- cross-posted to:
- curiocollection@wayfarershaven.eu
- cross-posted to:
- curiocollection@wayfarershaven.eu
This video as a text article: https://blog.nicco.love/google-drms-the-web/
This video as a text article: https://blog.nicco.love/google-drms-the-web/
The same host could fake the payload to the attestation server. Cat and mouse game with security through obscurity.
If you are on android or ios the phone already cryptografically verifies that the operating system has not been tampered with on a hardware level. Since the operating system is then “trusted” it can verify anything you do on it
Doesn’t work. It’s possible to let many banking apps think they are running on a normal device although it is rooted.
Yup Play attestation is dead, even the new and shiny “secure” one is bypassed. It’s now just a hinderence.