• @[email protected]
    link
    fedilink
    English
    91 year ago

    The same host could fake the payload to the attestation server. Cat and mouse game with security through obscurity.

    • @[email protected]
      link
      fedilink
      English
      71 year ago

      If you are on android or ios the phone already cryptografically verifies that the operating system has not been tampered with on a hardware level. Since the operating system is then “trusted” it can verify anything you do on it

      • @[email protected]
        link
        fedilink
        English
        71 year ago

        Doesn’t work. It’s possible to let many banking apps think they are running on a normal device although it is rooted.

        • @[email protected]
          link
          fedilink
          English
          61 year ago

          Yup Play attestation is dead, even the new and shiny “secure” one is bypassed. It’s now just a hinderence.