zlacker

It is not so simple!

Play Integrity's highest level of attestation features requires devices to be running a security update which is within a sliding window of 1 year.

LOTS of Android devices have not released a security update in many many years. This forces users to unnecessarily upgrade to higher end OEMs.

Google is effectively pushing out Xiaomi, Huawei, and many others that offer excellent budget options. Google is not just offering you the comfort of not having to fill out CAPTCHAs on your phone, most importantly they are playing monopoly.

>>j4hduf+(OP)
Why can't "low end OEMs" release security updates?

>>fnimic+W2
They can, it would likely just increase the cost of cheap devices to end users, as the manufacturer now has to provide additional software support and does not want to lose money.

>>devmor+8b
One could argue that those “cheap” devices are ewaste from the beginning, and customers needing lower cost mobile devices should be buying more expensive ones used or refurbished.

>>fnimic+W2
Because they fucking suck. I never heard desktops or laptops being tied to Dell or Asus or what not for run of the mill kernel or os upgrades. If phone makers want to be fucking ass by locking down bootloaders, jealously preventing reversing etc preventing kernel devs etc from doing their own thing then they should accept the just label of being fucking ass or take on the responsibility of supporting it forever.

>>devmor+8b
Why does the manufacturer of the phone have to write os upgrades?

I never had to wait on Dell to type apt update and apt upgrade.

>>donkey+9k2
Because when you buy most smartphones, you're buying a vendor locked device and choosing to stay within their ecosystem. That's how Google has designed their monopoly. Apple is the same way, but non-fragmented.

You've never had to wait for Dell to type apt update and apt upgrade, but MacOS users have to wait for Apple to update their computer.

>>devmor+ri3
That was my point, this is a self created problem by the manufacturer.

>>donkey+ks3
No, it's a prerequisite to doing business.

The OEM phones are cheap because the manufacturer sells them at a loss, recouping money by locking them down and pre-installing certain software.

The alternative is that Google is properly regulated, or cheap smartphones phones don't exist.

>>donkey+ks3
These manufacturers gladly took in AOSP back in 2011 when it was still truly a great open source project - exactly as the name should require it to be - and also when security requirements were much much lower. Of course to keep up with device security it turns out you need complete control over the whole stack and regular updates anyway, so now these manufacturers are in a pickle of a situation.

>>devmor+uG3
Its possible the forced apps are a cost recouping mechanism. But how does a phone bootloader being locked down become Google's fault? Does it mandate that for some kind of Android certification?

>>donkey+ih4
Yes Google mandates a locked bootloader in order to meet Google Play Integrity's remote attestation. More generally it mandates a perfectly clean and valid secure boot chain. Among a variety of other requirements.