←back to thread

Samsung embeds IronSource spyware app on phones across WANA

(smex.org)
845 points the-anarchist | 2 comments | 21 Jun 25 03:06 UTC | HN request time: 0.424s | source
Show context
userbinator ◴[21 Jun 25 04:22 UTC] No.44334486[source]
making it nearly impossible for regular users to uninstall it without root access, which voids warranties and poses security risks

Stop parroting the corporate propaganda that put us into this stupid situation in the first place. Having root access on devices you own should be a fundamental right, as otherwise it's not ownership.

replies(12): >>44334515 #>>44334549 #>>44334577 #>>44334616 #>>44334661 #>>44334912 #>>44335283 #>>44335463 #>>44335597 #>>44336211 #>>44336257 #>>44336433 #
jrflowers ◴[21 Jun 25 05:02 UTC] No.44334661[source]
This is a good point. While there is nothing factually incorrect in the statement “rooting your phone can void your warranty and pose a security risk”, if you imagine factual statements are the same thing as value judgments it becomes very problematic.

Similarly it is pretty messed up when people say stuff like “fire can burn you if you aren’t careful” because so many people rely on fire for food and warmth.

replies(2): >>44335717 #>>44336019 #
1. franga2000 ◴[21 Jun 25 09:24 UTC] No.44336019[source]
In fact there is a lot factually incorrect.

For starters, in most places, warranty is a legal requirement and the manufacturer isn't allowed to void it for whatever reason they want. If my phone's battery starts getting really hot in normal use, or I start getting dead pixels on my screen or whatever else, the fact I have a custom OS on my phone isn't relevant to the warranty claim any more than having it in a case or putting some stickers on it. Yes, it'll make claiming it more difficult, but that doesn't mean it's void, just that you'll have to fight through a few more tiers of support agents to get it fixed.

More importantly, rooting is only a security risk in the sense that it increases the attack surface for exploits. The same can be said for any other system-level software. Like if you buy an Nvidia graphics card in your computer and that loads its kernel driver, malware now has one more place to exploit. Are Nvidia graphics cards a security risk?

We've come an incredibly long way from just dropping /xbin/su and calling it a day. Modern (as in the last 10 years) root solutions have caller checks based on a user-defined whitelist and really modern implementations use kernel-level checks to make sure the app wanting root access is allowed to get it. The only way this can be dangerous is if one of those apps or the root solution itself has a code execution exploit. But again, the same can be said for the plethora of system-level bloatware vendors install these days.

replies(1): >>44336078 #
2. jrflowers ◴[21 Jun 25 09:36 UTC] No.44336078[source]
>For starters, in most places, warranty is a legal requirement and the manufacturer isn't allowed to void it for whatever reason they want.

This only makes the statement untrue if you use “can” and “will” interchangeably.

>More importantly, rooting is only a security risk in the sense that it increases the attack surface for exploits.

This is a good point. What even is “attack surface” anyway? Does anybody actually consider it when “evaluating security posture”? If I simply choose not to care about attack surface because I don’t want to, then doesn’t it simply become a factual nonissue? There are no answers to these questions