to avoid adversurvielance security and tracking from taking over my device completly. keep in mind that our techno facist elite did provide the "intel" that led to ICE bieng sent to a particular area code in minaipolis, where they executed a mild mannered chearfull poet, who's last words, somehow knowing, were, "i dont hate you". "tech" is central to whatever comes next
https://calebhearth.com/dont-get-distracted
1 reply →
Yeah India, because a lot of people are having their lives ruined by scammers everyday. Get off your fucking high horse, it literally protects users. Before you start judging, do a simple search. It's not one off cases.
3 replies →
> The worse part is that, you can do all of those functionality with a browser on linux
This isn't true, actually. Banks and gov entities use those mobile apps as authenticators. They do have a distinct purpose.
I do not have a smartphone and have had no problem being a customer of multiple top banks. They strongly _encourage_ you to use apps, but if smartphones are against your unspecified religion, alternative paths always appear.
4 replies →
The reason this happens is because big companies get their software pen tested. Part of the pen test report will include something like “accessible from jailbroken devices.”
The pen test results get put into the ticket system as immovable entries. Engineers will question them, only to be shot down by the cyber security department who organized the pen test. The engineers will eventually accept that they cannot convince cyber to drop the issue, and implement the jail break detection.
Why does cyber mandate it? Because no one in a large company wants to accept the risk, even imaginary risk. They want to be able to say, when security is breached, “we did our due diligence. Look at the report, we implemented everything in it”
Why do firms offering penetration testing keep putting junk like this into their reports? Because their automated tools list them out and they’re getting paid to find issues. The more the better.
It’s insane and entirely about passing off risk.
> Even some government apps in the EU
The Dutch ID app got rid of all trackers and such requirements last year, but they didn't go the full length and made an F-droid repo (or a government store or sth).
Google actively guiding developers to APIs like the Play Integrity API (which requires not only you register the phone with Google on a Google account, but also an untampered device, outdated or not.
I don't even root my devices, just using something like Lineage already gets you the basic-integrity Max. Not enough for many banking apps.
There was a time when we did call it spying. Programs that had what we would now call telemetry used to be called spyware.
The term has fallen by the wayside and hardly ever gets used nowadays.
We just call it "apps" now.
That's a very good observation
It's the security of the ecosystem, where the interests of app vendors are fundamental: content distributors can count on enforcing DRM, and banks are relying on the camera used for KYC actually being a camera and not a virtual device.
It's about keeping google's device secure *from* the user.
Just accept being spied on, it’s not as if there are genocidal billionaires out there.