Someone with the motivation to install custom firmware would consider the bootsplash aesthetic a deal breaker?

I'm pretty sure I'm against this. I could be convinced otherwise by documentation of significant fraud involving compromised devices (especially Android phones) that would have been stopped by a device attestation scheme.

I should note Google has such an attestation scheme, and there are reliable defeats for it in most situations given root access. Apps have been able to insist on hardware-backed attestation which has not been defeated for some time, but that isn't available for old devices. Almost none do so.

If this had a meaningful impact on fraud, more apps would insist on the hardware-backed option, but that's quite rare. Even Google doesn't; I used Google Pay contactless with LineageOS and root this week. I'm currently convinced it's primarily a corporate power grab; non-Google-approved Android won't be a consumer success if it doesn't run your banking app, and the copyright lobby loves anything that helps DRM.

My bank app refuses to work on LineageOS, but I can use the web interface just fine which has the exact same UI and functionality as the app. In both the native app and the web app I have to authorize any transactions using my national ID, which for me is a hardware token (the app for my national ID also refuses to run). Why is it somehow insecure to initiate this flow from a native app on LineageOS while it is not insecure to do the exact same via a browser on LineageOS? If the app can be compromised, so can the browser - the bank cannot trust all its browser based clients anyway.

The web app has been running with this security model for decades on PCs, and it has been fine. The whole narrative about remote attestation being necessary to protect users is an evil lie in my opinion, but it is an effective lie which has convinced even knowledgeable IT professionals that taking away device ownership from users is somehow justified.

It is the banks fault if they allow non-reversible, weird or large transactions without a secondary authorization capability.

The bank’s bad processes are not an end device fault.

Yeah, nope. All apps have "special security needs" according to their manufacturers. Every app that relies on spying for revenue will use that to disable itself. (Or worse, actively malfunction - e.g. that banking app could switch into a special mode where it does transactions on its own that are not in the interest of the user. If the user has accepted all liability, there isn't much they could do against that)

I'm alright with limiting liability for an unlocked/customized phone (for things that happen from that phone) - but that's a legal/contractual thing. For that to work, it's enough for a judge to understand that the phone was customized at that time - it doesn't require the app to know.

Screw that. I want nearly the opposite. I don't really own my device if apps will look at my ownership flag and refuse to run.

We can talk about the consequences of spyware but definitely not a total liability shift. Also preventing root doesn't prevent spyware.

“constitutional rights”

Words written on toilet paper. Only thing that exists today are “billionaire rights”.

> what's so difficult about flashing a stock image to a device being serviced?

Yes, I think that would cover most cases if we take it to its logical conclusion of wiping all device state (hard disk). OTOH, a few points:

1. I would accept the need to wipe the hard disk if I had messed with firmware or the OS, but not if a couple of keys on the keyboard had stopped working. This implies that (for me at least) a meaningful distinction remains between these two "levels" of warranty service. Do you agree?

2. Activities like overclocking or overvolting a CPU have the potential to cause lasting damage that can't be reversed by re-flashing. Under the policy you're suggesting, it would be illegal for manufacturers to offer users the option "You can pull this pin low to overclock outside the supported range, but you will void the warranty by doing so", and too expensive for them to endlessly replace parts damaged by these activities for free under warranty, so that consumer option, rare as it already is, would go away completely.

3. I still think there may be some devices that are impractical to completely re-flash. According to this 2021 Porsche article [0], modern cars contain 70-100 ECUs (microcontrollers), each of which will have its own flash/EEPROM.

[0]: https://medium.com/next-level-german-engineering/porsche-fut...

> Yes. If I really _want_ to execute malware on my device, I should be allowed to do so by disabling the antivirus or disregarding a warning.

I agree.

> already the rule of law in "sane" jurisdictions, that manufacturer and mandated warranties are not touched by unrelated, reversable modifications to both hard- and software.

Do you have any examples of such jurisdictions? I think whether this is reasonable turns on how "reversible" is interpreted. If it means "reversible to factory settings", including wiping all built-in storage media, then it seems reasonable to me that manufacturers should support this (possibly modulo some extreme cases like cars that have dozens of CPUs). But I would not be happy with having my hard disk wiped if I sent in my laptop for repairs because a couple of keys stopped working, which tells me that (to me) there remain at least two classes of "problem that should be fixed for free under warranty by the manufacturer".