Those apps are choosing to depend on Play Services and use SafetyNet attestation to verify that it's a certified release without tampering. The issue is ultimately apps choosing to do that not Google improving SafetyNet attestation to make it less trivial for attackers to bypass.
Conversation
Users should hav the option to choose what to do with their devices, which apps / processes should have what privileges. Taking this decision from the users is not a solution. #FreeTheSandbox
1
1
Do you want to take away the ability for users to use hardware-based security apps like Auditor?
attestation.app/about
Users should choose to avoid apps implementing DRM rather than taking away an important hardware-based security feature for protecting users and devices.
2
Letting users have the option to grant special privileges to specific apps or processes doesn't mean that the device is compromised or cannot use together with Auditor
1
Auditor can only support OSes leaving the security model for attestation and verified boot intact. If there's a way to grant root access to the application layer, that's not compatible with the security model. Verified boot accomplishes little if persistence as root is supported.
1
Granting the ability to tamper with the core operating system and other applications breaks the security model for verified boot. There has to be a verified core OS not trusting the persistent state (including applications and their permissions) for the security model to work.
1
The hardware-based attestation provides basic information on verified boot state, patch level, etc. The hardware-based attestation feature supports chaining trust through the OS to the app and for that to be meaningful it has to protect Auditor from tampering by other apps, etc.
1
The foundation of Auditor is that an attacker can't fake the hardware-based attestation information without exploiting the bootloader or secure element (or the TEE on lesser devices). OS level checks are given meaning by the hardware-based portion providing the patch level.
1
An attacker can fake OS level checks by temporarily exploiting the OS, but they need to exploit it on each boot and they can't just hold back OS updates without risking detection via patch level from hardware. Auditor is a supplement to verified boot addressing some weaknesses.
1
I'd be interested in your point of view regarding security on a PC where a user can access any sensible service using a web browser. Most PC can be hacked easily locally or even remotely. How does this compare to the security in a mobile OS?
1
Mobile OS security is drastically stronger, assuming that you're talking about up-to-date iOS or AOSP without the security model and mitigations screwed up. There's not even much of a comparison to make with traditional desktop operating systems which barely have security at all.
I see different things mate. Mobile is full of remote, zero clicks, attacks. PCs usually require interaction. Mobile may be a bit harder but the expanded attack vectors compensate for it. And BTW: Secure boot on iOS will show "yes" even when the boot was tampered with ✌️
1
> Mobile is full of remote, zero clicks, attacks. PCs usually require interaction. Mobile may be a bit harder but the expanded attack vectors compensate for it.
You're making some very extraordinary claims without backing them up with any evidence and it doesn't match reality.
1
1
Show replies