Comment by steelframe
7 hours ago
Volkswagon has no jurisdiction over how I manage my fob, which is the client for the vehicle's unlock and start API. Once you hand a bearer token to me that governs full access to the vehicle, including the accelerator and steering wheel, it's not your job to babysit whether I chose to use it while drunk or hand it over to someone else.
So you don't have a VW employee coming by your house in the evening to check if the key fob is still in you possession? Sometimes he even does a testdrive to make sure it still works with the car.
Maybe I have to ask that guy some questions....
Except it is their job, that is why certain signals on the car are protected from manipulation. Any attempt to circumvent this and succeeding would require direct action from VW. If they cannot prove that they did everything possible to prevent that, then they are legally liable to the authorities.
Same way that banking apps don’t care if you could screw up your account anyway, they will ban rooted phones just to avoid the risk. Because when something happens, what do you think is more likely? That the customer accepts full responsibility for using a rooted device and says that’s on me? Or that they blame the bank for losing all their savings?
> If they cannot prove that they did everything possible to prevent that, then they are legally liable to the authorities.
Laws mostly don't work like that. The seller of gasoline doesn't have to prove they did everything possible to design the product to prevent anyone from using it for arson, nor should they because that's preposterous.
> Because when something happens, what do you think is more likely? That the customer accepts full responsibility for using a rooted device and says that’s on me? Or that they blame the bank for losing all their savings?
You're making the assumption that rooted phones are more likely to be compromised, but it's entirely the opposite. The stock software on phones regularly goes out of support and has known unpatched vulnerabilities (but will still pass Play Protect) and the only way to get a patched system on that device is to install a newer third party ROM. On top of that, GrapheneOS has better security than stock Android even for the same version.
Moreover, that has nothing to do with liability. When the user with the vendor-supplied firmware still gets pwned and has their account drained, they're still going to go to the bank looking to get their money back. All they've done by going out of their way to block third party firmware is to make that marginally more likely.