The discussion I stumbled upon, about this SSH app for Android, is really worrying. Will Google really manage to make it impossible to root your phone?
But there’s more to this, it’s more complicated. In the Big Picture, Google has every incentive to make these changes — they lead to more security, and they’re aligned with Google’s corporate goals as well.
- When talking to users, Google will emphasize control over hackers.
- When talking to stockholders, Google will emphasize control over users.
Edit: I disagree with “they lead to more security”. That’s not “security”, let’s not turn words upside-down.
You must log in or register to comment.
Will Google really manage to make it impossible to root your phone?
Google has managed this years ago, but it’s optional. There was a fairly short timeframe when most phone makers enforced it, but now most allow power users to disable the security and root their phones. But usually they will disable some security-sensitive features like Samsung Knox. And many security-sensitive apps like banking apps will not let you run them anymore (if yours does, great for you, but that also means your bank’s security is shit, just FYI).
A banking app allowing itself to run on rooted devices isn’t a security issue.
That’s right. And if there is, the issue is the bank, not your phone. Rule number 1 in security is never trust the client.
deleted by creator
No they’re making it more secure to protect mainstream users, who are the bulk of Android users, at the cost of niche apps.
If android were GPL 3 the users would be protected from “tivoization” aka locked hardware. Too bad Google don’t want that happen
Thankfully GraphenOS and others are maturing very well and will be a good replacement to googles BS. Hopefully they can keep custom versions alive that will support the apps you want
The linked article — and others — explain that in Android 10+, (a) executable binaries can no longer reside in a read/write directory, and (b) access to /sdcard will go away. Simply put, these changes destroy my application’s ability to function, and that of Termux as well.
That sounds like proper security to me? Inability to access the user’s storage is a bit lame, but they’ve been moving to nicer APIs for that anyway.
Android is a mobile phone OS, not desktop / embedded Linux.
That sounds like proper security to me?
For casual consumers, I guess. But for power users being able to download, modify, and execute code is core functionality. Shit doesn’t work without it.
