|
| ▲ | rjh29 3 days ago | parent | next [-] |
| It seems that won't affect Play Integrity for now. But I wonder if we'll eventually see rooted (GrapheneOS etc.) phones installing patches to banking apps to fool them into thinking they're legit. Hacked Nintendo Switches already do something similar. |
| |
| ▲ | dns_snek 2 days ago | parent | next [-] | | In case there's a misunderstanding, GrapheneOS doesn't provide root access, and fooling apps won't be possible as the platform keeps moving towards stronger hardware attestation. However banks can use the hardware attestation API instead of Play Integrity API to allow alternative distributions like GrapheneOS [1]. All of my financial apps happen to work on GrapheneOS. [1] https://grapheneos.org/articles/attestation-compatibility-gu... | | |
| ▲ | rjh29 2 days ago | parent [-] | | Thanks, I was confused. I thought you needed to root the phone to install GrapheneOS, but it seems you only need to unlock the bootloader. |
| |
| ▲ | 05 3 days ago | parent | prev [-] | | That's available right now as Frida plugins etc. The problem is that remote attestation is done on the server and bank backend API would be able to call Google Play API to check the attestation and deny access. Nothing you can patch on the app side could change that. |
|
|
| ▲ | buildfocus 3 days ago | parent | prev | next [-] |
| That's not true - you can enable developer mode and install apps via ADB without affecting Play Integrity for other apps on your device. You can test this today. Play Integrity is focused on checking the OS is original and the runtime environment of the app (your banking app in this case) isn't being messed with. Installing other apps as a developer isn't related to that. If you're not flashing a custom OS or modifying your bank's APK you'll be fine. (You _should_ be able to use custom OSs and Play Integrity is awful, to be clear - but not because of anything directly relate to normal app development & sideloading) |
| |
| ▲ | bdd8f1df777b 2 days ago | parent [-] | | You are describing the status quo rather than what the Google has said they will do in the future. |
|
|
| ▲ | eclipxe 3 days ago | parent | prev | next [-] |
| That's not true. Enabling developer options or installing via ADB won't impact Play Integrity |
|
| ▲ | malkia 3 days ago | parent | prev [-] |
| I somehow wish both things we working - as in "sandboxed" / "isolate" one from another (if that makes any sense). So I can install my F-Droid on one of the partition, and actual personal stuff on the other. Bit like my Chromebook with Crostini. |
| |
| ▲ | moondev 2 days ago | parent | next [-] | | In the newest android there is now an option to enable a "Linux development environment" AKA crostini for Android. It works the same way, there is a Linux terminal application that runs Debian inside a VM. They recently added a button to launch a display window. This then functions as your "monitor" and applications you launch that provide a GUI display there. Still experimenting with it not clear if you can launch android inside that with waydroid or similar | | |
| ▲ | vrighter 2 days ago | parent [-] | | The terminal has a nasty bug where sometimes it starts typing a bunch of stuff with each keypress. The only way to fix it that i found is to close the terminal, which isn't much of a fix |
| |
| ▲ | eclipxe 3 days ago | parent | prev [-] | | You can. Install a work profile on the device (You can use a third party app like Island) to do this. Then you can install apps into their own sandbox. | | |
| ▲ | malkia 2 days ago | parent [-] | | I do have work profile, and used it in the past, but as soon as you really want to use it as work profile, then some admin program would like to take over your phone, and not just your work profile - so no "dev mode", etc. (Or maybe I have old info... not sure). But good suggestion to try this again! |
|
|
