Most active commenters
  • kube-system(5)
  • asimops(3)

←back to thread

A theoretical way to circumvent Android developer verification

(enaix.github.io)
194 points sleirsgoevy | 37 comments | 31 Oct 25 20:20 UTC | HN request time: 0.816s | source | bottom
Show context
asimops ◴[31 Oct 25 21:30 UTC] No.45776925[source]
While it is technically feasible, it is not a good idea to try and find a technical solution to a people/organisation problem.

Do not accept the premise of assholes.

I hope we can get the EU to fund a truly open Android Fork. Maybe under some organisation similar to NL Labs.

--- edit ---

Furthermore, the need for a trustworthy binary to be auditable to a certain hash or something would make banning this a simple task if Google would want to go that route.

replies(8): >>45777355 #>>45778228 #>>45778511 #>>45779765 #>>45779867 #>>45780458 #>>45780743 #>>45781937 #
1. thaumasiotes ◴[31 Oct 25 22:25 UTC] No.45777355[source]
> I hope we can get the EU to fund a truly open Android Fork.

How are things in the EU on whether it's legal to buy a SIM card without showing ID?

replies(6): >>45777420 #>>45777503 #>>45777776 #>>45778048 #>>45778427 #>>45781940 #
2. jraph ◴[31 Oct 25 22:32 UTC] No.45777420[source]
I'm confused, how are those two things related?
replies(2): >>45777461 #>>45777496 #
3. peterhadlaw ◴[31 Oct 25 22:37 UTC] No.45777461[source]
Nanny state
replies(1): >>45777627 #
4. semolino ◴[31 Oct 25 22:40 UTC] No.45777496[source]
The commenter you replied to was implying that the EU does not respect the privacy/freedom of mobile device users.
replies(1): >>45779780 #
5. remix2000 ◴[31 Oct 25 22:41 UTC] No.45777503[source]
It is neither illegal nor hard to obtain such a prepaid SIM card.
replies(1): >>45777592 #
6. kube-system ◴[31 Oct 25 22:52 UTC] No.45777592[source]
That very much depends on the country, many require ID.
replies(3): >>45777633 #>>45777653 #>>45777726 #
7. vik0 ◴[31 Oct 25 22:56 UTC] No.45777627{3}[source]
More like surveillance state
replies(1): >>45777904 #
8. Kwpolska ◴[31 Oct 25 22:57 UTC] No.45777633{3}[source]
The ID presented at time of purchase does not have to be the ID of the actual user of the card. Your local drunkard will be happy to get $10 to buy a SIM card for you. Or you could visit eBay (or local equivalent) and get a valid SIM card without leaving your house.
replies(4): >>45777648 #>>45777686 #>>45779234 #>>45779963 #
9. kube-system ◴[31 Oct 25 22:59 UTC] No.45777648{4}[source]
The suggestion above wasn’t a statement of practicality but rather of EU motivations. Maybe you can also find a drunkard to fork Android for you.
10. asimops ◴[31 Oct 25 23:00 UTC] No.45777653{3}[source]
Germany requires ID for all SIMs (for "normal" people). You can buy activated SIMs in every bigger city if you know what to look for though.
11. noosphr ◴[31 Oct 25 23:04 UTC] No.45777686{4}[source]
>While it is technically feasible, it is not a good idea to try and find a technical solution to a people/organisation problem.
12. remix2000 ◴[31 Oct 25 23:10 UTC] No.45777726{3}[source]
You can use any country's SIM card in any other country, regardless of its registration status.
replies(1): >>45777847 #
13. asimops ◴[31 Oct 25 23:18 UTC] No.45777776[source]
A secure OS is a prerequisite for secure digital services. We can agree on that, right?

The task, therefore, is to convince enough politicians to establish an independent unit that can address this issue without direct political influence.

Fund the unit with enough money so that it can take care of the cybersecurity and sovereignty of all citizens.

A side effect of this would hopefully be that these politicians would then be digitally literate enough to recognize nonsense such as chat control as such and reject it outright. I hope that most politicians would not really want such omnipotent surveillance tools if they could truly grasp their scope.

replies(2): >>45779660 #>>45780281 #
14. kube-system ◴[31 Oct 25 23:29 UTC] No.45777847{4}[source]
… if you have roaming coverage.

And even in that case, doing this for a long period of time violates most roaming policies

replies(3): >>45777992 #>>45778230 #>>45778515 #
15. ulfw ◴[31 Oct 25 23:38 UTC] No.45777904{4}[source]
Which states aren't? And for the love of god do not write US now
16. pohuing ◴[31 Oct 25 23:52 UTC] No.45777992{5}[source]
There's eu(maybe even EEA?) wide free roaming legally mandated since I think 2017 or so? But it's not a permanent solution, your second paragraph still holds true.
replies(2): >>45778739 #>>45778743 #
17. sigio ◴[01 Nov 25 00:03 UTC] No.45778048[source]
In many EU countries you can walk into many a supermarket or phone-store and just buy a simcard with cash without questions asked.
18. gambiting ◴[01 Nov 25 00:35 UTC] No.45778230{5}[source]
The only thing that happens is your data becomes a lot more expensive, the card still continues to work as normal. I've not lived in Poland for over 15 years now, and I still have a polish SIM card that I use almost daily - the only thing that I've lost due to roaming long term is cheap data packs, I can still call and text as normal from my monthly allowance.
replies(1): >>45778750 #
19. WhyNotHugo ◴[01 Nov 25 01:11 UTC] No.45778427[source]
> How are things in the EU on whether it's legal to buy a SIM card without showing ID?

It varies per country. In some you can just buy one (or more) SIM cards at a supermarket without any ID.

20. qilo ◴[01 Nov 25 01:28 UTC] No.45778515{5}[source]
Even with fair usage policy violations (like long term roaming) the prices are still quite reasonable: 1.30 EUR/GiB (+VAT); from next year 1.10 EUR/GiB (+VAT).

https://en.wikipedia.org/wiki/European_Union_roaming_regulat...

21. ◴[01 Nov 25 02:17 UTC] No.45778739{6}[source]
22. kube-system ◴[01 Nov 25 02:19 UTC] No.45778743{6}[source]
I know of some UK SIMs that do not roam.
replies(2): >>45779226 #>>45780294 #
23. kube-system ◴[01 Nov 25 02:20 UTC] No.45778750{6}[source]
Maybe in the countries that you are familiar with that is the case.

In some places your plan will be cancelled for roaming beyond a certain number of days or quantity of usage. Telecom laws and polices vary widely.

24. scarlehoff ◴[01 Nov 25 04:21 UTC] No.45779226{7}[source]
As far as I know it is only EU. Both UK and Switzerland have some operators that roam and some that do not. fwiw, fastweb in Italy provides roaming in both and has a very generous fair usage policy.
25. logifail ◴[01 Nov 25 04:22 UTC] No.45779234{4}[source]
> The ID presented at time of purchase does not have to be the ID of the actual user of the card

In some EU member states this might be fine, but definitely not all.

> Your local drunkard will be happy to get $10 to buy a SIM card for you.

Buying a SIM card was always the easy bit. Getting it activated may not be, it depends on which country you're in.

https://www.telekom.de/prepaid-aktivierung/en/start

"For the Selfie-Ident you identify yourself with your identity card, passport or residence permit. (Selfie-Ident is currently possible worldwide with the German ID card, residence permit and passport. Alternatively, you can use Video-Ident and identify yourself in a video call with an employee.)

Important: Temporary identification documents are not supported due to internal check. You need a tablet or smartphone with a camera and an internet connection."

replies(1): >>45779518 #
26. econ ◴[01 Nov 25 05:50 UTC] No.45779518{5}[source]
Surely others may use your phone?
replies(1): >>45784876 #
27. IlikeKitties ◴[01 Nov 25 06:33 UTC] No.45779660[source]
I must sadly inform everyone here that the EU is pozzed beyond recovery in regards to Google. The reference implementation for the euid project is only available for android and ios and uses the play integrity api which makes usage of it on non google-certified devices impossible. https://github.com/eu-digital-identity-wallet/eudi-app-andro...
28. jraph ◴[01 Nov 25 07:10 UTC] No.45779780{3}[source]
Okay, thanks.

I was confused bexause anonymity against the state is hardly the only, or even a main point of android forks.

Privacy usually is, but against big tech typically.

29. codedokode ◴[01 Nov 25 08:00 UTC] No.45779963{4}[source]
In my country, giving a SIM card to another person who does something illegal, is a crime. No doubt EU might soon have the same law - they are pretty good at copying.

As a result, sites where I could rent a number for verification, now don't offer local numbers anymore.

30. TeMPOraL ◴[01 Nov 25 09:11 UTC] No.45780281[source]
> A secure OS is a prerequisite for secure digital services. We can agree on that, right?

Secure for who, and from whom?

Remote Attestation and Developer Verification both make Android OS and platform more secure against malicious actors that would want to defeat the guarantees the platform gives, guarantees that enable secure digital services.

Yes, this includes protecting the banking services and DRM media services and advertising platforms from malicious actors like you and me, who pose a real threat to the revenues of the aforementioned players, by:

- Expecting banking to do security right on their own side, instead of outsourcing it to mobile platform and society at large (like with "identity theft" trick);

- Enjoying entertainment and education in ways the vendor or IP owner does not like or can't be arsed to support, and thus not spending extra on the inferior ways that are supported;

- Not looking at the ads.

Same is with Chat Control. Chat Control improves security of the society against threats such as sexual predators who want to hurt children, or citizens who disapprove of how the current ruling class is governing the people. To effectively provide that security, Chat Control in turn relies on a secure OS and platform providing secure digital services - in particular, secure against those malicious actors that would want to circumvent Chat Control protections.

Is the larger picture clear now? Security technologies are not inherently good, they're morally ambivalent. They're "dual-use". It's important to consider their deployment on a case-by-case basis, always asking who is being secured, and what are the actual threats they're being secured from.

replies(2): >>45780328 #>>45780759 #
31. Digit-Al ◴[01 Nov 25 09:16 UTC] No.45780294{7}[source]
That's because we are no longer in the EU. Before Brexit they were legally mandated to allow free roaming in the EU. Now they are back to charging whatever outrageous prices they wish.
32. exe34 ◴[01 Nov 25 09:24 UTC] No.45780328{3}[source]
did you understand and disagree with the third paragraph? if so, could you say in what way it didn't completely answer the question you just asked?
33. immibis ◴[01 Nov 25 11:06 UTC] No.45780759{3}[source]
> Chat Control improves security of the society against threats such as sexual predators who want to hurt children,

no it doesn't. Chat Control is single-use.

replies(1): >>45783372 #
34. supermatt ◴[01 Nov 25 14:35 UTC] No.45781940[source]
There is no such requirement in the EU - it is entirely up to the individual country.
35. TeMPOraL ◴[01 Nov 25 17:12 UTC] No.45783372{4}[source]
It does, to some extent. These projects wouldn't have the support they had if they didn't have a plausible way to deliver some improvement along the metrics they market. It's the outsized harmful impact that's usually just left unspoken.

Also, I'm not saying Chat Control is dual-use, I'm saying crypto is. Chat Control actually needs working crypto to be properly implemented.

36. logifail ◴[01 Nov 25 20:04 UTC] No.45784876{6}[source]
If you're happy to purchase a SIM card, register it in your name, and hand it to someone else for them to use, go right ahead.

Q: Who's paying the bills for that SIM?

replies(1): >>45786483 #
37. econ ◴[01 Nov 25 23:33 UTC] No.45786483{7}[source]
I was referring to this part

> > The ID presented at time of purchase does not have to be the ID of the actual user of the card

>In some EU member states this might be fine, but definitely not all

It seems hard if not impossible to prevent or stop?