| >Contradictory I disagree. You can have control in modifying your system, but the software just needs a way to prove that the security features it assumes are true. There could be a way for it to analyze the changes you made and decide whether or not it should trust your system. >"Tampered with" -- there's that language again. Owning my computer is not "tampering", it is freedom. It's someone else's software. You may own your computer, but you don't own the YouTube client. Google owns the YouTube client. Tampering with Google's client is tampering. >"Integrity" checks? Rooting my phone does not violate its "integrity". If anything it restores it. No, it does not. One part of Android's security model is that app's have storage that only they can access. Take for example a 2FA app which stores it's private key in this location. This makes it so that you must physically have your phone in order to get a 2FA code. This is the "something you have" part of 2FA. Rooting your phone violates the integrity of the system because now someone can just become root and steal the private key. Now they can generate 2FA codes without physically having the device with them. It then becomes another "something you know." >My phone's gotta come out of the factory pwned at the hardware level for your "guarantees" to be worth anything. These are security features. Your phone is less secure without them. It's not pwned. >An app "wanting" anything is invasion enough. Everyone wants something. Every business transaction includes both parties wanting something from the other. |