Post AbhmMdADyrGhIBjYe0 by crafti@akkoma.0x68756773.moe
(DIR) More posts by crafti@akkoma.0x68756773.moe
(DIR) Post #AbhmCj6n1Xh0pjP92u by crafti@akkoma.0x68756773.moe
2023-11-11T18:21:19.775222Z
1 likes, 0 repeats
Android is so great: a lot of the “features” require to be shipped by the OEM (i.e. need to be a system app), and thus cannot be changed. Unless you’re rooted of course, which will make your device fail SafetyNethttps://source.android.com/docs/core/permissions/android-roles
(DIR) Post #AbhmE3cWFNnQjssdt2 by getimiskon@fedi.getimiskon.xyz
2023-11-11T18:23:27.664459Z
0 likes, 0 repeats
@crafti SafetyNet is cancer
(DIR) Post #AbhmMdADyrGhIBjYe0 by crafti@akkoma.0x68756773.moe
2023-11-11T18:24:29.380128Z
1 likes, 0 repeats
@getimiskon Any software attempting to attest your device for "legitimate purposes" should be seen as malicious.
(DIR) Post #AbhmYMCqr2LAArYQAi by getimiskon@fedi.getimiskon.xyz
2023-11-11T18:27:07.640740Z
0 likes, 0 repeats
@crafti I agree. Also I keep in mind that mobile phones just aren't safe, as they can easily be stolen or lost. It's all common sense dammmit!
(DIR) Post #AbhmnPaAaIMgzMdiYC by crafti@akkoma.0x68756773.moe
2023-11-11T18:25:47.795660Z
0 likes, 0 repeats
@getimiskon In one way, integrity testing has valid purposes. But if this integrity checking overlaps with personal usage and devices, this crosses a line. And the question is if there's really innocent intentions.
(DIR) Post #AbhmnTvwPI9mU2rA2a by getimiskon@fedi.getimiskon.xyz
2023-11-11T18:29:49.060804Z
0 likes, 0 repeats
@crafti I really don't get why some apps ask for integrity. It makes sense of banking apps, I guess, but they have been working on the web just fine all this time without all that bullshit. To me, it feels like bullshit for people that don't bother to learn about the basics of security.
(DIR) Post #AbhmnTvwPI9mU2rA2b by crafti@akkoma.0x68756773.moe
2023-11-11T18:28:40.035551Z
1 likes, 0 repeats
@getimiskon Like, what do banking apps get from being assured that my device isn't rooted or is otherwise unlocked? At this point an app can be either decompiled, my internal storage can be read with my device password. Like, a device is never 100% secure.Heck, I can fastboot with the bootloader into stuff that's not installed on my device. Encryption is still a barrier however.
(DIR) Post #AbhnSn7rxGOpsf8Lgm by crafti@akkoma.0x68756773.moe
2023-11-11T18:32:43.378877Z
0 likes, 0 repeats
@getimiskon If my bank really shits itself because my phone is not a security-standard dedicated TAN device, then they should ship me a TAN device instead of trying to pretend my device is secure enough just because the boot chain is intact.
(DIR) Post #AbhnSq4R0UR10sY9Fg by getimiskon@fedi.getimiskon.xyz
2023-11-11T18:37:17.804481Z
0 likes, 0 repeats
@crafti if the bank I use requires me to use a mobile app instead of a web interface, I'll get my money to somewhere else. I don't trust any bank in this country anyways, let alone trusting their shitty applications.
(DIR) Post #AbhnSq4mzAib1yiQnw by crafti@akkoma.0x68756773.moe
2023-11-11T18:35:43.494286Z
1 likes, 0 repeats
@getimiskon The boot chain means nothing if there's a way to pwn the system or otherwise do unaccounted things.Secure boot is still a good thing, but just don't pretend I'm mentally challenged because you're attesting my damn device and found it's unlocked.
(DIR) Post #AbhnYmiCPItyKlz6K8 by getimiskon@fedi.getimiskon.xyz
2023-11-11T18:38:24.916035Z
0 likes, 0 repeats
@crafti ah yes... you can't imagine how much software makes me feel I'm mentally challenged