A theoretical way to circumvent Android developer verification

(enaix.github.io)

194 points sleirsgoevy | 2 comments | 31 Oct 25 20:20 UTC | HN request time: 0.001s | source

Show context

asimops ◴[31 Oct 25 21:30 UTC] No.45776925[source]▶

While it is technically feasible, it is not a good idea to try and find a technical solution to a people/organisation problem.

Do not accept the premise of assholes.

I hope we can get the EU to fund a truly open Android Fork. Maybe under some organisation similar to NL Labs.

--- edit ---

Furthermore, the need for a trustworthy binary to be auditable to a certain hash or something would make banning this a simple task if Google would want to go that route.

replies(8): >>45777355 #>>45778228 #>>45778511 #>>45779765 #>>45779867 #>>45780458 #>>45780743 #>>45781937 #

singpolyma3 ◴[01 Nov 25 00:35 UTC] No.45778228[source]▶

>>45776925 #

What's wrong with lineage?

replies(3): >>45778633 #>>45779667 #>>45781332 #

IlikeKitties ◴[01 Nov 25 06:34 UTC] No.45779667[source]▶

>>45778228 #

It's not a good, secure project by a longshot. There's a good comparison floating around:

https://images.squarespace-cdn.com/content/v1/60f1421e1afcf4...

replies(1): >>45779785 #

AnthonyMouse ◴[01 Nov 25 07:11 UTC] No.45779785[source]▶

>>45779667 #

That looks like someone made a list of mostly features specific to GrapheneOS so they could make a chart where all of the other alternatives (including stock Android) are full of red boxes.

Several of those are the opposite of security features, like SafetyNet support, which might be a convenience in some cases but it mostly makes it so you can't upgrade certain parts of the system to newer versions even when the old versions have security vulnerabilities.

replies(2): >>45779891 #>>45782945 #

1. IlikeKitties ◴[01 Nov 25 07:42 UTC] No.45779891[source]▶

>>45779785 #

>That looks like someone made a list of mostly features specific to GrapheneOS so they could make a chart where all of the other alternatives (including stock Android) are full of red boxes.

No one else even bothered to make a list.

>Several of those are the opposite of security features, like SafetyNet support, which might be a convenience in some cases but it mostly makes it so you can't upgrade certain parts of the system to newer versions even when the old versions have security vulnerabilities.

Citation needed

replies(1): >>45780110 #

2. AnthonyMouse ◴[01 Nov 25 08:34 UTC] No.45780110[source]▶

>>45779891 (TP) #

> No one else even bothered to make a list.

That doesn't make the biased list good.

> Citation needed

Are you not aware of what SafetyNet is? It's the thing where Google certifies that the phone is running the software produced for it by the OEM. The problem, of course, being that the OEM stops issuing updates and then the certified version has known vulnerabilities. Which is a lot of the point of wanting to install a newer ROM on such a device, except that then it won't pass SafetyNet because you replaced the vulnerable but certified code with third party code that has the patch but not the certification.

↑