Remontoire@lemmy.world to Technology@lemmy.worldEnglish · 1 year agoGoogle's Web DRM is Worse than I Thought...www.youtube.comexternal-linkmessage-square149fedilinkarrow-up1938arrow-down128file-text
arrow-up1910arrow-down1external-linkGoogle's Web DRM is Worse than I Thought...www.youtube.comRemontoire@lemmy.world to Technology@lemmy.worldEnglish · 1 year agomessage-square149fedilinkfile-text
minus-squaresloppy_diffuser@sh.itjust.workslinkfedilinkEnglisharrow-up9·1 year agoThe same host could fake the payload to the attestation server. Cat and mouse game with security through obscurity.
minus-squareAnafabula@discuss.tchncs.delinkfedilinkEnglisharrow-up7·1 year agoIf you are on android or ios the phone already cryptografically verifies that the operating system has not been tampered with on a hardware level. Since the operating system is then “trusted” it can verify anything you do on it
minus-squarel0v9ZU5Z@feddit.delinkfedilinkEnglisharrow-up7·1 year agoDoesn’t work. It’s possible to let many banking apps think they are running on a normal device although it is rooted.
minus-squareKoffiato@lemmy.mllinkfedilinkEnglisharrow-up6·1 year agoYup Play attestation is dead, even the new and shiny “secure” one is bypassed. It’s now just a hinderence.
The same host could fake the payload to the attestation server. Cat and mouse game with security through obscurity.
If you are on android or ios the phone already cryptografically verifies that the operating system has not been tampered with on a hardware level. Since the operating system is then “trusted” it can verify anything you do on it
Doesn’t work. It’s possible to let many banking apps think they are running on a normal device although it is rooted.
Yup Play attestation is dead, even the new and shiny “secure” one is bypassed. It’s now just a hinderence.