| ▲ | Avamander 5 hours ago | |||||||
Once SafetyNet was brought to Android a decade ago the tendency has been clear - these freedoms are going to be restricted heavily. Because how do you make sure it's the user who does those modifications, willingly and well-informed? That it's not a malicious actor, not an user getting socially engineered or phished? Incredibly difficult compared to the current alternative. If it's not a software root of trust that provides an attestable environment like Android or iOS. It's going to be a hardware root of trust that provides an attestable hardware environment, like SGX. I can predict no other practical avenue taken. Unless the orangutan really forces a demonstration on how untrustworthy these environments can be and a lot of money and effort is spent. | ||||||||
| ▲ | lvass 4 hours ago | parent | next [-] | |||||||
You can maybe, trust the user to handle it's own certificate in their own devices? Though I admit requiring attestation is probably a good default. | ||||||||
| ||||||||
| ▲ | 649028763 4 hours ago | parent | prev [-] | |||||||
[dead] | ||||||||