Hacker News new | past | comments | ask | show | jobs | submit login

Calling DRM "security" is bullshit and should be called out every time. It's not extra security for the user, it's security for someone else's revenue stream.



What are you talking about?

The comment above has to do with package signing, which is a security feature. It prevents malicious software from replacing legitimate programs on your device (e.g. a malicious "messages" app cannot overwrite the legit "messages" app you installed). It doesn't have anything to do with DRM.


Basically, Google built important Android OS APIs into proprietary libraries that check that the API-implementing library is signed by Google. This is done for DRM purposes to prevent users from using alternate services and to give Google leverage over manufacturers that use the "open" Android OS. It does not benefit users or provide them any extra security.


The package signing is only circumventable if you already have write access to /system.

That's all the μG team is asking for: If you already have write access to the entire system, at least provide a simple API to circumvent the signatures.




Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: