Comment by why_at
16 hours ago
>Only a tiny amount of apps force you into hardware attestation
Luckily this is still true, but I'm not confident that it will stay this way. For a few examples, I've been unable to use my phone as a metro card in my city because even though it goes through the metro's app, the app redirects back to google pay. Google's own Waymo app won't work without stock OS even though all it does is call robotaxis.
>these are mostly around banking, mobile payments and the like. So just use a separate, locked down device for those
I don't think this is a very reasonable suggestion, carrying around a second phone that I use at most a couple of times a day is inconvenient and expensive. Half of the point of these is convenience and this would defeat the purpose.
The broader point is that our standards for phones are so different from everything else. I also carry around a credit card which requires no authorization to use, not to mention cash. I can have just as much personal data on my laptop if not more, so why does it have to be this way just for phones?
A smart phone's primary function is to initiate and receive phone calls, or arguably 1/3 of it's primary function if the metric is the Jobs iPhone launch presentation, however since "smart phone" and "iPhone" have "phone" in their names I'm going to argue its their primary function.
People have come to expect that phones nearly always work, and rely on them for critical communication with loved ones, services like emergency services. When these aren't dependable you don't have a phone but instead a toy.
The case made two decades ago is that running arbitrary software on a phone incurs a risk that malware can compromise the device and alter its dependability. _General purpose computers don't have this historical burden._ Phone and mobile OS makers sell their products with their purposeful limitations made fairly clear. You want a mobile device with different capabilities then seek out am alternate device, it's kinda obvious.
There's always communities of people who attempt to repurpose the products they own for purposes the weren't originally intended, and I would like to see that laws that make that hobby more legitimate and legal. I would love to see 3rd parties able to support these hobbyists, that would be great. But Apple, Google with their hardware partners have no obligation to do so, and justifiable positions for making repurposing non-trivial to do.
Be sure to give apps that behave that way one-star reviews.
I just tested Waymo and my usual solution of Magisk Play Integrity Fix was insufficient, suggesting hardware-backed attestation. This is the kind of crap Microsoft was doing that inspired Google to put "don't be evil" in its mission statement. We all know how that went.
> Be sure to give apps that behave that way one-star reviews.
You have to have a google account to give a one-star review on the app store run by Google. You're still buying into their ecosystem.
If your goal is to boycott Google, you're probably not trying to use Waymo. My suggestion was only about punishing the use of remote attestation in the small way most of us can.
I was able to get Waymo to work on GrapheneOS, but it took some doing, and relies on the GrapheneOS developers hacking around the official Google Play services in some way. Waymo definitely made it more difficult than it needs to be to run this on something other than ordinary Android, and it's unclear if they did so in order to make themselves more money, or simply because doing things the official Google Android way is easier for them and they aren't even thinking about people who are trying to have a less-restricted smartphone OS.
> carrying around a second phone that I use at most a couple of times a day is inconvenient
Guess it depends on the person. As somebody who carries around all sorts of shit all the time, a slim, extra phone is peanuts