They 100% would stop you if they could.
It’s why Google’s website DRM thing was so scary.
Was? What did I miss? Even if it was discarded, there will aways be another attempt.
Basically Google wanted to put checksums in webpages and then not render the page period if the checksum didn’t match and said checksum could only be verified by “approved” browsers that had the correct certificate (which surprise was Chromium only browsers such as Chrome and probably Edge). As such you wouldn’t have been able to run any adblockers as that would change the checksum and the way the page was rendered. They could also then go one step further and do a Denouvo type set up to make sure the OS wasn’t being altered.
Okay, so I originally was going to go in a long rant about how they’re still doing it, but decided that it didn’t really add much to the comment, so removed it.
Afaik they’ve, for now at least, shelved it in browsers, but are still going ahead in Android webviews (as part of their war on Youtube Vanced).
Rooted mobile devices are a reasonable signal they been have hacked and security features might be disabled or work as expected.
It just banks, a lot of corporate security polices don’t allow rooted devices, as they could bypass mobile device management policies for devices owned by the company.
With laptops it’s a different story. Whether users have Mac, Linux or Windows, there’s a reasonable chance they have admin access too, so checking for root access is not such a useful signal there.
Rooted mobile devices are a reasonable signal they been have hacked and security features might be disabled or work as expected.
Rooted mobile devices are a reasonable signal that someone wants to actually own what they buy, and corporations want to make sure as few people think that as possible.
Windows/Macos/Linux are designed around the fact that the person managing the device has root access, Android and iOS are designed around noone having root access.
Sure it’s fine to mess around with rooted phone and look what’s inside, but essentially for your daily operations having rooted phone is unnecessary security risk.
Android and iOS are designed around noone having root access.
Yes and I consider that to mean I don’t own the device. And there are plenty of Android forks specifically designed around you having root access.
So just warn the user that it’s their own responsibility and all claims are waived, instead of just saying “no” ?
There is parallel with masking. The bank values the safety of the whole rather than the freedom to root for an individual. You stand to lose only your own bank balance. The bank stands to lose the funds of every rooted phone that contains a banking app exploit targeting them.
I mean, they get that anyway with malware and security exploits. Except that rooted phones usually have a root manager, which asks for permission if an app wants to do more. And i don’t think the root user listening into the app/their own account should be a problem; because in this case the problem is with the banks’ security practice.
Well, at least my bank doesn’t care about root or safety net.
It’s not just root. They would prefer you not to have a custom keyboard either.
That’s actually got a solid reason behind it.
It’s because the OSK is just another program as far as Android is concerned. It can’t directly look into the application, per Android specifications, but it CAN record key presses, even for passwords. It even receives context hints based on the metadata on the input box, so it knows when you’re putting in a password. Then it can send your data off to unknown servers.
thats a bit ironic seeing how the default keyboard on most phones are a privacy nightmare.
I actually heard something about that in class not long ago
The story is that Android’s security heavily relies on the compartmentalization of apps that lives in the android layer, over the Linux kernel. Apparently, that functionality works in part because only this layer can perform operations that require root access, no app or user can. So software that allows you to root your phone apparently breaks this requirement, and makes the whole OS insecure. He even heavily implied that one should never root their phone with ‘free’ software found on the internet because that was usually a front for some nefarious shit regarding your data.
I’m just parroting a half-understood and half-remebered speech from a security expert. His credentials were impressive but I have no ability to judge that critically, if anyone knows more about this feel free to correct me.
I wouldn’t even feel compelled to root my phones if Google would actually back up my phone instead of whatever 1/4 baked shit they’ve done thus far.
I’ve been using android since 2010, and it’s gotten significantly better over the years. There’s only a few things it doesn’t back up, like text messages and app data, most of which you don’t need.
It is not Android that is backing up most things though, it is mostly done by Google Services. That means that your data is effectively vendor locked-in if you want to use Android as an actual open source project. Google gutting the AOSP to this extent should be illegal (maybe even is, but might is right).
Isn’t saying that allowing apps to have root lets them access anything just describing what root is? A rooted phone doesn’t have to give superuser access to every app.
I think he was trying to say apps get access to “root features” through an abstraction layer/API calls that is controlled.
They don’t/wouldn’t have carte blanche root access to the underlying system. It’s kinda like a docker container or VM or flatpaks/snap packages on Linux. They are sandboxed from everything else and have to be given explicit premission to do certain things(anything that would need root privileges/hardware access).
A rooted phone doesn’t have to give superuser access to every app.
Sure, but apps that run as superuser can access anything, including the data and memory for banking apps. A big part of Android’s security model is that each app runs as a different user and can’t touch data that’s exclusively owned by another user.
It just means you need to trust apps that you give root access to, or only give elevated privileges during the very specific times when apps need them. Root isn’t something people who don’t know what they’re doing should be messing around with, I guess. But I’d think a lot of people who root their phone know and accept the risks.
Google and Apple have been very successful at convincing everyone, including banks, to see the idea of users having control over their own phone-like computers as dangerous.
