this post was submitted on 07 Nov 2023
231 points (97.5% liked)

Android

17392 readers
312 users here now

The new home of /r/Android on Lemmy and the Fediverse!

Android news, reviews, tips, and discussions about rooting, tutorials, and apps.

🔗Universal Link: !android@lemdro.id

💡Content Philosophy:

Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it's in violation of the rules.

Support, technical, or app related questions belong in: !askandroid@lemdro.id

For fresh communities, lemmy apps, and instance updates: !lemdroid@lemdro.id

💬Matrix Chat

💬Telegram channels / chats

📰Our communities below

Rules

  1. Stay on topic: All posts should be related to the Android OS or ecosystem.

  2. No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to !askandroid@lemdro.id.

  3. Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to !androidmemes@lemdro.id.

  4. No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.

  5. No reposts or rehosted content: Share only the original source of an article, unless it's not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.

  6. No editorializing titles: You can add the author or website's name if helpful, but keep article titles unchanged.

  7. No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.

  8. No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.

  9. No offensive or low-effort content: Don't post offensive or unhelpful content. Keep it civil and friendly!

  10. No affiliate links: Posting affiliate links is not allowed.

Quick Links

Our Communities

Lemmy App List

Chat and More

founded 1 year ago
MODERATORS
ijeff@lemdro.id
ladfrombrad@lemdro.id
Paradox@lemdro.id
multimoon@lemdro.id
inspector@gadgetro.id
mikestevens@lemdro.id
Devgard@lemmy.world
limerod@reddthat.com
Netrunner@lemdro.id
231
Google’s “Web Integrity” Android API could kill “alternative” media clients (arstechnica.com)
submitted 10 months ago by ijeff@lemdro.id to c/android@lemdro.id
45 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] kzhe@lemm.ee 63 points 10 months ago (2 children)

As someone who uses root (not at the moment but plans to) as I believe in owning my devices, fully, this is horrible. We still need to oppose this.

[–] LiveLM@lemmy.zip 44 points 10 months ago* (last edited 10 months ago) (1 children)

I know right? The article touches on this:

Google said the inspiration for the original Web Integrity project was Android's Play Integrity API, which already scans your phone for root privileges and denies access to things

^^^ this should have never, ever been a thing!

[–] 0xD@infosec.pub -4 points 10 months ago (1 children)

That is just standard and a completely sensible security measure for preventing people from tampering with an application. It cannot replace proper, server-side security measures but is a big step. Especially for stuff like banking applications.

[–] BaldDude@sh.itjust.works 9 points 10 months ago* (last edited 10 months ago)

I never really understood that:

If I'm using my browser to do banking via the website, Having root privileges and tampering with the Browser running the applications is not an issue.

If i use the banking app, Having root privileges suddenly become a problem.

--> To me, it doesn't look like the problem is technical, but that users are accepting things on mobile that they wouldn't accept on a PC.

[–] SkyeStarfall@lemmy.blahaj.zone 21 points 10 months ago (3 children)

The problem with root is that banking applications and many others straight up actively try to detect it and refuse to work if you are rooted. Android is in the process of being completely locked down.

[–] limerod@reddthat.com 20 points 10 months ago (1 children)

Not just root. Some even detect if you have usb debugging enabled and warn or refuse to work unless you turn that off.

[–] wccrawford@lemmy.world 11 points 10 months ago (1 children)

I've had video games refuse to play because of that. Ridiculous.

[–] sadreality@kbin.social 2 points 10 months ago (1 children)

They are just looking out for you

[–] kzhe@lemm.ee 3 points 10 months ago

I suppose it's anti-cheat

[–] glorious_puffy@lemmy.world 7 points 10 months ago (3 children)

There are many workarounds. It never really is an issue anymore

[–] limerod@reddthat.com 3 points 10 months ago (1 children)

What's the workaround for apps detecting usb debuging or other user apps on your device? I'm not rooted, but use shizuku and WiFi adb for certain features on my android.

[–] glorious_puffy@lemmy.world 2 points 10 months ago

Was not aware that some apps detect USB debugging and deny access

[–] SkyeStarfall@lemmy.blahaj.zone 3 points 10 months ago* (last edited 10 months ago) (1 children)

Last si rooted there were also workarounds, but they didn't always work, relying on the workarounds being updated to fight ever more advanced detection methods. It was a cat and mouse chase.

[–] glorious_puffy@lemmy.world 1 points 10 months ago

Apps I use work fine with vanilla magisk. If there are apps detecting root even after enabling zygisk, use magisk delta and enable magisk hide

[–] Pips@lemmy.sdf.org 1 points 10 months ago

The biggest continuing issue is NFCs, which will require people to accept that non-stock OSes are perfectly fine.

[–] sadreality@kbin.social 5 points 10 months ago (1 children)

Switched to web browser...

These apps are fucking obnoxious.

Google wants you to pay for hardware but they get to control it because they can't trust you lol

[–] BearOfaTime@lemm.ee 2 points 10 months ago

Yep, never have a root issue if you access a baking service via a browser.

And with apps like Hermit you can make a web page very app-like.