Android isn't really open. In order to have a "certified" device you need to remove user control. For example users by default aren't even allowed to access app's "private" data. That was enough to get me to move to something where I am in control.
But if you move away from a "certified" ROM then you start to fail SafetyNet (or its successors) and many apps will refuse to work. Those apps want to make sure that the user isn't in control of their devices, they want to make sure Google or a "trusted party" is.
They say this is to ensure the security of your device that logs into your bank or whatever, but I guarantee that my LineageOS updated this week is more secure than my stock Google ROM that got its last update 3 years ago. If Google really wanted to prove security with SafetyNet they would stop attesting devices that haven't been updated. But it isn't about device security, it is about ensuring that the device is controlled by a big corporation, not the user.
In my opinion SafetyNet is no longer about security and is mainly DRM at this point. I think you are right on the money about the out of date devices too. I was going through my Dad's old phone collection this weekend and noticed that several old Android phones have specs that are not terrible today but are not useable due to no updates from the OEM. So now they are mostly e-waste. These are perfectly useable phones (maybe outside of an old battery) for basic tasks.
That makes so much sense. Back when I had a rooted device, I was once blocked from using... the Instant Pot app. Yes, a recipe app. It gave me a message saying something vague about security.
You are confusing SafetyNet with Play Protect. Play Protect is about protecting devices from malware. SafetyNet is about protecting services from "untrusted" devices. It is a remote attestation API that validates that the device is running a "trusted" operating system.
What backups? It's literally impossible to take backup images of an Android phone (as in: the entire thing, not just some Playstore apps and some of the settings).
The last phone I used that supported taking a backup image of the entire phone was a 2013 BlackberryOS 10 device.
You cannot even backup all of the playstore apps, tons and tons set the magic "don't backup" bit.
You are totally right in that there are basically no useful backups on android whatsoever. The closest thing is "adb backup" when you have root and developer settings enabled, which is saying a lot.
Even adb backup isn't possible: it's been deprecated for years and I've never ever gotten it to work even with root and the right dev settings.
It starts creating an image of a couple of GB (takes a couple of hours, lol) and then just bugs out and stops. There's no error checking or anything and when it bugs out it means you have start all over again.
Security depends on your threat model. Your threat model and Googles are not aligned. They are protecting against threats you are happy to ignore or otherwise have other counter measures for. I think the real problem is assuming a one size fits all strategy works for everyone.
This banking apps requirement is laughable if you can manage you bank accounts through the internet browser. I mean there are some banks that only work with an app, but majority of banks in my country work through the browser just fine.
That being said, I have a separate phone just for bank apps and turn it on only when I need to use it for banking.
> This banking apps requirement is laughable if you can manage you bank accounts through the internet browser. I mean there are some banks that only work with an app, but majority of banks in my country work through the browser just fine.
Well, that's exacly why Google has proposed WEI - to make sure they no longer do, and the user is practically forced to have a device that has bundled Google spyware.
I've always thought so too - who is banking on their phone?
And, loans aside, if I had money in a bank that forced me to change the way I live my life just to store money, I would move to a different bank and tell them that's why they lost a customer.
Have you never needed to transfer money when traveling or out of houseIf US, have you ever mobile deposited a check? If rest of world, have you ever sent money?
I use bank web site most of the time. But if not at home, it is really useful to use phone. It isn’t like banking is complicated that need computer and browser. Bank web sites tend to be awful on smaller screens, I don’t use it on iPad. Also, there are a lot of people that only have phone.
> Have you never needed to transfer money when traveling or out of house
No? It can wait for me to return home. Before wireless internet existed this wasn't an issue, so how has that changed things?
> If US, have you ever mobile deposited a check?
I admit this was literally the only time I used banking apps, but nobody uses checks anymore. I haven't needed to do this in years.
> If rest of world, have you ever sent money?
Yup, paypal website. Don't even need the app. Works better than venmo etc because it works internationally and various competitors that are app-only only work in 1 country anyway.
There are some ridiculous examples of apps refusing to run on rooted devices or custom ROMs. The Heathrow airport app, for example - why does an app which just shows me flight times and maps care at all?!
Because security consultants slapped that on some checklist and Heathrow will now bugger contractors that build Android app to implement root checks.
Enterprise apps are full of this bs. I partially blame Google because it made checking for integrity so easy that every app owner now things it needs to use it.
If an app shows maps, it usually won’t run on a ROM like LineageOS that lacks Google Play Services. This is because the API that app developers overwhelmingly use to show maps is the Play Services one, not the vanilla AOSP one. (I’m not even sure if AOSP has a map API.)
LineageOS with MicroG will run some of these apps and show a map using OpenStreetMap tiles provided by MapBox, but the functionality may still be broken because the MicroG’s maps support is not a full replacement.
> They say this is to ensure the security of your device that logs into your bank or whatever, but I guarantee that my LineageOS updated this week is more secure than my stock Google ROM that got its last update 3 years ago
Those are two entirely different threat models. The second clause of your sentence is about vulnerability to exploits, something that Lineage or other ROMs are at least better positioned to do than a vendor that has EOLed the device (though the amount of binary junk required by those distros puts a pretty firm cap on that promise -- they can only fix what they can patch!).
The first clause talks about the need for back end service providers to be sure that no entity is interposted between them and their users/customers. It's a desire that no extra app can sit there and sniff interaction or prompt for passwords/tokens/secrets/etc... Third party open ROMs not only fail to address this need, they actively hurt. You can trivially make a "We're Totally Your Bank We Swear" app and deploy it to a LineageOS phone that steals the money from any account that authenticates with it.
Is that a "good" security model or a "bad" one? There are arguments to be had. But prompt application of bug patches isn't one of them.
>In order to have a "certified" device you need to remove user control.
No, you don't.
>For example users by default aren't even allowed to access app's "private" data.
Which is already what Android's security model specifies. It means that other apps or other people using your phone won't be able to steal data like your 2FA app's private key.
>Those apps want to make sure that the user isn't in control of their devices, they want to make sure Google or a "trusted party" is.
Their app may benefit, or even rely on the android security model. Unverified devices have the possibility of having that security model broken.
>If Google really wanted to prove security with SafetyNet they would stop attesting devices that haven't been updated
I agree, but there is a trade off where you will cut out old devices. This is why at first Google lets app developers choose if they want to avoid devices that can just be spoofed.
No user control is being removed. The data was managed by the app by design.
There is no way for the phone to know who owns the device, nor would it be able to know that when ownership is transferred to not show sensitive information to the new owner.
Let's not pretend to be daft. The user can prove ownership by providing a PIN. They can also delete their data before transferring ownership to a new owner. (Not to touch at all upon the fact that selling devices is really uncommon to begin with.)
Nothing about any of that requires the user to cede control of their own device as a "solution".
The user should not write down a PIN then, or at least not write it down somewhere easily reachable by someone malicious. Attempting to hide data from the device owner is a non-solution to this problem and does nothing but frustrate and diminish the device owner's freedom.
You can't as a phone ensure that happens. The device is more secure by taking away the backdoor of using a PIN. Backdoors are a security incident waiting to happen.
That gives you some control, but because lineage is mostly just using upstream android, and google's "contributions" to AOSP continue the overall decline of android, and the majority of apps adhere to google's behavioral demands of the play store, even lineageOS gets worse every year by way of it not being a hard fork of what was once a good OS.
Not that I have a solution to the problem. Just saying the current and foreseeable future state is that smartphones are past their glory days, and the platform defeated itself.
It is definitely not perfect. But having root does allow you to do most of what I want to do.
Unfortunately to participate in modern society you basically need iOS or Android, and iOS is far worse for user freedom. So I have taken the best option I could.
I also help "with my wallet" by preferring websites for everything that has no need to be an app. But I am sure that I am the minority.
But if you move away from a "certified" ROM then you start to fail SafetyNet (or its successors) and many apps will refuse to work. Those apps want to make sure that the user isn't in control of their devices, they want to make sure Google or a "trusted party" is.
They say this is to ensure the security of your device that logs into your bank or whatever, but I guarantee that my LineageOS updated this week is more secure than my stock Google ROM that got its last update 3 years ago. If Google really wanted to prove security with SafetyNet they would stop attesting devices that haven't been updated. But it isn't about device security, it is about ensuring that the device is controlled by a big corporation, not the user.