Conversation

I advocate

to restrict hardware-backed SafetyNet evaluation to "real" security sensitive apps. Developers should go through an application process to qualify this level of API access. It is ridiculous for McDonalds to refuse to run on a bootloader unlocked device.

184

812

Replying to

and

but you can lock your bootloader again after flashing a custom ROM, right? Then you'll keep both security and freedom

Replying to

and

Only devices with seriously f*cked bootloaders support that, and it can cause many problems

Replying to

It works well and doesn't cause problems. Locking the bootloader to enable verified boot and attestation for alternate operating systems is fully supported by the specification. Pixel phones are among those implementing full support for alternate OSes. Most phones skip doing it.

Replying to

There's nothing preventing an aftermarket operating system from fully supporting the modern A/B update system, the hardware-backed keystore, verified boot and other robustness/security features. Can do things at least as well as the stock OS. Nothing forces it to always be a toy.

10:02 PM · Jun 29, 2020Twitter Web App

Replying to

Unlike SafetyNet, the underlying hardware-based attestation system fully supports other operating systems. See attestation.app/about for an example of using it for users rather than against them. What apps should really do is avoid a hard dependency on Google Play Services.

attestation.app

Auditor overview

Overview of the Auditor Android app and associated service.

Replying to

Depending on Google Play Services or hacked together, incomplete reimplementations of it like microG is the real issue. SafetyNet is just one aspect of that. We were talking about and adopting hardware-based attestation years before SafetyNet used it. It was added in Android 7.

Show replies