linuxmemes

20801 readers

1048 users here now

I use Arch btw

Sister communities:

LemmyMemes: Memes
LemmyShitpost: Anything and everything goes.
RISA: Star Trek memes and shitposts

Community rules

Follow the site-wide rules and code of conduct
Be civil
Post Linux-related content
No recent reposts

Please report posts and comments that break these rules!

founded 1 year ago

MODERATORS

poopsmith@lemmy.world

zephyr@lemmy.world

rtxn@lemmy.world

Why don't banks like root on Android? (lemmy.world)

submitted 5 months ago by Waffelson@lemmy.world to c/linuxmemes@lemmy.world

11 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] huginn@feddit.it 1 points 5 months ago

SafetyNet is dead.

They rely on Play Integrity API.

That covers:

App Binary signatures App source corroboration - Was it actually installed from the Play Store? Android device attestation - Is it a genuine device powered by Google Play Services Malware detection - Google Play Protect is enabled and has not seen known malware signatures.

They can choose to ignore any number of those but they do not. It's part of their security reporting requirements to use attestation I expect.

Beyond that - a device that doesn't meet Play Integrity is more likely to be a malicious actor than it is to be a tech enthusiast with a rooted phone: One of them is far more prevalent than the other in terms of device usage.

Android apps are trivial to reverse engineer, inject code into and generally manipulate. That lets apps like ReVanced work the way they do... but that also means that blue team developers have a lot more work to do to protect app code.

Source - Android App Developer, worked on apps with high level security audits (like banking apps).