Magisk Unmasked - Android rolling out new hardware based checks for root/unlocked devices, unlikely to be bypassed

[RejZoR]

58 minutes ago, Kilrah said:

You don't need USB debugging to flash a boot image, you don't even need the OS running - just start in bootloader and connect USB. That's the whole point.

As far as I remember, if you do anything to the bootloader, the encrypted data partitions become worthless. All you're getting is a new functional phone, not what's on it.

[Kilrah]

That is when you first unlock the bootloader, you're indeed forced to wipe everything.

Once it's unlocked you can do what you want without wiping anything. That's the very reason unlocking bootloader is considered a breach of security.

[jagdtigger]

3 hours ago, Kilrah said:

there's a very legitimate reason

More like there is 0..... This is like an app saying on windows that it cant run because you unlocked the hidden admin account.

[Doobeedoo]

Hmm, I wonder how this will go longer term.

[RejZoR]

1 hour ago, Kilrah said:

That is when you first unlock the bootloader, you're indeed forced to wipe everything.

Once it's unlocked you can do what you want without wiping anything. That's the very reason unlocking bootloader is considered a breach of security.

Because adding "I understand the risk and any breach will be on me" is too hard. Lets just lock it down on Google. If I wanted a god damn lockdown I'd go with Apple. Oh wait, I've done that. Because I was sick and tired of Google's and Android's bullshit. That idea came after I was tired of Google and installed LineageOS 3 times on a phone and got infuriated by stupid apps refusing to work because it was unlocked (not even rooted). So now I'm on iOS with all Google entirely blocked and with total lockdown. At least I got away from stupid Google and I'm fine with it. So much for Android is open and awesome. Bullshit it is, it depends entirely on Google and it gives you even less of actual freedom.

[jagdtigger]

7 minutes ago, RejZoR said:

Because adding "I understand the risk and any breach will be on me" is too hard. Lets just lock it down on Google. If I wanted a god damn lockdown I'd go with Apple. Oh wait, I've done that. Because I was sick and tired of Google's and Android's bullshit. That idea came after I was tired of Google and installed LineageOS 3 times on a phone and got infuriated by stupid apps refusing to work because it was unlocked (not even rooted). So now I'm on iOS with all Google entirely blocked and with total lockdown. At least I got away from stupid Google and I'm fine with it. So much for Android is open and awesome. Bullshit it is, it depends entirely on Google and it gives you even less of actual freedom.

For many of us apple's "lock it down to the point where it is actually negatively impacting usability" is plain irritating making apple's devices non-existent in our eyes.

[RejZoR]

I could easier make a compromise of not having access to NFC than not being able to use banking app entirely if I didn't want to use Google fuckery.

[jagdtigger]

Storing bank account logins on a phone is dumb anyway so thats a non-issue in my case. But i do use the capabilities of the underlying linux kernel(UserLand, etc)

[Salv8 (sam)]

19 hours ago, williamcll said:

Can it be possible to modify the integrity checking software itself to just return a A-OK regardless of the hardware state?

nope, if it gets modified, google can detect it can even revoke the keys that were spoofed.

they don't even need psyical access to your phone to prevent rooting or bootloader unlocking.

i don't use google pay (which is the main reason they are doing this) so it doesn't affect me, it will affect others and may even kill off custom rom's entirely.

this is the biggest blow the custom rom community has had for a very long time, it may be YEARS until they bypass this and even then google probbly would of integrated this crap into android itself by then to make it harder to use a custom rom since it's their proprietary code that they are lending to the ASOP for securitery reasons, custom rom's could remove it but it could break compatibility with apps that rely on it. and if they do keep it, google could use it to detect custom roms and even block play store access.

the only thing that we could do is try and petition google to release their control of android so that it can continue being used around the world without fear of them harming android in ways that force the consumer to use alternatives.

but thats not gonna happen... we may have won many battles over the years, but google won the war.

i'll remember you root... a moment of silence for the many things it has done over the years...

ill miss you...

[jagdtigger]

Seeing how google allows apps that require root access i dont think they are going to prevent rooted devices from accessing the store.  Im almost 100% sure this was done in response to the pressure from the media industry who still delusional about DRM and its effectiveness.....