Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Hmm, I just checked: I have developer options enabled and untrusted sources (F-Droid). I checked my play integrity status[0] and it reports:

Labels: [MEETS_BASIC_INTEGRITY, MEETS_DEVICE_INTEGRITY, MEETS_STRONG_INTEGRITY]

So I don't think remote attestation is the issue here, but it could be the app detects it by some other way

[0] https://developer.android.com/google/play/integrity/addition...



Remote hardware attestation is the problem. It's the only thing that prevents me from simply circumventing the bank app's silly checks.

Cryptography is great when it empowers us. It sucks when it's used against us.


It's great that your integrity status reports that today, what's the guarantee that it will stay like that in a year?

There have been so many examples of companies, especially big tech, rolling out updates in the name of "security", that just turned out to be a way for them to tighten their control over time.


It's probably Play Integrity, indeed, which most of all checks if the user downloaded the app from the Play Store (and so requires a Google account, and being logged in to it on the phone).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: