- cross-posted to:
- programming@programming.dev
- cross-posted to:
- programming@programming.dev
I’m happy to see this being noticed more and more. Google wants to destroy the open web, so it’s a lot at stake.
Google basically says “Trust us”. What a joke.
I’m happy to see this being noticed more and more. Google wants to destroy the open web, so it’s a lot at stake.
Google basically says “Trust us”. What a joke.
It’s a bit worse than just Google libraries, apps can use Play Integrity which uses hardware attestation to validate it’s bootloader lock status and that it’s running a vendor signed and Google approved ROM.
Current bypasses emulate older devices without the necessary hardware, but those will eventually stop working and there won’t be bypasses unless someone leaks some master keys or finds TPM exploits to trick it into signing the integrity request. It’s very bad.
Yes, but they’re two separate issues. Many apps that don’t care whether you have root or a third-party Android build use Google’s libraries.
Patching apps is another workaround. It won’t beat server-side checks, but I think those are still fairly rare. ReVanced makes it easy to do, though I’m not sure there are patches related to SafetyNet yet.