Hacker News new | ask | show | jobs
by thedriver 1219 days ago
>With hardware remote attestation there will no longer be any point in even owning an android phone anyway. Android is obviously inferior to iOS in every way but the whole point was you could have control over the machine and do whatever you wanted. Now apps will be able to verify that you "tampered" with the phone and will refuse to run, and since it's hardware cryptography it cannot be faked without massive effort. Might as well get an iPhone which at least isn't a shitty Google product.

Wait a minute, will something like this really come to Android phones? I guess that installing a custom rom will become impossible at the same time?

If this happens, then there truly isn't going to be much point in using an Android phone over an iPhone
3 comments
matheusmoreira 1219 days ago
Google SafetyNet can be used to attest that the device has not been modified or "tampered" with. Basically Google cryptographically proves it owns your phone and has control over what you do with it. You can fake the software attestation right now with stuff like Magisk but once it moves to hardware attestation it's over. You'll be able to install custom systems but what's the point if they can't run the apps you want or need?

Why wouldn't an app require this? Banks want it because "fraud", streaming services want it because "piracy"... You can come up with pretty much any reason for any "rightsholders" to want control over our computers. If WhatsApp starts requiring this, it's either accept Google control or my phone turns into a paperweight.

link
boring_twenties 1219 days ago
It won't become impossible to install a custom rom, it will simply become impossible to use many if not most popular apps.

Android already provides a mechanism for apps to refuse to run on modified devices, it's called SafetyNet and is widely used for example by banking apps. Currently, it's usually possible to trick it, but with hardware attestation it will become practically impossible.

link
jqpabc123 1219 days ago
Yes, some banking apps do this.

The simple solution --- install the bank's web site as an app.

Go to the site, click the browser menu button (3 dots on Android or up arrow on iOS) and select "Add to Home Screen". You now have a link icon on your phone that looks and acts just like any other app.

Some banks (Chase for example) offer a "Progress Web App" which removes the browser interface elements so the causal observer can't even tell it's not a native app.

https://www.howtogeek.com/342121/what-are-progressive-web-ap...

link
boring_twenties 1219 days ago
I am able to use Chase's app on my LineageOS + Magisk rooted device. The annoying part is that they seem to disable fingerprint login, so now I have to copy/paste the password every time.
link
cuteboy19 1218 days ago
Surely bitwarden can help
link
jqpabc123 1219 days ago
Wait a minute, will something like this really come to Android phones?

Google has been doing this for quite some time to prevent unlocked devices from accessing the Play Store. The solution is to avoid Google Play --- along with all other Googly things.

link
charcircuit 1218 days ago
This is a security feature and the play store doesn't require it AFAIK. Apps can choose to use it as a signal on whether a client is secure. Unlocked devices are insecure because an attacker can flash a malicious image and steal all of your sensitive data such as an authentication token for your bank account.

If your solution is to just be less secure go ahead, but don't complain when services don't want to serve you or treat you different since you are less secure than the other users.

link
matheusmoreira 1218 days ago
Yeah, sure. An "optional security feature".

> don't complain when services don't want to serve you or treat you different since you are less secure than the other users

Hell no. They should not be allowed to discriminate against me just because I chose to own my system. They should not even be able to figure out what software I'm running, to say nothing of "treating me different".

"Don't want to serve us" unless we let them invade and own our machines? Please. This should be illegal.

link
charcircuit 1218 days ago
>They should not be allowed to discriminate against me just because I chose to own my system.

App developers don't care if you own your system. They just want a way to prove that the device their app is running on is secure and that the client has not been modified. If there was a way for you to prove that to them they wouldn't mind.

>They should not even be able to figure out what software I'm running, to say nothing of "treating me different".

They just want to know that the client has not been tampered with so that they know you are not going to shall user's tokens, scrape people's information, or mondo automated actions as a bot. A signal that you are using the vanilla client makes you much more trust worthy to a service.

>"Don't want to serve us" unless we let them invade and own our machines?

Apps aren't invading your machine. They just want some guarantees about the environment they are operating in. The information that they get from you is the package's name, certificate, version, whether it's from the play store, whether your device passes integrity checks, and whether the app is properly licensed.

link
matheusmoreira 1218 days ago
> App developers don't care if you own your system.

> They just want a way to prove that the device their app is running on is secure and that the client has not been modified.

Contradictory. If I own the system, I can obviously modify it and everything running on it. Including your app. Therefore what they want is proof that I don't own the system.

> They just want to know that the client has not been tampered with

"Tampered with" -- there's that language again. Owning my computer is not "tampering", it is freedom.

> They just want some guarantees about the environment they are operating in.

Who cares what they want? It's my machine, I decide what they get. If they get anything at all. If I want them to believe they are running on a clean environment, that's what they should believe.

> The information that they get from you is the package's name, certificate, version, whether it's from the play store, whether your device passes integrity checks, and whether the app is properly licensed.

"Integrity" checks? Rooting my phone does not violate its "integrity". If anything it restores it.

Certificates? Store? Licensing checks? Look at all this crap that must be installed on "my" system just to give you your "guarantees". My phone's gotta come out of the factory pwned at the hardware level for your "guarantees" to be worth anything. It has to come with a full root of trust from the firmware to the bootloader to the operating system to each individual app just to prevent my "tampering". But you're seriously claiming apps aren't invading our machines.

An app "wanting" anything is invasion enough.

link
charcircuit 1218 days ago
>Contradictory

I disagree. You can have control in modifying your system, but the software just needs a way to prove that the security features it assumes are true. There could be a way for it to analyze the changes you made and decide whether or not it should trust your system.

>"Tampered with" -- there's that language again. Owning my computer is not "tampering", it is freedom.

It's someone else's software. You may own your computer, but you don't own the YouTube client. Google owns the YouTube client. Tampering with Google's client is tampering.

>"Integrity" checks? Rooting my phone does not violate its "integrity". If anything it restores it.

No, it does not. One part of Android's security model is that app's have storage that only they can access. Take for example a 2FA app which stores it's private key in this location. This makes it so that you must physically have your phone in order to get a 2FA code. This is the "something you have" part of 2FA. Rooting your phone violates the integrity of the system because now someone can just become root and steal the private key. Now they can generate 2FA codes without physically having the device with them. It then becomes another "something you know."

>My phone's gotta come out of the factory pwned at the hardware level for your "guarantees" to be worth anything.

These are security features. Your phone is less secure without them. It's not pwned.

>An app "wanting" anything is invasion enough.

Everyone wants something. Every business transaction includes both parties wanting something from the other.

link