• LiveLM
    link
    fedilink
    English
    arrow-up
    45
    ·
    edit-2
    1 year ago

    I know right? The article touches on this:

    Google said the inspiration for the original Web Integrity project was Android’s Play Integrity API, which already scans your phone for root privileges and denies access to things

    ^^^ this should have never, ever been a thing!

    • 0xD@infosec.pub
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      6
      ·
      1 year ago

      That is just standard and a completely sensible security measure for preventing people from tampering with an application. It cannot replace proper, server-side security measures but is a big step. Especially for stuff like banking applications.

      • BaldDude@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        9
        ·
        edit-2
        1 year ago

        I never really understood that:

        If I’m using my browser to do banking via the website, Having root privileges and tampering with the Browser running the applications is not an issue.

        If i use the banking app, Having root privileges suddenly become a problem.

        –> To me, it doesn’t look like the problem is technical, but that users are accepting things on mobile that they wouldn’t accept on a PC.