zlacker

[parent] [thread] 2 comments
1. homebr+(OP)[view] [source] 2025-07-25 08:06:15
It doesn't work for everything; one of the banks I'm forced to use checks for how it was installed, and Android for some incomprehensible reason is happy to report that to any application that asks (along with lots of other information like bootloader status and developer mode — you really have fewer rights to 'your' device than random applications).

After opening the application, it complains about being installed through an "insecure method", and bails. Reinstalling through Google Play magically fixes that.

These "security checks" are spreading like measles, so expect to see this sooner or later.

replies(1): >>mschus+R9
2. mschus+R9[view] [source] 2025-07-25 09:55:39
>>homebr+(OP)
> one of the banks I'm forced to use checks for how it was installed, and Android for some incomprehensible reason is happy to report that to any application that asks

That's because apps that aren't published just on the Play Store but also on other stores or for direct sideloads (for users running Huawei for example which doesn't have Play Store) need to be able to detect the installation method to do updates on their own if there is no backing store.

replies(1): >>const_+aA
◧◩
3. const_+aA[view] [source] [discussion] 2025-07-25 13:45:48
>>mschus+R9
The use case makes some amount of sense, but I think once an API becomes predominantly used for fingerprinting and the real use case becomes a side effect you should just nuke the API.

It's the responsible thing to do. Apple has done it a few times.

[go to top]