|
|
|
|
|
|
by mike_hearn
844 days ago
|
|
|
Because: a. Being rooted or in other abnormal device states is (perceived to be?) associated with fraud against the service provider. That's because it's hard to tell the difference between a device in which only the legit user has control, and one that's been remotely rooted by malware (in theory this can be done by using remote attestation but this requires a non-rootable supervisor layer to do that protocol, so you end up going around in circles as root is then not really root). b. Users not having root means the service provider can (to some extent) reason about how the app will behave regardless of user wishes, which makes it easier to suppress abuse. As Google explain clearly in the article, this is done as an anti-spam measure. If the user doesn't have root then the OS can block automation of the app, protect signing keys, do remote attestations etc and that makes spamming much harder (you can't emulate the protocol). If the user has root then they can just inject code into the RCS app's address space and control it directly. Consider also why games consoles don't give you root. It's because gaming is a two or three or even four sided transaction (gamer, game developer, console developer who sells at a loss and makes it up on licensing fees, other gamers on multiplayer). If you privilege one party over all the others then the ecosystem fails, so every successful platform exercises tight control over the purchaser of the hardware to ensure the other parties involved have their needs also respected. |
|
|