zlacker

[parent] [thread] 2 comments
1. tadfis+(OP)[view] [source] 2022-07-26 19:53:23
This is already a problem with SafetyNet hardware attestation on Android. Because it's so easy to implement on the app side, everything from banking apps to games is verifying the device is running a blessed system image with a locked bootloader and no root access (read: no access to general-purpose computing).

As a developer of a banking app, I do my best to avoid implementing this user-hostile crap, but not all developers are empowered to say "no" to this requirement and not all care. There is zero benefit to the user to block them from using your services, and I would argue the net benefit is negative to the service. Users aren't hacked via privilege escalation exploits, they are hacked by phishing, and they can be phished on a SafetyNet-compliant device just fine.

replies(2): >>toasta+gL1 >>tuetuo+9H2
2. toasta+gL1[view] [source] 2022-07-27 12:59:44
>>tadfis+(OP)
I really appreciate knowing some devs are out there defending us from the banking app madness. I'd encourage you, given your position, to write a blog post about why device ownership is important and your experiences on how others should consider operating.
3. tuetuo+9H2[view] [source] 2022-07-27 17:28:08
>>tadfis+(OP)
I never knew SafetyNet was a thing, and wow, what a bullcrap thing for the basic consumer.

Thank you for being a smart banking app developer. There is so much bullshit in most of those apps that I consider them as "worst apps on my phone", but due to management incompetence rather than developer incompetence.

[go to top]