Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
throwaway39381 8 days ago

> This is a huge problem for banking and music apps that absolutely rely on this capability.

In the case of banking, unlocking the bootloader usually requires a full device reset and leaves a very obvious message when you boot up the phone—you can't grab someone's locked device, root it, and grab their financial data just like that.

As for music apps and other apps that download copyrighted content to the user's device, leaving the moral aspects of stripping the user of control of files on their own device aside, preventing their use on rooted devices just loses them users since

- Those are by no means essential apps

- If you know how to root your phone, you probably know how how to pirate media as well

- People can just use computers to exfiltrate copyrighted media instead since most of those apps have PC versions

It "doesn't make total sense", it never has. It's just a kneejerk reaction that conveniently aligns with stripping the user of control.

gmueckl 8 days ago | parent [-]

The problem with banking isn't rooting itself as an attack vector, but the insecurity and laxk of reliability guarantees of rooted phones so that banks rightfully don't want any liability when something goes wrong with their apps.

fcpk 8 days ago | parent [-]

which is idiotic as you can have things like locked through adb root that only grants you root if you use adb to connect and you need to approve the request to connect on the phone first. This has nothing to do with guarantees but is just a security theater to sound like they are doing something

gmueckl 8 days ago | parent [-]

My argument isn't as much about the tech as it is about managing risk on the bank's side.

Imagine claims like "the XYZ bank app mangled my input and now my money is gone". I'm certain that people have sued for less. How can the bank argue in court that this wasn't their fault? What if the plaintiff demonstrates some actual glaring app misbehavior in court, but the root cause is in a broken third party Android build?

palata 7 days ago | parent [-]

Are they "managing risk" or are they just "doing stuff"? How often does it happen that an alternative Android OS causes issues to banking apps? I have personally never heard of that, and it would be very bad publicity for the OS.

In my experience, because a company does that kind of "risk management" does not mean, at all, that it is a useful thing to do.