Hacker News new | past | comments | ask | show | jobs | submit login

There is a security threat for the user, only if the user puts application inside its /system/priv-app folder.

If an application is in /system/priv-app, it can do pretty much anything anyway. Worse than that, a threat-model assuming an attacker can write in /system/priv-app, he can most likely write into the whole /system, and replace everything of Android, install Xposed, etc... So I totally agree that if the patch does what it says (I didn't read, but it's possible.), "no security threat is posed to our users".

Though an acceptable reason from LineageOS imo is "this will be used to circumvent protections (read SafetyNet), we don't want that"




Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: