zlacker

[return to "Unpacking Google’s Web Environment Integrity specification"]
1. rcxdud+5F1[view] [source] 2023-07-26 18:15:12
>>dagurp+(OP)
This is especially rich coming from google's, who's 'safetynet' for android results in a significant reduction in security (contrary to its stated purpose): it locks out 3rd-party up-to-date and secure ROMs while allowing horrificly insecure manufacturer-provided ROMs to still pass, because to disable those would cause a massive user outcry. So it functions as a vendor lock-in but no meaningful increase in security for the average user, while preventing more advanced users from improving their security without needing to buy more hardware. This needs to be called out more to push back against the claim that this kind of attestation somehow has a legitimate benefit for the users.
◧◩
2. lern_t+u82[view] [source] 2023-07-26 20:07:38
>>rcxdud+5F1
You're using it wrong. SafetyNet is able to assert that the build the device asserts is what it claims. After you know that, it's up to you to decide whether you trust communications from that build or not. If it's a known-insecure build, you can say that you don't. SafetyNet cannot assert that a third party ROM is what it claims to be, so you have to decide whether you trust communications from that device or not based on not knowing at all what build is on the device.
◧◩◪
3. wmf+H92[view] [source] 2023-07-26 20:12:04
>>lern_t+u82
Does anyone use SafetyNet "right"? I assume not due to the user outcry issue.
◧◩◪◨
4. lern_t+Eb2[view] [source] 2023-07-26 20:19:41
>>wmf+H92
Most (all?) corporate endpoint security systems use it right in my experience. Even when using it right, you would have to block third party builds and cause outcry. You would additionally block some builds that SafetyNet (or Play Integrity) attests.
◧◩◪◨⬒
5. franga+lq2[view] [source] 2023-07-26 21:24:21
>>lern_t+Eb2
> Even when using it right, you would have to block third party builds

Unless you have an obvious and accessible way of getting secure third party builds whitelisted, this is still a very anti-user approach, which is not justifiable unless the user of the device isn't its owner (like with company-owned work phones).

◧◩◪◨⬒⬓
6. lern_t+bv2[view] [source] 2023-07-26 21:47:02
>>franga+lq2
That's up to the service to decide on the appropriate level of security risk in whether they allow unknown builds. They already don't allow custom builds on any other mobile OS, so this is really the best you can get as a user. What is your proposed solution?
◧◩◪◨⬒⬓⬔
7. Dylan1+nn3[view] [source] 2023-07-27 04:28:38
>>lern_t+bv2
> What is your proposed solution?

Ban attestation methods that owners can't control.

◧◩◪◨⬒⬓⬔⧯
8. hoffs+kd4[view] [source] 2023-07-27 11:55:23
>>Dylan1+nn3
What does that even mean? It sounds like your proposal makes attestation pointless since owner can attest in whatever way they want.
◧◩◪◨⬒⬓⬔⧯▣
9. Dylan1+J36[view] [source] 2023-07-27 19:55:20
>>hoffs+kd4
It only makes it pointless for DRM purposes.

If a company wants control over devices they own, that's still fine.

[go to top]