
Pokemon Go, Security, and Obsolescence - psyonix
https://community.rapid7.com/community/metasploit/blog/2016/10/11/pokemon-go-security-and-obsolescence
======
pwnna
Now Niantic's decision to disallow root devices, imo, is pretty regretful, as
serious botters will likely be able to get around that restriction regardless.
This only serves to punish users who are stuck between having a root-enabled
custom ROM or a stock ROM where critical root exploits may exist.

One thing that I observed is that no one seems to be interested in producing a
ROM that is both stable, has a variety of features, do not rely on root, and
supports the device for a long time.

This is a shame really, because root itself breaks the security mechanism for
android and users probably are not fully aware what it means when they grant
applications root.

I personally got around this problem by compiling a build of CyanogenMod
without root enabled, but with things like FDroid (with PrivilegeExtension)
and adblock built-in to the ROM itself (albeit the update mechanism is to
update the ROM it self). This is not a solution for the mass majority of
users.

This problem is pretty difficult to solve and it is pretty deep, much deeper
than what I'm willing to type in a single comment, so I'll stop here.

~~~
djsumdog
I wrote this about Android a while back:

[http://penguindreams.org/blog/android-
fragmentation/](http://penguindreams.org/blog/android-fragmentation/)

The TLDR is that it'd be nice if Android was more like Windows/Intel: install
the OS (i.e. AOSP), drivers (or binary driver package format and an SDK to
auto-build it) and boom you're done. Clean, stock, standard. Same with many
Linux distros on x86/64.

I need to write an update to the article though. Lately I've been struggling
with a Clearfog ARM board, and coupled with Torvald's recent comments on Intel
vs ARM, I wonder if a huge chunk of the problem is ARM itself.

I've noticed for every distro there are really specific images, not just for
each ARM chipset, but for individual boards, even when those manufacture
patches make it into the mainline kernel.

I haven't looked closely at Android and I'm really curious at the build
system/workflow used by things like Cyanogen and Omnirom. Are kernels really
specialized per device? Does the ARM architecture itself make it difficult to
have general purpose kernels that will boot on all of them like in the x86/64
world?

Any ARM hardware people care to chime in?

~~~
exDM69
> Any ARM hardware people care to chime in?

It's not really about the CPU architecture, but the peripherals of the
devices. In the x86 world, the peripherals are governed by the "PC" standard,
which these days is implemented by the chipset on your motherboard. They all
have similar functionality, although you still do need some chipset-specific
drivers in your kernel.

In the ARM world, the landscape is different. There has never been a de facto
standard configuration of an ARM computer like the PC was/is for x86. There
are ARM computers that are more like a micro controller and there are
tablet/mobile devices based on ARM that have a system on chip (SoC) that's got
all the peripherals, including GPUs, network adapters, etc. Every SoC is
pretty different, there's a bunch of devices connected with i2c, spi and other
buses. These are required to control the power and clock management and all
the I/O devices.

ARM (the company) doesn't really design these, they just license ARM (the
architecture) to a SoC manufacturer and call it a day. This leads to a very
diverse and fragmented landscape.

The ARM world has been making strides to reduce the amount of chip-specific
code. One good example is the device-tree configuration which, in theory,
allows running the same kernel binary on different devices. With device-tree,
you pass a config file from the bootloader to the kernel, which contains
configuration (i/o memory maps, etc) of the peripherals (which you'd query
from the hw/firmware in a x86 machine). This is a huge improvement over what
was before it, but there's still a long way to go. And there's still plenty of
older ARM SoCs out there that don't support this.

But yes, it's pretty much a mess. There's a lot of duplicate work that every
ARM SoC manufacturer has to go through. Given that the mobile world is
financed by a planned obsolescence cycle where they expect customers to
upgrade every few years, I find it unlikely that this issue will be solved any
time soon.

~~~
makomk
To be honest, x86 seems to be heading in the same direction these days. It
generally has enough of an emulation of traditional PC architecture for boot
purposes, but look at - for example - how CPU power saving on modern Intel
chips requires the co-operation of stuff like the SATA links, or how
traditional PC interfaces like PS/2 for keyboard/mouse and HD Audio are being
replaced with more embedded-like interfaces such as I2C touchpads and I2S
audio links connected to vendor-specific controllers.

~~~
exDM69
Sure, but it isn't as diverse so you can reasonably expect to boot a mainline
kernel on a PC regardless of your motherboard vendor.

------
nfriedly
I stopped playing Pokemon go when they put out the no-root update. I have
never cheated, I even purchased some coins - I was a paying user. But they
don't seem to want my money, and I'm not going to unroot my phone for a stupid
game. I uninstalled it and ask for a refund. (They haven't granted it yet but
I'm not giving up. I believe I'm in the right here and they owe me a refund
since they've removed the functionality after I paid.)

------
evilDagmar
Yes, Niantic was _very lazy_ in their attempts to stop spoofers and botters.
Rather than write some code to actually look for the few pieces of software
the cheaters are using, they just started invoking Android's SafetyNet.
Notably, very little was accomplished.

The problem? SafetyNet does not care about game spoofers/cheaters. That's
literally not what it was designed to do. Pokemon Go does not represent
"planned obsolescence". It represents Niantic being too damn lazy to search an
array result for "Xposed" and instead invoking something that will make it
look like they expended some effort.

It takes about five minutes to make a stock CyanogenMod device "compatible"
with SafetyNet. All you have to do is rename two files, specifically
/system/xbin/su and /system/bin/su. Boot into recovery (TWRP or whatever you
have), and start a terminal from there (where you are as "root" as root gets,
and this will always be so) and type `mount /system` to start. Next, rename
those two files. Lastly unmount /system and boot normally. SafetyNet will be
happy, which means Pokemon Go and Android Pay will also be happy. If you want
"root access" back on your phone, all you have to do is go back into recovery
and rename those two files back to what they were.

------
pja
You can unroot CyanogenMod running on the Nexus 4 & Pokemon Go will run just
fine. You have to give the SuperSU app root privileges in order to unroot
ironically, but it works just fine & you can always root your system from the
bootloader in the future if it turns out that you need root for some reason.

There’s an app in the Play Store that runs the tests the Google library that
Niantic is using to check whether a phone is rooted or not (it’s the same
tests used by the Google Pay infrastructure IIRC).

~~~
brbsix
This is the app I've used in the past:
[https://play.google.com/store/apps/details?id=com.scottyab.s...](https://play.google.com/store/apps/details?id=com.scottyab.safetynet.sample)

Also I was under the impression that SafetyNet would only pass on stock ROMs
(to include official CyanogenMod builds lacking root). Is that not true? Will
it also pass on any custom ROM lacking root?

Edit: According to [http://androiding.how/use-android-pay-
cm14-cm13/](http://androiding.how/use-android-pay-cm14-cm13/), SafetyNet (the
tamper detection API in use by Android Pay and Pokemon Go) will only pass on
official stable (non-nightly) releases of CM13/CM14 that have root disabled in
the Developer options. It will not pass on debug releases of firmwares/ROMs,
including Android 7.0 Nougat based CM14 and Android 6.0 Marshmallow based CM13
ROMs.

~~~
delroth
The SafetyNet API returns multiple booleans. The stricter version of the
detection enforces that the system is an Android CTS-compliant device, but
there are several levels below that. Apps using SafetyNet can decide how much
they enforce. Unfortunately this testing app you linked doesn't seem to
surface this at all and only shows the highest level (CTS).

------
raimue
After all, the root blocking in Pokémon Go is pretty weak. All I had to do was
to rename/move the 'su' binary and then it worked again.

~~~
puddintane
This did not work for every user - for example my buddy bought an Asus Zenfone
2 (ZE551ML) specifically to play this game. I warned him not to buy from a
China seller but he proceeded because he was finding guides that told him it
was a great phone for the game - he literally bought this phone to play this
game.

I attempted to remove root however this has now forced the phone to be stuck
on Edge network (he can play but now only on WiFi :/) I have attempted to re-
flash the physical ROM's (as well as the recovery matching those ROMs) from
ASUS (successfully) and it still is stuck on edge. I've contacted his phone
company (T-mobile) - insured the proper bands were being requested, 5x checked
the APN settings and yet the phone still doesn't want to connect past edge.
Here is the kicker, I scan for nearby cellular networks and T-Mobile (LTE)
shows up, the phone registers, yet still won't obtain the connection.

Honestly that issue is probably due to some other restriction but it shows the
frustration some users have had to deal with because of this move.

I even tried re-rooting the phone just to get his network back because he'd
rather have his phone than Pokemon GO yet the phone had something special done
to it to allow the network to work under root.

No one should have to go to those extremes especially when they aren't
cheating and they are a paying customer.

In all honesty I don't believe the ban on root was done to deter hacking - my
belief is that it was done because on average users only root because they
want paid apps for free (a lot claim it's to tweak the UI and remove
bloatware, but as more and more phone's get released we are starting to see
this less and less of a requirement). While many rooted players (due to pre-
rooting) are actually paying customers it still doesn't outweigh the paying
customers who are not rooted and therefore it was more then likely a move to
remove users who are less likely to put money into the game.

Every move they have done really reflects that they only want more money with
the least amount of work and that is why I only keep the game installed to
keep my 1 star reviewed from being weighted down due to being a review for an
older version.

One of the big guys who is involved in creating a usable tracking system via a
third-party map has made a wonderful statement about the many failures of
Niantic [1]. From unnecessary obfuscation that only slows down older models,
to banning the devices that aren't the reason cheating is happening, to not
creating a good way to achieve feedback (apart from "critical errors" which is
built into the app - maybe I should start complaining about the critical
"Niantic" bug and that it needs to be fixed ASAP, but complaining won't really
get anywhere if the company isn't listening to those problems) Niantic truly
is on a path to destruction and I hope Nintendo doesn't let this amazing idea
die if Niantic falls.

It really doesn't make sense to why they are making these decisions. The
developers should know that banning rooted devices won't deter hackers - in
fact I would have to say it's grown a few hackers/cheaters due to the
frustration of dealing with lack of communication and oddly made decisions.

[1]
[http://www.twitlonger.com/show/n_1sp6pkg](http://www.twitlonger.com/show/n_1sp6pkg)

~~~
dylz
isn't zenfone a non-ARM device too?

~~~
puddintane
Yes Intel based chip I believe

------
brbsix
It should be pretty easy to get around this by using Magisk[0] systemless
root, is it not? Magisk is able to pass Google's SafetyNet tamper detection
API which IIRC is what Pokemon Go uses to detect root. Works for Android Pay
at least, which also prevents use of the app on rooted devices.

[0]: [http://forum.xda-developers.com/apps/magisk/official-
magisk-...](http://forum.xda-developers.com/apps/magisk/official-
magisk-v7-universal-systemless-t3473445)

------
nradov
I find it both hilarious and disappointing how much effort is going into an
escalating arms race between video game cheaters and cheat detection.
Considering that the players can't even win anything of real value. I think
future archaeologists will see this whole thing as a bizarre ritual and
struggle to understand what was really going on.

"A strange game. The only winning move is not to play. How about a nice game
of chess?"

~~~
FilterSweep
It is a relevant quote, but both the cheaters and the developers tasked to
combating the cheaters both learn a great deal in the process. That, I feel is
the true value-added.

The real value is knowledge gained. And I've seen some pretty crafty solutions
created.

~~~
nradov
To what end? This is ultimately nothing more than a bunch of little kids
playing cops and robbers. There's nothing wrong with playing the game, but
let's not pretend that it actually counts for anything.

~~~
evilDagmar
This is literally how the chaos of EFNet in the 90's gave rise to a whole slew
of new security methods and techniques, not to mention bug fixes.

Just be glad this fight isn't happening over human organs or oil rights or
something.

------
minimaxir
See also, a comment from a Pokémon GO map developer on the latest API
changes/rootblocking:
[http://www.twitlonger.com/show/n_1sp6pkg](http://www.twitlonger.com/show/n_1sp6pkg)

------
curiousgal
Surprised people are still playing Pokemon Go. Niantic made all the wrong
moves.

~~~
Kiro
How so? I play Pokémon Go and can't think of a single thing they've done that
has spoiled the experience for me. Neither can my friends. We love the game as
it is. Bear in mind we are casual players, like most are.

~~~
curiousgal
Granted it's not the most representive sample but a glance through
[https://www.reddit.com/r/pokemongo](https://www.reddit.com/r/pokemongo) shows
that the majority of people are complaining.

I live by a park where there are 3 Pokestops and a Gym and it used to be
mildly crowded, now it's empty. It's obvious that the game has died down and
it all can be traced back to when Niantic broke the tracking system and
proceeded to go after Maps.

Every "anti-cheat" measure they introduced (Detecting movement speed and root)
netted a large number of false positives and they refuse to listen to their
active and vocal community.

Not to mention the inherently broken Gym battle system where anyone can take
over a Gym even if _you_ were the one to beat the Gym owners. That was the one
aspect I found too frustrating.

~~~
Kiro
I wouldn't say that the vocal minority of reddit is representative of the
player base in large but I see your point.

And yes, I've noticed the same thing. However, I don't think anyone thought it
would continue like the crazy early days forever, where every other person you
saw played. Just because that extreme hype died down doesn't mean no-one is
playing.

I don't agree that it's due to the actions of Niantic though. I think it's
just a natural fade of the hype. It would be completely insane if the player
percentage had continued at that level until now. Even if they did all the
right things I think the fade would have been inevitable.

------
Kenji
When I have a choice between Pokemon Go or root, I choose root every single
time. I loathe Niantic for this stupid decision. The equivalent would be if
Riot decided that League of Legends can only be played on PCs with a guest
account and not an admin account. Completely pointless and dumb. I can't
believe I bought some stuff in the Pokemon Go store, I want a refund. They
robbed me, a legitimate and paying customer, of the ability to play the game
on my device. This borders on fraud.

This practice needs to be stopped. There needs to be a simple app that can be
installed that completely shields from, blocks and stumps this fascist SDK
that detects root. And every custom ROM should have it installed by default.
The problem is obviously bigger than Niantic. The problem is that people think
we shouldn't fully own our phones and that such a mindset is acceptable.

~~~
puddintane
There is it's called Magisk (it's not as simple as installing but it does
exist!)

~~~
Kenji
I know about Magisk and it's a hassle. Not worth doing for pokemon go.

------
nayuki
This story hits close to home - I have the exact same problem as the blogger.
I own a Nexus 4, run the latest CyanogenMod 13, played Pokémon GO for a while,
and was blocked in the September update. I never used the root features of my
phone, and tried some attempts to remove the root without success. Shame on
Niantic for being so heavy-handed on its users.

------
shadowmint
For all I want a good tracker, and the sympathy I have for friends I have with
rooted devices who can no longer play...

Niantic is not beholden to anyone to release anything, add any features, or do
anything.

Its their game.

If you don't like it, either a) don't play, or b) make something better.

It's a testament to the compellingness of the AR game genre, and the brand
recognition that Pokemon has they so many people are willing to put so much
time and effort into the game _despite_ how primitive it is.

People calling for an open API are fooling themselves. Why on earth would they
give away the keys to the kingdom?

Hacking the protocol and the cheaters created this situation.

They have only themselves to blame for it. Cry. Me. A. River.

You might say that serious cheaters can bypass the restrictions / measures,
but clearly from the fuss (and that fastpokemap is still down), its doing the
intended job pretty much spot on.

Realistically, nothing is going to change, unless someone starts offering a
compelling alternative to drive innovation.

~~~
minitech
> Hacking the protocol and the cheaters created this situation.

> They have only themselves to blame for it. Cry. Me. A. River.

What does this have to do with the article, written by someone who didn’t
cheat?

> If you don't like it, either a) don't play, or b) make something better.

Yes, everyone affected by this is rather forced to pick (a). Occasionally,
they may write articles. If you don’t like them, a) don’t read them.

~~~
shadowmint
The article is basically saying that because of Niantic, we have to choose to
compromise between security and pragmatism of using apps.

    
    
        The choice between running the software you want, like Pokemon Go, and the quick road
        to obsolete devices in the Android ecosystem, at best forces users to make a choice 
        between security and functionality.
    

I think it's pretty obvious from the comments in here that there's plenty of
blame being poured on Niantic for whats happening.

I'm just pointing out that the root cause and people who should be shouldering
the blame here aren't necessarily Niantic... but more importantly, whinging
about it won't change anything.

------
Fiahil
After Niantic's move to "encrypt" API calls (which was broken a few days
after, btw), I'm not surprised they would arbitrarily block some devices based
on phony explanations.

Bear in mind, bots have little to no effects on the game itself because you
have little to no virtual interactions with other players. It's not like you
were able to trade Pokémons you caught with someone else.

~~~
rsheridan6
You do interact with other players via gym battles, and if gyms are dominated
by cheaters it ruins the game for everyone else.

~~~
slavik81
It is a problem that cheaters will fill gyms with ridiculously strong pokémon.
Unfortunately, if you started playing significantly after release, even legit
players are so much stronger that the game experience is the same. Alas, the
underlying problem is bad game design.

------
rotub
[https://www.instagram.com/p/BLm2lNxgXco/](https://www.instagram.com/p/BLm2lNxgXco/)

