Many people use LineageOS and GraphineOS for security, privacy, and features that base Android simply doesn’t ship.
Bit hyperbolic, don’t you think? Rooted/Custom ROM users are so tiny, and they typically use security vulnerabilities to obtain root access. It’s not exactly surprising that Google closes those vulnerabilities when it can.
kittenzrulz123@lemmy.blahaj.zone 6 days ago
Zwuzelmaus@feddit.org 6 days ago
Or is it rather your definition of security or vulnerability that is questionable.
0x0@infosec.pub 6 days ago
The fuck did you just call me? Ill have you know im actually HUGE
Zak@lemmy.world 6 days ago
Many devices, including Google’s own Pixel devices have user-unlockable bootloaders. No security vulnerabilities are involved in the process of gaining root access or installing a third-party Android distribution on those devices.
What’s going on here isn’t patching a vulnerability, but tightening remote attestation, a means by which a device can prove to a third party app that it is not modified. They’re selling it as “integrity” or proof that a device is “genuine”, but I see it as an invasion of user privacy.
Sure they can. They’re in a much stronger position to dictate terms to app developers than they were in 2010 when it was not yet clear there would be an Android/iOS duopoly.
They don’t want to though, because their remote attestation scheme means they can force OEMs to only bundle Google-approved Android builds that steer people to use Google services that make money for Google, and charge those OEMs licensing fees. A phone that doesn’t pass attestation isn’t commercially viable because enough important apps (often banking apps) use it.
Appoxo@lemmy.dbzer0.com 6 days ago
Unlocked bootloader ≠ Root access.
Zak@lemmy.world 6 days ago
Correct, but it is necessary to unlock the bootloader to gain root access.