*blink* I don't get it. let's say we have a banking app. let's also say we have a vendor kernel that provides a "run under uid X" or even…
-
-
Replying to @whitequark @CopperheadOS
just "run in priv mode" primitive. this lets me capture/emulate user input & intercept 2FA, and transfer all money out. what am I missing?
1 reply 0 retweets 1 like -
Replying to @whitequark @CopperheadOS
I see how remote attestation is useful for e.g. DRM, but not for banking.
1 reply 0 retweets 0 likes -
Replying to @whitequark
It's to make fraud more expensive, not impossible. A cat and mouse game with attackers where they are sometimes on top is a win for them.
2 replies 0 retweets 0 likes -
Replying to @CopperheadOS
so remote attestation here is used as just another mitigation, gotcha. seems to ultimately do more harm to users but I see why they'd do it
2 replies 0 retweets 0 likes -
Replying to @whitequark @CopperheadOS
It makes sense why bad app vendors want it. Not why Google chooses to pander to malicious apps & throw their users under bus.
1 reply 0 retweets 0 likes -
Replying to @RichFelker @whitequark
App vendors were already rolling their own garbage like this, and they were fighting against locking down the app sandbox.
2 replies 0 retweets 0 likes -
Replying to @CopperheadOS @whitequark
Yeah but platform could just shut down their channels & ban them from Play too.
1 reply 0 retweets 0 likes -
Replying to @RichFelker @whitequark
They aren't going to fight against those vendors, particularly since Google in many cases has the same kinds of interests as those vendors.
1 reply 0 retweets 0 likes -
They get a 30% cut from Play Store revenue. They don't want piracy, and they definitely don't want ad fraud breaking their ad revenue.
2 replies 0 retweets 0 likes
Does nothing vs piracy for offline games etc. Only works when linked to a service you need.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.