Most active commenters
  • perching_aix(3)
  • fc417fc802(3)

←back to thread

Samsung embeds IronSource spyware app on phones across WANA

(smex.org)
845 points the-anarchist | 12 comments | 21 Jun 25 03:06 UTC | HN request time: 1.313s | source | bottom
Show context
userbinator ◴[21 Jun 25 04:22 UTC] No.44334486[source]
making it nearly impossible for regular users to uninstall it without root access, which voids warranties and poses security risks

Stop parroting the corporate propaganda that put us into this stupid situation in the first place. Having root access on devices you own should be a fundamental right, as otherwise it's not ownership.

replies(12): >>44334515 #>>44334549 #>>44334577 #>>44334616 #>>44334661 #>>44334912 #>>44335283 #>>44335463 #>>44335597 #>>44336211 #>>44336257 #>>44336433 #
1. perching_aix ◴[21 Jun 25 04:29 UTC] No.44334515[source]
Didn't we backslide hard enough at this point that it is now architecturally ensured that there is a security downside to rooting? Prevents verified boot for example, since the attestation is tied to said corporations, and not you.
replies(3): >>44335600 #>>44335942 #>>44336193 #
2. fc417fc802 ◴[21 Jun 25 07:56 UTC] No.44335600[source]
AFAIK that's true for many vendors but for example Pixels (and IIRC also OnePlus at least a few years ago) you can relock the bootloader with other keys.

The crazy thing is that on all the devices I've had AVB is implemented on top of secureboot. Being able to set your own secureboot keys is bog standard on corporate laptops. The entire situation makes absolutely no sense.

Also for the record I think it's a silly attack vector for the average person to worry about. A normal person does not have secret agents attempting to flash malicious images to his phone while he's in the shower.

replies(2): >>44335863 #>>44336296 #
3. perching_aix ◴[21 Jun 25 08:51 UTC] No.44335863[source]
> AFAIK that's true for many vendors but for example [on] Pixels you can relock the bootloader with other keys

Oh that's pretty cool, wasn't aware.

> The crazy thing is that on all the devices I've had AVB is implemented on top of secureboot. Being able to set your own secureboot keys is bog standard on corporate laptops. The entire situation makes absolutely no sense.

Hold on, could you elaborate a bit on this? I thought it was an either/or type deal cause they do the same thing.

replies(1): >>44335902 #
4. fc417fc802 ◴[21 Jun 25 08:58 UTC] No.44335902{3}[source]
Many devices if you load up fastboot mode (is that the right name?) it will give you chipset and other information and it will have secureboot info there. It's permanently locked to chain into the AVB image. AVB is a much more complicated beast that specifies the existence of multiple partitions including (IIRC) one for storing authorized keys, one for the recovery, and a bunch of other stuff.

It's possible this has changed or was never widespread in the first place. I have a very limited (and historic) sample size.

5. franga2000 ◴[21 Jun 25 09:08 UTC] No.44335942[source]
Not having verified boot is not a security downside for most people. Unless your threat model includes the evil maid attack, which it doesn't for thr vaaaaaast majority of people, verified boot is just another DRM anti-feature.
replies(1): >>44336067 #
6. ignoramous ◴[21 Jun 25 09:33 UTC] No.44336067[source]
Verified Boot isn't merely to thwart Evil Maids, but by and large provide what's known as "Trusted Computing Base". And yes, given the proliferation of smartphones and the nature of sensitive applications built on top, most people, even if they don't realise it, need it.
replies(1): >>44336233 #
7. torginus ◴[21 Jun 25 09:59 UTC] No.44336193[source]
I don't follow the reasoning behind this - even in a verified boot scenario you can just choose to not load the offending kernel module without compromising security.
8. userbinator ◴[21 Jun 25 10:08 UTC] No.44336233{3}[source]
but by and large provide what's known as "Trusted Computing Base".

In other words, DRM.

https://en.wikipedia.org/wiki/Trusted_Computing#Criticism

(I knew from the beginning that this was known as the Palladium project, and until recently, a search for "Palladium TCG" would find plenty of information about that history, yet now references to that group and its origins in DRM have seemingly disappeared from Google. Make of that what you will...)

replies(2): >>44336609 #>>44337135 #
9. acdha ◴[21 Jun 25 10:21 UTC] No.44336296[source]
> A normal person does not have secret agents attempting to flash malicious images to his phone while he's in the shower.

No, but millions of women have controlling partners or friends who betray their trust and, for example, many people going through U.S. Customs are being asked to surrender control of their devices so they can be used without their knowledge. There’s a well-funded malware industry with a lot of customers now.

10. cam_l ◴[21 Jun 25 11:20 UTC] No.44336609{4}[source]
Are you saying that someone is using yugiyoh trading cards to cover up incriminating historical details of Microsoft's long term plan to purge general purpose computing from the world?

https://www.tcgplayer.com/product/593140/yugioh-quarter-cent...

Bizarre, I did find it on bing though..

https://www.cl.cam.ac.uk/archive/rja14/tcpa-faq-1.0.html

11. perching_aix ◴[21 Jun 25 12:41 UTC] No.44337135{4}[source]
This should not be a surprise. Mechanistically enforced trust (like in trusted computing), and even better, mechanistically assured trust (like in verifiable computing), will be relied upon by anyone seeking trust. This means both consumers and producers, and anyone else in-between.

If I want my device to be secure, I want this trust. If I want to sell a copy of my virtual asset to only be used in ways I approve of, I want this trust. You can't have only one of these at the same time, either your device can provide this trust or it cannot. That's not the battle in my view. The battle is to implement this appropriately, such that e.g. if we're representing access control, identity, and ownership, then that representation should match reality. So if I'm said to own a device, the device can and will attest so, and behave accordingly. It's just that instead of that, I'm always somehow just being loaned these things, only have some specified amount of control over these things, and am just a temporary user somehow. That's the issue. And that these systems are not reimplementable, and as such entitlements do not carry around.

replies(1): >>44350402 #
12. fc417fc802 ◴[22 Jun 25 21:23 UTC] No.44350402{5}[source]
> If I want my device to be secure, I want this trust.

Device security and mediated trust between mutually distrustful entities are separate things.

> If I want to sell a copy of my virtual asset to only be used in ways I approve of, I want this trust.

I don't want you to be able to do that. At least not with general purpose computing devices (ie my phone). Maybe for something like a game console or set top box but that doesn't seem to be what's being discussed here.

> either your device can provide this trust or it cannot

It is entirely possible for device firmware to do nothing more than verify that the bootloader was signed with a particular user configurable key.