• Keith@lemm.ee
    link
    fedilink
    English
    arrow-up
    64
    ·
    1 year ago

    As someone who uses root (not at the moment but plans to) as I believe in owning my devices, fully, this is horrible. We still need to oppose this.

    • LiveLM@lemmy.zip
      link
      fedilink
      English
      arrow-up
      44
      ·
      edit-2
      1 year ago

      I know right? The article touches on this:

      Google said the inspiration for the original Web Integrity project was Android’s Play Integrity API, which already scans your phone for root privileges and denies access to things

      ^^^ this should have never, ever been a thing!

      • 0xD@infosec.pub
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        That is just standard and a completely sensible security measure for preventing people from tampering with an application. It cannot replace proper, server-side security measures but is a big step. Especially for stuff like banking applications.

        • BaldDude@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          9
          ·
          edit-2
          1 year ago

          I never really understood that:

          If I’m using my browser to do banking via the website, Having root privileges and tampering with the Browser running the applications is not an issue.

          If i use the banking app, Having root privileges suddenly become a problem.

          –> To me, it doesn’t look like the problem is technical, but that users are accepting things on mobile that they wouldn’t accept on a PC.

    • SkyeStarfall
      link
      fedilink
      English
      arrow-up
      20
      ·
      1 year ago

      The problem with root is that banking applications and many others straight up actively try to detect it and refuse to work if you are rooted. Android is in the process of being completely locked down.

      • limerod@reddthat.comM
        link
        fedilink
        English
        arrow-up
        19
        ·
        1 year ago

        Not just root. Some even detect if you have usb debugging enabled and warn or refuse to work unless you turn that off.

        • SkyeStarfall
          link
          fedilink
          English
          arrow-up
          3
          ·
          edit-2
          1 year ago

          Last I rooted there were also workarounds, but they didn’t always work, relying on the workarounds being updated to fight ever more advanced detection methods. It was a cat and mouse chase. And I need to be able to send money reliably, unfortunately.

          • glorious_puffy@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Apps I use work fine with vanilla magisk. If there are apps detecting root even after enabling zygisk, use magisk delta and enable magisk hide

        • limerod@reddthat.comM
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          What’s the workaround for apps detecting usb debuging or other user apps on your device? I’m not rooted, but use shizuku and WiFi adb for certain features on my android.

        • Pips@lemmy.sdf.org
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          The biggest continuing issue is NFCs, which will require people to accept that non-stock OSes are perfectly fine.