zlacker

>>screen+(OP)
AKA: The shadow war on bot traffic continues humming along.

>>Klonoa+Mc
Bot traffic? Anyone using Linux will get blocked because "they can't be trusted". Only people running an "approved" operating system from a billion dollar corporation will be allowed to access.

This is already what is happening with SafetyNet on Android. For now most applications don't require hardware attestation so you can pass by spoofing an old device that didn't support hardware attestation but I'm sure that will change within a decade.

>>kevinc+xf
You don't have to be a billion dollar corporation to become Play Protect certified.

Being able to trust the security of a client can protect against many attacks and it is up to web sites to evaluate what to do with into information that a client is proven to be secure.

>>charci+Ph
Play Protect is different from SafetyNet.

SafetyNet means the app checks to make sure you're not rooted or running a custom ROM because those are considered a security risk. If you are not running a locked-down OEM ROM, you can't run many apps including banking apps.

Microsoft's Pluton on-CPU attestation technology means this is coming to PCs.

>>bitwiz+ll
I am talking about "Play Protect certification." SafetyNet is deprectaed and has been replaced with the Play Integrity API.

>means the app checks to make sure you're not rooted or running a custom ROM

The purpose is to be able to tell if the user is running a version of the app is from the play store or to be able to tell if the device's integrity isn't compromised meaning that it can not rely on the security guarantees the OS provides. Banking apps are not against people using custom ROMs. They just want to ensure they are running on a secure operating system.