Google said the inspiration for the original Web Integrity project was Android’s Play Integrity API, which already scans your phone for root privileges and denies access to things
That is just standard and a completely sensible security measure for preventing people from tampering with an application. It cannot replace proper, server-side security measures but is a big step. Especially for stuff like banking applications.
The problem with root is that banking applications and many others straight up actively try to detect it and refuse to work if you are rooted. Android is in the process of being completely locked down.
Last I rooted there were also workarounds, but they didn’t always work, relying on the workarounds being updated to fight ever more advanced detection methods. It was a cat and mouse chase. And I need to be able to send money reliably, unfortunately.
What’s the workaround for apps detecting usb debuging or other user apps on your device? I’m not rooted, but use shizuku and WiFi adb for certain features on my android.
As someone who uses root (not at the moment but plans to) as I believe in owning my devices, fully, this is horrible. We still need to oppose this.
I know right? The article touches on this:
^^^ this should have never, ever been a thing!
That is just standard and a completely sensible security measure for preventing people from tampering with an application. It cannot replace proper, server-side security measures but is a big step. Especially for stuff like banking applications.
I never really understood that:
If I’m using my browser to do banking via the website, Having root privileges and tampering with the Browser running the applications is not an issue.
If i use the banking app, Having root privileges suddenly become a problem.
–> To me, it doesn’t look like the problem is technical, but that users are accepting things on mobile that they wouldn’t accept on a PC.
The problem with root is that banking applications and many others straight up actively try to detect it and refuse to work if you are rooted. Android is in the process of being completely locked down.
Not just root. Some even detect if you have usb debugging enabled and warn or refuse to work unless you turn that off.
I’ve had video games refuse to play because of that. Ridiculous.
There are many workarounds. It never really is an issue anymore
Last I rooted there were also workarounds, but they didn’t always work, relying on the workarounds being updated to fight ever more advanced detection methods. It was a cat and mouse chase. And I need to be able to send money reliably, unfortunately.
Apps I use work fine with vanilla magisk. If there are apps detecting root even after enabling zygisk, use magisk delta and enable magisk hide
What’s the workaround for apps detecting usb debuging or other user apps on your device? I’m not rooted, but use shizuku and WiFi adb for certain features on my android.
Was not aware that some apps detect USB debugging and deny access
The biggest continuing issue is NFCs, which will require people to accept that non-stock OSes are perfectly fine.