←back to thread

Samsung embeds IronSource spyware app on phones across WANA

(smex.org)
845 points the-anarchist | 1 comments | 21 Jun 25 03:06 UTC | HN request time: 0.349s | source
Show context
userbinator ◴[21 Jun 25 04:22 UTC] No.44334486[source]
making it nearly impossible for regular users to uninstall it without root access, which voids warranties and poses security risks

Stop parroting the corporate propaganda that put us into this stupid situation in the first place. Having root access on devices you own should be a fundamental right, as otherwise it's not ownership.

replies(12): >>44334515 #>>44334549 #>>44334577 #>>44334616 #>>44334661 #>>44334912 #>>44335283 #>>44335463 #>>44335597 #>>44336211 #>>44336257 #>>44336433 #
charcircuit ◴[21 Jun 25 04:37 UTC] No.44334549[source]
Root access is an outdated security concept from the previous century. Trying to mandate such a concept is parroting UNIX propaganda. Users can be given control of devices without them having a "root" account.
replies(4): >>44334825 #>>44334851 #>>44334883 #>>44336446 #
mrusme ◴[21 Jun 25 05:39 UTC] No.44334825[source]
How?
replies(2): >>44334848 #>>44335565 #
charcircuit ◴[21 Jun 25 07:48 UTC] No.44335565[source]
By following the principle of least privilege. Like with apps the user should only have privileges for what they are allowed to control and nothing more. So if the user should have privilege to disable apps, then the settings app could expose a way for the user to do so.

Yes, this is kind of approach of coming up with a design to security instead of going with the easy route of everything being allowed is harder to do and takes more time, but it leads to better security.

replies(2): >>44335906 #>>44336176 #
tsegers ◴[21 Jun 25 08:59 UTC] No.44335906[source]
I believe that the top-level comment you replied to is making the point that there should not be any authority that either allows or disallows what a user can do with the device they own. Purchasing a device should make one that authority, free to decide how much security to trade for how much privilege.
replies(1): >>44339827 #
1. charcircuit ◴[21 Jun 25 18:52 UTC] No.44339827[source]
But really it's all about framing. For example on desktop computers it's not possible for people to create new instructions for their CPU to handle. At some layer there will be an API that user needs to use to interact with the device. As times goes on I think it's natural for that layer that users are expected to interact with their device with to become higher level. I believe the top level comment is framing this issue such that current phones don't have an API that matched how it worked for UNIX computers and that is a bad thing. The commenter is too focused on how things worked in the past and doesn't want to allow for things to change.