Google said the inspiration for the original Web Integrity project was Android’s Play Integrity API, which already scans your phone for root privileges and denies access to things
That is just standard and a completely sensible security measure for preventing people from tampering with an application. It cannot replace proper, server-side security measures but is a big step. Especially for stuff like banking applications.
The problem with root is that banking applications and many others straight up actively try to detect it and refuse to work if you are rooted. Android is in the process of being completely locked down.
Last si rooted there were also workarounds, but they didn’t always work, relying on the workarounds being updated to fight ever more advanced detection methods. It was a cat and mouse chase.
What’s the workaround for apps detecting usb debuging or other user apps on your device? I’m not rooted, but use shizuku and WiFi adb for certain features on my android.
As someone who uses root (not at the moment but plans to) as I believe in owning my devices, fully, this is horrible. We still need to oppose this.
I know right? The article touches on this:
^^^ this should have never, ever been a thing!
That is just standard and a completely sensible security measure for preventing people from tampering with an application. It cannot replace proper, server-side security measures but is a big step. Especially for stuff like banking applications.
I never really understood that:
If I’m using my browser to do banking via the website, Having root privileges and tampering with the Browser running the applications is not an issue.
If i use the banking app, Having root privileges suddenly become a problem.
–> To me, it doesn’t look like the problem is technical, but that users are accepting things on mobile that they wouldn’t accept on a PC.
The problem with root is that banking applications and many others straight up actively try to detect it and refuse to work if you are rooted. Android is in the process of being completely locked down.
Not just root. Some even detect if you have usb debugging enabled and warn or refuse to work unless you turn that off.
I’ve had video games refuse to play because of that. Ridiculous.
They are just looking out for you
I suppose it’s anti-cheat
There are many workarounds. It never really is an issue anymore
Last si rooted there were also workarounds, but they didn’t always work, relying on the workarounds being updated to fight ever more advanced detection methods. It was a cat and mouse chase.
What’s the workaround for apps detecting usb debuging or other user apps on your device? I’m not rooted, but use shizuku and WiFi adb for certain features on my android.
The biggest continuing issue is NFCs, which will require people to accept that non-stock OSes are perfectly fine.
Switched to web browser…
These apps are fucking obnoxious.
Google wants you to pay for hardware but they get to control it because they can’t trust you lol
Yep, never have a root issue if you access a baking service via a browser.
And with apps like Hermit you can make a web page very app-like.