this post was submitted on 25 Jul 2023
1465 points (97.5% liked)

Memes

45712 readers
1127 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] Da_Boom@iusearchlinux.fyi 6 points 1 year ago (2 children)

Have you ever rooted an android phone?

The google SafteyNet Attestation is the precursor to browser DRM. It's essentially phone DRM.

There are many banks that have apps that require you to pass at least the basic level attestation, if not the CTS profile matching that fails the moment you modify any system level resources, even the bootloader

luckily you can force disable CTS so it falls back on the basic level, for most apps at least. You will never have access to Google or Samsung pay though, as it actually knows your phone model should support CTS and will autofail if it no longer reports that it does.

Alongside that apps like Pokemon GO and Netflix also require at least basic attestation to function - demonstrating the DRM and anticheat capabilities of such a system.

[–] CumBroth@discuss.tchncs.de 4 points 1 year ago* (last edited 1 year ago) (1 children)

https://github.com/Magisk-Modules-Repo/MagiskHidePropsConf

This can help you pass CTS. It worked for me. Funny thing is, I don't even remember which app I did it for. Whatever it was, I ended up not using it after all the trouble. As for my banking apps, they only care about root, so Magisk's denylist does the job.

[–] Da_Boom@iusearchlinux.fyi 0 points 1 year ago (1 children)

Nah, I'm still running a stock ROM on a pixel 3a. Looking at this guide, it looks like this tool is dead. So unless it works on android 12, I can't use it.

Enabling strict denylist actually causes my phone to break, it will randomly cause my phone to freeze up, and fail to load on phone unlock to the point I have to go into safe boot to disable my Magisk modules, only then will it boot correctly. - maybe I'm denying the wrong system apps for strict mode to work. I have still added apps to the denylist, however.

Im currently using universal Safetynet Fix to pass basic Attestation, and the only thing that fails to work is google wallets "tap to pay" feature. Which doesn't matter as my NFC reader is broken in any case.

[–] CumBroth@discuss.tchncs.de 1 points 1 year ago* (last edited 1 year ago)

Oh, I didn't notice it's dead. I just had it bookmarked because I remember spending a lot of time trying all sorts of workarounds before it and none of them ever worked (for CTS).

I used this for Android 11; there's a good chance it'll still work for that version. But like I said, I ended up not needing it anyway - my phone doesn't even have NFC! I think I mostly just did it as a FU to Google rather than for actual utility. :D

Just thought it worth mentioning that there are/were workarounds for CTS. Don't know how things are now on Android 12 and 13.

[–] nudnyekscentryk@szmer.info 2 points 1 year ago (1 children)

I find it funny how the most root-resistant app I've ever encountered is McDonald's coupons app. I can trick Google Pay into working on my rooted phone, I tricked Revolut and two national banks. Heck, even my government-issued digital ID was tricky but I eventually got it working despite root and unlocked bootloader, both of which it didn't like. But McDonald's? None of the workarounds work whatsoever .

I'm rooted and on LOS and can use any app I need (including banking apps, paypal, and netflix - i don't use samsung/google pay). The only app i can't get to work is one stupid food delivery app. It's weird af.