Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Remote attestation happens in hardware now. Significantly harder to fake.


Can you elaborate? I'm not sure I understand what you mean by "now".

What I'm asking is whether or not the Play Integrity API supports remote attestation on its own today (ie, before any of the webview changes ship). Or I guess, more specifically, is there a challenge-response API currently for the Play Integrity API that a remote server could use?

If yes, then sure, I buy that this is not really adding anything new. If no, then adding a webview API does seem to me like a meaningful expansion of Android's DRM capabilities.


It does. It's called SafetyNet and it wiped out the freedom Android used to have.

https://www.xda-developers.com/safetynet-hardware-attestatio...


This sort of lockdown (along with others) is why I'm abandoning smartphones altogether.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: