←back to thread

Samsung embeds IronSource spyware app on phones across WANA

(smex.org)
845 points the-anarchist | 2 comments | 21 Jun 25 03:06 UTC | HN request time: 0.447s | source
Show context
userbinator ◴[21 Jun 25 04:22 UTC] No.44334486[source]
making it nearly impossible for regular users to uninstall it without root access, which voids warranties and poses security risks

Stop parroting the corporate propaganda that put us into this stupid situation in the first place. Having root access on devices you own should be a fundamental right, as otherwise it's not ownership.

replies(12): >>44334515 #>>44334549 #>>44334577 #>>44334616 #>>44334661 #>>44334912 #>>44335283 #>>44335463 #>>44335597 #>>44336211 #>>44336257 #>>44336433 #
bongodongobob[dead post] ◴[21 Jun 25 04:51 UTC] No.44334616[source]
[flagged]
potamic ◴[21 Jun 25 05:01 UTC] No.44334656[source]
You can default to a hardened, secure setup but provide an option to override to those who want to. I don't think anyone is against secure defaults, but many people have a problem with designs that say you must not even have an option to override.
replies(2): >>44334706 #>>44334887 #
burnt-resistor ◴[21 Jun 25 05:50 UTC] No.44334887[source]
It creates a Hobson's choice of no tinkering and less malware, or tinkering and greater risks from malware. There should be a "maintenance mode", but the onus of responsibility for breakage should be on the user for system update compatibility without the user being held hostage. This is a false choice and ostensible customizability. If the manufacturer wants to add an "OS warranty void sticker" flag because things maybe broken from tweaking, that's cool, but leaving the user less secure as punishment is wrong.
replies(2): >>44335321 #>>44335665 #
sprinkly-dust ◴[21 Jun 25 07:09 UTC] No.44335321[source]
It is my experience that this is what Google does with their Pixel phones. It is really quite simple to unlock the bootloader and do whatever you want on a Google Pixel you own (i.e unlocked, no carrier). They even give you this really handy Android flash tool which uses WebUSB to fully restore your device when you mess up. Heck, custom ROMs like GrapheneOS and CalyxOS are even able to sign their own images and allow you to lock the bootloader with a non Google OS.

However, all this comes with the caveat that SafetyNet will flay you alive. The cat and mouse game with Magisk and other methods to maintain root undetected is moot when I've used apps these days that make a fuss when you have developer settings enabled. To be honest, that seems acceptable to me, I can do what I want with my device, software vendors like banks and the like have a say in how I choose to access their more convenient services. I can play nice with them if I want, even using a second phone perhaps, but I have a choice.

replies(2): >>44335848 #>>44336967 #
1. encom ◴[21 Jun 25 08:48 UTC] No.44335848[source]
>banks and the like have a say in how I choose to access their more convenient services

I disagree. I don't understand how it's fine that I can access my banking services with my Gentoo machine, with everything compiled from source by myself, but it's somehow a problem when I'm not using either Apple or Google certified OS on my phone.

I'm sure they want to prevent the first scenario, like various streaming cartels already do, but I hope something like EU throws a fit if they do.

replies(1): >>44336085 #
2. keyringlight ◴[21 Jun 25 09:37 UTC] No.44336085[source]
What kind of actions can gentoo do with your financial accounts, and what levels of user authentication does it use to do it? My phone can effectively act as a bank card with contactless payment or I can transfer up to a daily allowance (that would be painful to me if it was misused) of thousands with biometric auth. Similar to the OS if you're doing that with any browser with a web login you could potentially compile it to behave how you like or lie about what it's doing

Because it's a bank there's going to be insurance behind the scenes to cover them if something goes wrong, and I assume part of that is ticking off enough points to be confident a transaction is secure or different payment limits on confidence levels.