←back to thread

Lindroid

(twitter.com)
262 points LorenDB | 5 comments | 17 Jun 24 13:46 UTC | HN request time: 0s | source
Show context
fock ◴[18 Jun 24 06:19 UTC] No.40714592[source]
"needs root and patches to AOSP". So there go the banking apps mentioned elsewhere and you can just use postmarketOS.

Still cool though!

replies(4): >>40714796 #>>40715232 #>>40715542 #>>40718579 #
bboygravity ◴[18 Jun 24 06:52 UTC] No.40714796[source]
I have a rooted phone and when you hide root (using Magisk app) all banking apps work just fine?
replies(1): >>40714825 #
kiney ◴[18 Jun 24 06:56 UTC] No.40714825[source]
Some, not all. Last time I checked magisk wasn't able to fake safetynet hardwareattestation
replies(1): >>40715295 #
igor47 ◴[18 Jun 24 08:17 UTC] No.40715295[source]
Yup. I gave up on trying to get Google wallet / Android pay to work on my lineage device. I got it working sometimes but it broke after update and just wasn't reliable enough to keep trying when paying for stuff. I'm not really sure whom they're protecting with this stuff -- the credit card processing companies, maybe?
replies(4): >>40716192 #>>40717123 #>>40717179 #>>40718079 #
crms1496 ◴[18 Jun 24 12:45 UTC] No.40717179[source]
I have found Play Integrity Fix [1] with playcurl [2] is reliable enough for passing Play Integrity in Wallet and other apps. My current issue is that Google Messages has its own integrity checks that are stricter than Play Integrity, and will silently stop handling RCS messages if it fails those checks. I currently have RCS disabled because it is too unreliable.

[1] https://github.com/chiteroman/PlayIntegrityFix [2] https://github.com/daboynb/PlayIntegrityNEXT

replies(1): >>40718060 #
1. LoganDark ◴[18 Jun 24 14:08 UTC] No.40718060[source]
Huh, I don't have issues with RCS on my rooted OP7Pro. Is my version just sufficiently out of date not to have those extra checks?
replies(1): >>40718222 #
2. freedomben ◴[18 Jun 24 14:24 UTC] No.40718222[source]
I also have OP7Pro (what an amazing phone btw), and yes, we're pretty much sufficiently out of date that they still work - a wild but true reality we find ourselves in.
replies(1): >>40719383 #
3. LoganDark ◴[18 Jun 24 16:04 UTC] No.40719383[source]
I mean my Messages app. I installed it years ago and never updated, because why would I ever updated an SMS app, the only thing that can ever happen is for things to break that used to be working, lol. I don't even know if I run A12.

I do know, though, that the OP7Pro is one of the last Android devices that are whitelisted by Google to pass SafetyNet without hardware-backed attestation. Shame that TWRP wiped my working setup. I've been trying to get them to add any basic protection against that for over three years: https://github.com/TeamWin/Team-Win-Recovery-Project/issues/...

It is an amazing phone. Notchless, relockable bootloader (not just unlockable, but custom AVB key support!!), in-screen fingerprint sensor, 90Hz AMOLED, and great build quality.

replies(1): >>40722735 #
4. sangnoir ◴[18 Jun 24 22:26 UTC] No.40722735{3}[source]
> because why would I ever updated an SMS app, the only thing that can ever happen is for things to break that used to be working, lol.

Text parsing/rendering is a security Achilles' heel, and SMS app vulnerabilities are commonly exploited entry points for persistent malware from the likes of NSO. All things being equal, should update SMS apps for the security updates.

replies(1): >>40738673 #
5. LoganDark ◴[20 Jun 24 13:39 UTC] No.40738673{4}[source]
Text parsing and rendering is supposed to be done by the OS. And if there's an OS-level vulnerability like that, then the OS is what you update, not necessarily just the app.