Won’t work sadly, if you install a custom OS your device will not be able to attest to it being original, and play integrity won’t pass (which would by extension include WEI). Not providing the results will be seen as just as bad as not passing. So as long as the vast majority of mobile users have it deployed you’re screwed.
You can think of it as requiring everyone to wear a cryptographic ID badge to do something as simple as going to the store to buy groceries. You can always not wear it, but you will be denied service just as someone who has a “made up” ID.
The evil exists at the silicon level where they cryptographic keys are hidden from the user.
Not to mention the fact that there’s still Android devices that have bootloaders that can’t “just be unlocked”. Looks like this is now changing but the Canadian model of the LG G6 couldn’t be rooted for a long time, and while I wouldn’t have bought it if it was up to me because of that, it wasn’t up to me because it was just a hand-me-down to replace a phone I had that was way older.
There are ways around Play Integrity and Safety Net and the like. To quote this blog post, “The problem with checking if the user is a god, is that the user is a god.”
Well not quite, you still cannot pass strong integrity, because it’s based on a hardware chain of trust.
I’m sure there will be vulnerable hardware out there, and groups which are able to extract the keys, so nothing changes from a security perspective, you still can’t fully trust the client to not scam you out of money or something.
But for forcing people to see ads, or discouraging the use of free software, adding vendor lock-in? You don’t even need special hardware to be annoying about it, SafetyNet in its bypassable form has already made mobile payments unreliable on non-Google Android so much that it doesn’t make sense to use them, because you could be denied service at random whenever the binary updates.
Strong attestation in play integrity is pretty much impossible to get around from an individual user’s perspective, and in the best case scenario would be bypassable with significant effort, likely involving you having to buy leaked keys on the black market.
Except you’re not forced to use the Play store if you’re using a non-Google fork of Android. So unless they’re locking out the entire OS if it doesn’t authenticate (which, if they do, that runs afoul of interoperability protections), you can still install APKs directly.
Also, if it’s at the silicon level, that’s not even in the OS, that’s in the device and Google is going to have to bet on device manufacturers (particularly Samsung, due to their market share) playing along. If Samsung in particular decides that Google is going too far (and they could, they have their own reputation to worry about and they’re also going to want to have control over the devices they make - control that Google could potentially deny them as they continue to tighten their grip), that’s game over. Google could try to push their own hardware but Samsung has too much market dominance in the mobile device hardware sector for Google to challenge like that.
They have already played along, all devices that have Google Play preinstalled have to pass this test.
But locking you out of installing software is not the point, it’s much more insidious than that. What will happen is that major services you rely on will want your device to present a cryptographic proof it’s running the original software, which can’t be spoofed. So for example your YouTube would only send you over the video stream if it knows that on the other side there’s an unmodified app running on an unmodified OS. Same thing goes for your bank. At some point you’re so locked out of essential services when running a custom OS that nobody will do it, because these days you almost need a phone to function in society.
The hardware doesn’t lock you out of your device, it lets remote servers present you with an ultimatum, if you don’t present the proof you’re out, if you do, that means you’re running the stock OS and thus can’t do anything.
Nope! The point is that the hardware is deployed, and strong attestation is available.
But for now, a lot of apps still rely on the old SafetyNet or weak integrity. So the clock is ticking, the more up to date devices running modern Android there are, the more likely these apps are to switch over to the new system and require hardware attestation, because why wouldn’t they once everyone is “ready” for it.
I’m not sure what you’re trying to argue against, what I’m trying to say is that the technology is very dangerous and must be banned, I’m with you on user control. But I won’t fall into a false sense of security about being able to bypass everything, because we don’t have control over low level hardware as we do with software, so these megacorps have the upper hand.
I’m not saying it wouldn’t be an issue, ideally this kind of stuff should be banned whether there’s a workaround or not, because the average user is still going to have to deal with. My point is that, well, if you build a 10 foot wall, someone’s going to make a 12 foot ladder to get over it.
The system relies on an encryption key stored on the device, right? That’s actually a really stupid idea if you don’t want people breaking that encryption. Someone’s eventually going to figure out how to access that. Even the Nintendo Switch, previously notorious for being a completely airtight system, has been jailbroken.
Won’t work sadly, if you install a custom OS your device will not be able to attest to it being original, and play integrity won’t pass (which would by extension include WEI). Not providing the results will be seen as just as bad as not passing. So as long as the vast majority of mobile users have it deployed you’re screwed.
You can think of it as requiring everyone to wear a cryptographic ID badge to do something as simple as going to the store to buy groceries. You can always not wear it, but you will be denied service just as someone who has a “made up” ID.
The evil exists at the silicon level where they cryptographic keys are hidden from the user.
Not to mention the fact that there’s still Android devices that have bootloaders that can’t “just be unlocked”. Looks like this is now changing but the Canadian model of the LG G6 couldn’t be rooted for a long time, and while I wouldn’t have bought it if it was up to me because of that, it wasn’t up to me because it was just a hand-me-down to replace a phone I had that was way older.
There are ways around Play Integrity and Safety Net and the like. To quote this blog post, “The problem with checking if the user is a god, is that the user is a god.”
https://liberda.nl/weblog/trust-no-client/
Well not quite, you still cannot pass strong integrity, because it’s based on a hardware chain of trust.
I’m sure there will be vulnerable hardware out there, and groups which are able to extract the keys, so nothing changes from a security perspective, you still can’t fully trust the client to not scam you out of money or something.
But for forcing people to see ads, or discouraging the use of free software, adding vendor lock-in? You don’t even need special hardware to be annoying about it, SafetyNet in its bypassable form has already made mobile payments unreliable on non-Google Android so much that it doesn’t make sense to use them, because you could be denied service at random whenever the binary updates.
Strong attestation in play integrity is pretty much impossible to get around from an individual user’s perspective, and in the best case scenario would be bypassable with significant effort, likely involving you having to buy leaked keys on the black market.
Except you’re not forced to use the Play store if you’re using a non-Google fork of Android. So unless they’re locking out the entire OS if it doesn’t authenticate (which, if they do, that runs afoul of interoperability protections), you can still install APKs directly.
Also, if it’s at the silicon level, that’s not even in the OS, that’s in the device and Google is going to have to bet on device manufacturers (particularly Samsung, due to their market share) playing along. If Samsung in particular decides that Google is going too far (and they could, they have their own reputation to worry about and they’re also going to want to have control over the devices they make - control that Google could potentially deny them as they continue to tighten their grip), that’s game over. Google could try to push their own hardware but Samsung has too much market dominance in the mobile device hardware sector for Google to challenge like that.
They have already played along, all devices that have Google Play preinstalled have to pass this test.
But locking you out of installing software is not the point, it’s much more insidious than that. What will happen is that major services you rely on will want your device to present a cryptographic proof it’s running the original software, which can’t be spoofed. So for example your YouTube would only send you over the video stream if it knows that on the other side there’s an unmodified app running on an unmodified OS. Same thing goes for your bank. At some point you’re so locked out of essential services when running a custom OS that nobody will do it, because these days you almost need a phone to function in society.
The hardware doesn’t lock you out of your device, it lets remote servers present you with an ultimatum, if you don’t present the proof you’re out, if you do, that means you’re running the stock OS and thus can’t do anything.
So, in other words, I’ve been halucinating the fact that these services work perfectly fine on my Omnirom-patched OnePlus 7 Pro?
Nope! The point is that the hardware is deployed, and strong attestation is available.
But for now, a lot of apps still rely on the old SafetyNet or weak integrity. So the clock is ticking, the more up to date devices running modern Android there are, the more likely these apps are to switch over to the new system and require hardware attestation, because why wouldn’t they once everyone is “ready” for it.
I’m not sure what you’re trying to argue against, what I’m trying to say is that the technology is very dangerous and must be banned, I’m with you on user control. But I won’t fall into a false sense of security about being able to bypass everything, because we don’t have control over low level hardware as we do with software, so these megacorps have the upper hand.
I’m not saying it wouldn’t be an issue, ideally this kind of stuff should be banned whether there’s a workaround or not, because the average user is still going to have to deal with. My point is that, well, if you build a 10 foot wall, someone’s going to make a 12 foot ladder to get over it.
The system relies on an encryption key stored on the device, right? That’s actually a really stupid idea if you don’t want people breaking that encryption. Someone’s eventually going to figure out how to access that. Even the Nintendo Switch, previously notorious for being a completely airtight system, has been jailbroken.