Technology

70461 readers

4463 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related news or articles.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago

MODERATORS

L3s@lemmy.world

enu@lemmy.world

technopagan@lemmy.world

L4s@lemmy.world

L3s@hackingne.ws

L4s@hackingne.ws

266

Google Play’s latest security change may break many Android apps for some power users. The Play Integrity API uses hardware-backed signals that are trickier for rooted devices and custom ROMs to pass. (www.androidauthority.com)

submitted 3 days ago by abobla@lemm.ee to c/technology@lemmy.world

70 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] Zwuzelmaus@feddit.org 55 points 3 days ago (1 children)

Google’s updated Play Integrity API

How can these people talk about "integrity" when they break real existing phones?

I call this the opposite of integrity.

[+] tinned_tomatoes@feddit.uk -46 points 3 days ago* (last edited 3 days ago) (4 children)

Bit hyperbolic, don't you think? Rooted/Custom ROM users are so tiny, and they typically use security vulnerabilities to obtain root access. It's not exactly surprising that Google closes those vulnerabilities when it can.

Google can't exactly make root access and custom ROMs easier to use in 2025. It isn't 2010 anymore - as soon as rooting becomes easy again, and people are bypassing security measures you know the big orgs, copyright holders and children's apps will complain to the media and suddenly Google has a shitstorm to deal with.

Just wait until they find another vulnerability, lol.

[–] Zak@lemmy.world 46 points 3 days ago (1 children)

Many devices, including Google's own Pixel devices have user-unlockable bootloaders. No security vulnerabilities are involved in the process of gaining root access or installing a third-party Android distribution on those devices.

What's going on here isn't patching a vulnerability, but tightening remote attestation, a means by which a device can prove to a third party app that it is not modified. They're selling it as "integrity" or proof that a device is "genuine", but I see it as an invasion of user privacy.

Google can’t exactly make root access and custom ROMs easier to use in 2025.

Sure they can. They're in a much stronger position to dictate terms to app developers than they were in 2010 when it was not yet clear there would be an Android/iOS duopoly.

They don't want to though, because their remote attestation scheme means they can force OEMs to only bundle Google-approved Android builds that steer people to use Google services that make money for Google, and charge those OEMs licensing fees. A phone that doesn't pass attestation isn't commercially viable because enough important apps (often banking apps) use it.

[–] kittenzrulz123@lemmy.blahaj.zone 14 points 3 days ago

Many people use LineageOS and GraphineOS for security, privacy, and features that base Android simply doesn't ship.

[–] Zwuzelmaus@feddit.org 13 points 3 days ago

Or is it rather your definition of security or vulnerability that is questionable.

[–] 0x0@infosec.pub 1 points 3 days ago

The fuck did you just call me? Ill have you know im actually HUGE