10 comments

[ 3.3 ms ] story [ 41.5 ms ] thread
It’s all great unless (until?) they use the security as an excuse to prohibit side-loading and lock every piece of content with DRM.
There is zero evidence that this is happening.
Android's SafetyNet API already prevents devices with unlocked bootloaders from accessing certain apps, including some games and financial apps, although there is a way to bypass this check. A future update (hardware attestation for SafetyNet) is expected to remove this workaround:

https://www.xda-developers.com/safetynet-hardware-attestatio...

https://www.xda-developers.com/safetynet-hardware-attestatio...

Not because Android is prohibiting all sideloading or trying to force DRM on everything.

This is because the app developers don't want their apps running on rooted devices.

If you want your app to be sideloaded or to run on rooted devices, and your app isn't obvious malware, Android allows that.

If you really want to raise the bar for security on your Pixel phone, check out https://grapheneos.org/
Even if you'll never touch a phone with a Google logo, Daniel does such an excellent job at explaining applied (in)security information that the website is worth every second you spend there.
Security's great until it starts being used to secure the device against its owner.
Have you heard of GrapheneOS.org?
From the article:

> Threats: Physical Access -> Mitigations: Protected Storage - Secure storage (that is, encryption of data-at-rest) for data contained on the device

From https://securephones.io/main.pdf

> An attacker who can logically gain access to the memory of a device following boot and first unlock can directly access encrypted data and keys.

To (over?) simplify things: If you have already unlocked your phone at least once, even if it is currently locked (which is probably >99% of the time) your phones data is not protected as these repeated statements of "your data is encrypted at rest!" imply.

Funny, I don't have root access on my pixel to block ad traffic to Google servers.