[ggktk]

I recently installed LineageOS on my phone, replacing the stock MIUI. I would probably return this phone if I had no other option than to use MIUI. I much prefer the "pure" Android experience.

For many essential and security critical apps to work, like bank apps or the McDonald's app you need to hide the fact you're using a modified system, because of SafetyNet.

This hiding/bypass works for now, because it tricks Google into thinking your device doesn't support hardware attestation, and fallbacking to Basic attestation, which is easier to bypass. Google can at any time flip the switch to require hardware attestation, and your apps will stop working, with no way around it, other than flashing back the stock ROM your device came with and locking the bootloader. At that point I will probably just buy a new phone.

[izacus]

Sure, but your LineageOS only works because Google is forcing manufacturers to pass CTS tests (which ensure that all Android devices are actually compatible with your apps).

If that disappears, you'll end up with apps that only work on Samsung Androids and your LineageOS will stop being compatible. We're essentially going back to horrorshow of SymbianOS, where different Symbian devices weren't compatible between themselves because the OEMs kept fscking up.

(Heck, in early Android versions Samsung tended to break core APIs all the time and caused a lot of churn on developer side to workaround their per-device fsckups. Having to import phones from half a world away so you could see why the video recorder hardcrashes when you call an API is NOT FUN.).

[grishka]

I remember how people were complaining loudly about my app crashing on Meizu phones. Those never passed the CTS, but that didn't stop the manufacturer from preinstalling play services on them. So we had to buy one and I had to decompile the system framework to find a way to work around their shitty modifications to standard UI components to prevent the app from crashing. Fun stuff.

[esperent]

I bought a Miui phone about a week ago. It's on miui 12.5 and it's the first time I've ever used this OS. I expected to hate it because of all the flack it gets. But honestly, it's fine. It's not that different from Android.

I did have to uninstall a load of bloatware using ADB and I added a custom launcher (Niagara).

[izacus]

MIUI is Android though - and it passes strict Google CTS tests so it stays (reasonably) compatible with software.

[baybal2]

At least one SafetyNet TZ applet has leaked few years ago

[NullPrefix]

>or the McDonald's app

Excuse me? McDonald's app considers itself security critical now?

[marcellus23]

I mean, you put your credit card into it, so yeah?

[grishka]

You also put your credit card into your web browser, and it can even store your cards (without the cvc) to autofill them for you.

[bee_rider]

The web browser is almost certainly security critical -- although maybe it is treated as a special exception because of user expectations.

[grishka]

Yes, but somehow, web browsers never check for "device integrity", and websites just blindly trust that the browser, or whatever it is on the other end, would do whatever it's told. They don't even have a reliable way of telling what kind of device or OS the user is accessing the website from. And everyone seems to be fine with that.

And that's how it should be with apps, too. And people need to be educated to never, ever be so trustful. You lost your savings to a scammer? Well, you'll be more diligent next time.

[kevingadd]

Yes, and this is a massive security vulnerability

[HelixEndeavor]

Anything that deals with your financial information usually has security.

[jmnicolas]

Probably because you can pay your meals with it.