this post was submitted on 07 Nov 2023
218 points (97.4% liked)

Android

17659 readers
229 users here now

The new home of /r/Android on Lemmy and the Fediverse!

Android news, reviews, tips, and discussions about rooting, tutorials, and apps.

🔗Universal Link: !android@lemdro.id


💡Content Philosophy:

Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it's in violation of the rules.


Support, technical, or app related questions belong in: !askandroid@lemdro.id

For fresh communities, lemmy apps, and instance updates: !lemdroid@lemdro.id

💬Matrix Chat

💬Telegram channels / chats

📰Our communities below


Rules

  1. Stay on topic: All posts should be related to the Android OS or ecosystem.

  2. No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to !askandroid@lemdro.id.

  3. Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to !androidmemes@lemdro.id.

  4. No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.

  5. No reposts or rehosted content: Share only the original source of an article, unless it's not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.

  6. No editorializing titles: You can add the author or website's name if helpful, but keep article titles unchanged.

  7. No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.

  8. No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.

  9. No offensive or low-effort content: Don't post offensive or unhelpful content. Keep it civil and friendly!

  10. No affiliate links: Posting affiliate links is not allowed.

Quick Links

Our Communities

Lemmy App List

Chat and More


founded 1 year ago
MODERATORS
all 42 comments
sorted by: hot top controversial new old
[–] kbal@fedia.io 62 points 1 year ago (1 children)

The key difference between "Android's Play Integrity API" and this new thing which they are no longer proposing to put in Chrome but into Android WebView instead is the remote part of "remote attestation".

The article does not make it entirely clear, but the new thing looks to be exactly the same as the old Web Environment Integrity we knew and hated, but with a new name and temporarily exclusive to Android.

[–] BearOfaTime@lemm.ee 11 points 1 year ago

I'm so glad there are devs behind things like Lineage, DivestOS and Graphene. I'm currently setting up a oh one using Divest without Google.

I'll be buying some Pixel 5's to get me through the next 5 years (my current phones are from 2018, and really fast with Lineage or Divest, and load a bunch of apps, and automation).

[–] kzhe@lemm.ee 53 points 1 year ago (2 children)

As someone who uses root (not at the moment but plans to) as I believe in owning my devices, fully, this is horrible. We still need to oppose this.

[–] LiveLM@lemmy.zip 37 points 1 year ago* (last edited 1 year ago) (1 children)

I know right? The article touches on this:

Google said the inspiration for the original Web Integrity project was Android's Play Integrity API, which already scans your phone for root privileges and denies access to things

^^^ this should have never, ever been a thing!

[–] 0xD@infosec.pub -4 points 1 year ago (1 children)

That is just standard and a completely sensible security measure for preventing people from tampering with an application. It cannot replace proper, server-side security measures but is a big step. Especially for stuff like banking applications.

[–] BaldDude@sh.itjust.works 9 points 1 year ago* (last edited 1 year ago)

I never really understood that:

If I'm using my browser to do banking via the website, Having root privileges and tampering with the Browser running the applications is not an issue.

If i use the banking app, Having root privileges suddenly become a problem.

--> To me, it doesn't look like the problem is technical, but that users are accepting things on mobile that they wouldn't accept on a PC.

[–] SkyeStarfall@lemmy.blahaj.zone 17 points 1 year ago (3 children)

The problem with root is that banking applications and many others straight up actively try to detect it and refuse to work if you are rooted. Android is in the process of being completely locked down.

[–] limerod@reddthat.com 17 points 1 year ago (1 children)

Not just root. Some even detect if you have usb debugging enabled and warn or refuse to work unless you turn that off.

[–] wccrawford@lemmy.world 10 points 1 year ago (1 children)

I've had video games refuse to play because of that. Ridiculous.

[–] sadreality@kbin.social 2 points 1 year ago (1 children)

They are just looking out for you

[–] kzhe@lemm.ee 3 points 1 year ago

I suppose it's anti-cheat

[–] glorious_puffy@lemmy.world 6 points 1 year ago (3 children)

There are many workarounds. It never really is an issue anymore

[–] limerod@reddthat.com 3 points 1 year ago (1 children)

What's the workaround for apps detecting usb debuging or other user apps on your device? I'm not rooted, but use shizuku and WiFi adb for certain features on my android.

[–] glorious_puffy@lemmy.world 2 points 1 year ago

Was not aware that some apps detect USB debugging and deny access

[–] SkyeStarfall@lemmy.blahaj.zone 2 points 1 year ago* (last edited 1 year ago) (1 children)

Last si rooted there were also workarounds, but they didn't always work, relying on the workarounds being updated to fight ever more advanced detection methods. It was a cat and mouse chase.

[–] glorious_puffy@lemmy.world 1 points 1 year ago

Apps I use work fine with vanilla magisk. If there are apps detecting root even after enabling zygisk, use magisk delta and enable magisk hide

[–] Pips@lemmy.sdf.org 1 points 1 year ago

The biggest continuing issue is NFCs, which will require people to accept that non-stock OSes are perfectly fine.

[–] sadreality@kbin.social 4 points 1 year ago (1 children)

Switched to web browser...

These apps are fucking obnoxious.

Google wants you to pay for hardware but they get to control it because they can't trust you lol

[–] BearOfaTime@lemm.ee 2 points 1 year ago

Yep, never have a root issue if you access a baking service via a browser.

And with apps like Hermit you can make a web page very app-like.

[–] RooPappy@kbin.social 33 points 1 year ago* (last edited 1 year ago) (5 children)

Big fucking sigh. I've been an Android user since the T-mobile G1, and I have ferociously defended the platform against iPhone for that entire time.

Is there a 3rd option? Or do I have to learn to love the enemy? I won't be a part of the problem with privacy just because I'm too lazy to change.

[–] BearOfaTime@lemm.ee 19 points 1 year ago (1 children)

Use Graphene, Lineage or DivestOS (fork of Lineage) . Graphene and Divest enable you to sandbox all Google BS if you need it, and Dos uses their own we view from Mull.

[–] fuzzzerd@programming.dev 7 points 1 year ago (1 children)

What about bank apps and nfc? Do those work or are you just out of luck if you need them on graphene or lineage?

[–] isVeryLoud@lemmy.ca 3 points 1 year ago

No attestation = no Google Pay

[–] ijeff@lemdro.id 13 points 1 year ago (1 children)
[–] RooPappy@kbin.social 4 points 1 year ago

I love the idea, and would be willing to be an early adopter of a linux phone... but its tough to give up application support.

[–] BaldDude@sh.itjust.works 6 points 1 year ago* (last edited 1 year ago)

Honourable mention for Sailfish OS

https://en.wikipedia.org/wiki/Sailfish_OS

The commercial version comes with an android emulator.

It's not recommended for non-technical people, it sometimes crashes, it has random bugs that will drive you insane, and currently the weather app can't connect to the service that provides the weather data.

But:

The people making it are not seeing you as the product and you will be free of all the bullshit.

..... and i love it :)

[–] possiblylinux127@lemmy.zip 2 points 1 year ago

Use custom ROMs

[–] shapis@lemmy.ml -3 points 1 year ago (1 children)

I have ferociously defended the platform against iPhone

Why tho

[–] RooPappy@kbin.social 14 points 1 year ago* (last edited 1 year ago) (1 children)

Because Apple are: closed system, unrepairable, proprietary, refuse to adopt standards, elitist and exclusionary, and generally less flexible and customizable. They are a baby toy, they are any recent BMW, and they are jerks about it.

And somehow, that's becoming the better option over thieves and scammers with bad intentions. I may have to go with the assholes over the bastards. It doesn't feel great.

[–] jol@discuss.tchncs.de -1 points 1 year ago

I get you, but calling iOS a toy just makes you sound childish and ignorant. I don't use apple for the same reasons, but iOS right now offers by far the most polish, mature and thought-through experience. In the meantime, Android continues to change everything on a whim every couple versions to nonsensical defaults. The UI keeps getting worse.

But I just can't stand the inability of customizing iOS. Google is strangling the platform, replacing FOSS features with Google counterparts, and if it wasn't for Samsung and maybe a few other big ones, they would probably have abandoned AOSP by now.

[–] samokosik@lemmynsfw.com 21 points 1 year ago (2 children)

Google no longer even tries to pretend not being evil.

[–] ares35@kbin.social 5 points 1 year ago (1 children)

google has been on the dark side since before "don't be evil" was even associated with the company.

[–] BearOfaTime@lemm.ee 1 points 1 year ago

The first time I heard "don't be evil" all I could think is why do you have to say it?

[–] clmbmb@lemmy.dbzer0.com 3 points 1 year ago (1 children)

It's been a long time they stopped pretending.. at least 5 years.

[–] baatliwala@lemmy.world 3 points 1 year ago (1 children)

You mean removing the "Don't be evil" slogan? That's not entirely true, they moved that from Google to Alphabet

[–] clmbmb@lemmy.dbzer0.com 0 points 1 year ago
[–] shiveyarbles@beehaw.org 9 points 1 year ago

This is like, save the children war fund, or some such nonsense naming scheme.

[–] SHITPOSTING_ACCOUNT@feddit.de -3 points 1 year ago (1 children)

A bit late... Something new might replace it but this experiment got killed a couple days ago already.

[–] bobbytables@feddit.de 31 points 1 year ago* (last edited 1 year ago) (1 children)

Google is killing off its proposal for "Web Environment Integrity API" as a new web standard, though Android phones may still have to deal with it.

That is literally the first sentence of the linked article. I think this is one of the things how it comes back.

[–] SHITPOSTING_ACCOUNT@feddit.de 3 points 1 year ago* (last edited 1 year ago) (1 children)

Does Vanced really use WebView for playback (the link the article provides suggests it's used for sign-in)?

Aside from forgetting to mention Revanced which is very much alive, I have doubts about the article. It feels like the author realized his headline doesn't work anymore so came up with something plausible sounding...

[–] ChaoticNeutralCzech@feddit.de 6 points 1 year ago* (last edited 1 year ago)

Vanced and Revanced use(d) a fork of MicroG for sign-in. MicroG is a FOSS implementation of Google Play Services and other Google app APIs but with minimum tracking. It uses the website to sign in, which I imagine is rendered with WebView because the app is so small.