zlacker

[parent] [thread] 3 comments
1. zb3+(OP)[view] [source] 2023-07-25 12:31:47
Google is abusing trusted computing. While I can understand that some banks prefer the payment processing code to be run on devices which are locked down, currently such Android devices contain Google adware and spyware, which is definitelly not necessary for a trusted device to be used for payments.

Google should be split so that the interests of Google'd not taint Android and Chrome.

replies(2): >>realus+f7 >>accoun+1c
2. realus+f7[view] [source] 2023-07-25 13:17:12
>>zb3+(OP)
> currently such Android devices contain Google adware and spyware, which is definitelly not necessary for a trusted device to be used for payments.

That's exactly the thing, this integrity api only means the deviced is controlled, not secure, that's two very different things. You can have a phone riddled with pre-installed malware passing the safety net and you can have EOS, the cleanest rom that I know about which can fail it.

3. accoun+1c[view] [source] 2023-07-25 13:39:46
>>zb3+(OP)
Abusing trusted computing? The whole concept is about NOT trusting the user and giving control to third parties instead.
replies(1): >>zb3+bt
◧◩
4. zb3+bt[view] [source] [discussion] 2023-07-25 14:49:31
>>accoun+1c
Yeah, but while you could think of trusted computing like "the author of the code has control" - and I'd not see a big issue with payment apps being tamper-resistant, I do see a GIANT issue with Google instering their bloatware in the middle..
[go to top]