Comment by jeroenhd
7 hours ago
App developers need to put effort into enabling these APIs so it's not like Google is actively blocking your favorite apps. Their makers are.
Like with reCAPTCHA, there are other services and libraries out there to detect root access and other things companies want to detect in their apps.
Sure, Google was betting that bureaucratic companies would enroll voluntarily and it worked.
> Like with reCAPTCHA, there are other services and libraries out there to detect root access and other things companies want to detect in their apps.
My opinion on this is that any method to check integrity, root access or if developer mode is enabled is a security vulnerability by itself, no such app should be able to know that.
> My opinion on this is that any method to check integrity, root access or if developer mode is enabled is a security vulnerability by itself, no such app should be able to know that.
I think knowledge of such information should be available to all apps, but I think apps should not be so annoyingly restrictive. There's absolutely no reason why games or generic apps need to act on any of this information.
I advised my mother to do her banking on her phone instead of laptop.
Hardware attestation kills privacy- yes. But it also works.
Mobile phones are ridiculously locked down compared to legacy platforms such as Windows.
Realistically, in which scenario this information can be useful? I can't think of anything, it should be removed.
It's been misused by banking app and games, I've never seen a legitimate use case.
6 replies →