this post was submitted on 29 Jul 2023
1260 points (98.2% liked)

Technology

58451 readers
4976 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s
[email protected]
[email protected]
[email protected]
enu
[email protected]
L4s
1260
Google tries to defend its Web Environment Integrity (techreport.com)
submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/technology
202 comments fedilink hide all child comments
 

I'm happy to see this being noticed more and more. Google wants to destroy the open web, so it's a lot at stake.

Google basically says "Trust us". What a joke.

you are viewing a single comment's thread
view the rest of the comments
[–] Zak 23 points 1 year ago (1 children)

I used a rooted phone without Google apps on it and so many apps simply refused to work. They use Googles api in the background

This has nothing to do with being rooted but with Google encouraging people to build apps using its proprietary libraries to make Google Android more valuable than Android Open Source Project. There may be a connection to the EU's attempts to stop Google from forcibly bundling several of its other apps with the Play Store.

For most use cases, good alternatives are available and it's just a matter of developers being lazy, but I'm not sure there's another good option for chat apps to get timely notifications without high battery consumption. MicroG provides an open source alternative to Google's libraries and works for most apps, including chat notifications.

[–] [email protected] 6 points 1 year ago (1 children)

It's a bit worse than just Google libraries, apps can use Play Integrity which uses hardware attestation to validate it's bootloader lock status and that it's running a vendor signed and Google approved ROM.

Current bypasses emulate older devices without the necessary hardware, but those will eventually stop working and there won't be bypasses unless someone leaks some master keys or finds TPM exploits to trick it into signing the integrity request. It's very bad.

[–] Zak 3 points 1 year ago

Yes, but they're two separate issues. Many apps that don't care whether you have root or a third-party Android build use Google's libraries.

Patching apps is another workaround. It won't beat server-side checks, but I think those are still fairly rare. ReVanced makes it easy to do, though I'm not sure there are patches related to SafetyNet yet.