Comment by throawayonthe
1 day ago
(at least on pixels and apparently this future motorolla,) it can be re-locked, so it passes the integrity check; however there is an additional layer that needs google signing keys, which of course means you can't pass that one if you can't ship the keys
funnily enough my banking app works but the mcdonalds app doesn't, lol
Mcdonalds decided it's "unsafe" to run their app in private space of Android. In literally the most locked down part :) Marketing must have gotten a nice bonus for that mental effort.
I can run banking apps like that, corporate apps like that, but I can't show a QR code to order happy meal.
You can't even use the McDonald's app if you have an overlay. I use KineStop and in the car I'm already choosing what to order and I can't click anything until I turn off KineStop...
In comparison the Burger King app works without problems and is very fast.
I've read about a few incidents where people could order for free or below cost so I'm not surprised their app developers are a little paranoid.
Could be related.
It was likely their management doing random shit to fix it. Instead of fixing real problem, which was bogus campaign rules. Reddit was full of people abusing their app discounts and ordering insane amount of food for free. It was well described.
None of that was due to app security holes. It was an issue in their promotional campaign. It was still working after those "secure" app limitations appeared.
if you can order for free or below cost doing anything in the app, you are not paranoid, you are directly stupid, is like being able to modify the shopping cart total in the browser and the server accepting that as the correct price. Everything should be server side validated where you have the full control of it.
1 reply →
[dead]
So you can send a remittance for $1m but not order fries. It believes that health is wealth.