| ▲ | fenaer a day ago |
| Unfortunately the answer here is to not abide by the law. If there is a reasonable way to bypass this (as the cat-and-mouse game always seems to continue), and there is reasonable expectation to not be caught, then I see no moral quandary with ignoring such a consumer-hostile rule. |
|
| ▲ | ExpertAdvisor01 a day ago | parent | next [-] |
| There won't be a reasonable way to bypass it as it requires a Google authenticated manufacturer to leak the keys or an TEE exploit. All public key boxes are banned and Google regularly bans new ones .
That endpoint contains the list of revoked keyboxes :
https://android.googleapis.com/attestation/status |
| |
| ▲ | fenaer a day ago | parent [-] | | I'm not a security researcher, but I do believe in the ingenuity of others. If all else fails, this kind of law in my own country would lead me to running apps within a virtualised environment (if possible), or a dedicated cheap device in a drawer with my actual device still being mine. | | |
| ▲ | SkiFire13 a day ago | parent [-] | | This kind of checks would prevent you from running the app in virtualized environments too. You'll need the cheap device, assuming it doesn't get too old or its keys get leaked and your device also gets distrusted as a consequence. |
|
|
|
| ▲ | alephnerd a day ago | parent | prev | next [-] |
| > Unfortunately the answer here is to not abide by the law You realize in Viet Nam this means getting a "friendly" visit by the MPS/BCA, and if you continue eventually getting branded as a troublemaker. |
| |
| ▲ | fenaer a day ago | parent [-] | | > [...] and there is reasonable expectation to not be caught [...] Hence my qualifier. I'm not trying to incite anyone into personal danger. |
|
|
| ▲ | TZubiri a day ago | parent | prev [-] |
| I'm assuming you would do this out of a political reason, or as a very technical and privacy aware user. But you are providing an alibi for malicious users who, for example, might try to brute force logins from unidentified devices. That would be one reason aside from the law. You are essentially positioning yourself on the same side as intruders. |
| |
| ▲ | fenaer a day ago | parent | next [-] | | You're claiming that the only legitimate use of rooting is criminal activity, which is not true. Your argument is based on a faulty premise in my eyes. | |
| ▲ | attila-lendvai a day ago | parent | prev | next [-] | | aka guilty until proven innocent. | |
| ▲ | redeeman a day ago | parent | prev [-] | | are you for real? no, its the government telling regular people that simply wants to control their device that THEY are criminals and on same side as intruders. You should personally immediately return any computing device where you have control, this line of reasoning is insane |
|
