← Back to context

Comment by realusername

10 hours ago

Integrity doesn't guarantee any security to your device, just that the device is same as from the factory. That's a common misconception.

9 comments

realusername

Reply
jeroenhd  9 hours ago

"strong integrity" also takes into account if a security update has been installed recently enough. I don't believe hardware integrity spoofing has been accomplished on Android yet. Software integrity and compatibility with old hardware has been used to spoof device IDs and pretend a phone doesn't have the ability to do hardware attestation.

It's technically possible to exploit a kernel and get root access on a running device, of course, but the persistent root that is used most often will be detected by hardware integrity mechanisms. Exploit based root might be as well if it makes itself detectable enough.

  • Terr_  8 hours ago

    > if a security update has been installed recently enough

    In turn, this enables any tyrannical or anti-competitive demand which can be implemented in software, such as "user is not on the blasphemer list" or "all communications are being CC'ed to the Ministry of Truth."

  • realusername  8 hours ago

    > "strong integrity" also takes into account if a security update has been installed recently enough.

    My Galaxy S10, last update in 2023 passes strong integrity.

    With the little amount of security updates most Android devices have, I'm pretty sure you can find an exploit for pretty much everything except the most expensive flagships.

    What does integrity really means when nobody really knows what's in the device and with a terrible software update policy anyways.

    • jeroenhd  7 hours ago

      The exact requirements for security updates depends on the Android version you're running and the one your device came with. From the docs:

              MEETS_STRONG_INTEGRITY
        
        The app is running on a genuine and certified Android device with a recent security update.
        
        On Android 13 and higher, the MEETS_STRONG_INTEGRITY verdict requires MEETS_DEVICE_INTEGRITY and security updates in the last year for all partitions of the device, including an Android OS partition patch and a vendor partition patch.
        On Android 12 and lower, the MEETS_STRONG_INTEGRITY verdict only requires hardware-backed proof of boot integrity and does not require the device to have a recent security update. Therefore, when using the MEETS_STRONG_INTEGRITY, it is recommended to also take into account the Android SDK version in the deviceAttributes field.
        
        A single device will return multiple device labels in the device integrity verdict if each of the label's criteria is met.

      The S10 should be on Android 13, so it should not pass STRONG_INTEGRITY. If it does, perhaps it's possible Google updated the docs early in anticipation of a change? The software update requirement wasn't always there.

      4 replies →

  • charcircuit  7 hours ago

    >I don't believe hardware integrity spoofing has been accomplished on Android yet.

    It has, but extracted keys aren't free.