zlacker

[parent] [thread] 6 comments
1. bitwiz+(OP)[view] [source] 2023-07-18 23:23:50
Play Protect is different from SafetyNet.

SafetyNet means the app checks to make sure you're not rooted or running a custom ROM because those are considered a security risk. If you are not running a locked-down OEM ROM, you can't run many apps including banking apps.

Microsoft's Pluton on-CPU attestation technology means this is coming to PCs.

replies(2): >>nine_k+Y1 >>charci+g4
2. nine_k+Y1[view] [source] 2023-07-18 23:41:13
>>bitwiz+(OP)
Having a dedicated, locked-down device to access banks or other high-stakes services could be a good, if more expensive, solution.

Keep it powered down when not needed for extra security.

Idealy, it could be smaller than a smartphone, and use smartphone's or laptop's hardware for UI and networking.

replies(1): >>kevinc+eu1
3. charci+g4[view] [source] 2023-07-19 00:00:33
>>bitwiz+(OP)
I am talking about "Play Protect certification." SafetyNet is deprectaed and has been replaced with the Play Integrity API.

>means the app checks to make sure you're not rooted or running a custom ROM

The purpose is to be able to tell if the user is running a version of the app is from the play store or to be able to tell if the device's integrity isn't compromised meaning that it can not rely on the security guarantees the OS provides. Banking apps are not against people using custom ROMs. They just want to ensure they are running on a secure operating system.

replies(1): >>Dylan1+6S3
◧◩
4. kevinc+eu1[view] [source] [discussion] 2023-07-19 13:33:10
>>nine_k+Y1
It could be good if it was my choice. But I actually want to be able to access my bank from my computer running open source software where I can modify configuration and apply patches.

I don't want to have to agree to Microsoft or Apple's ToS so that I can access my bank.

I do not look forward to trying to find a bank that doesn't require this of me because all of the major banks have jumped on board.

replies(1): >>charci+eA2
◧◩◪
5. charci+eA2[view] [source] [discussion] 2023-07-19 17:40:34
>>kevinc+eu1
>It could be good if it was my choice.

Usually banks don't let you disable antifraud protections. They prefer to make their business and the banking system more secure by reducing the rate of fraud. Fraud is expensive for them to deal with so it doesn't really make financial sense to let customers say that they are okay with having more fraud happen using their account.

replies(1): >>Dylan1+mR3
◧◩◪◨
6. Dylan1+mR3[view] [source] [discussion] 2023-07-19 23:51:30
>>charci+eA2
You can always surveil more. Banks should not have the option to decrease privacy over and over for tiny little impacts on fraud.
◧◩
7. Dylan1+6S3[view] [source] [discussion] 2023-07-19 23:57:20
>>charci+g4
I care about the real effect more than the (main) purpose.

And that effect is against custom ROMs and other kinds of user control.

[go to top]