However, all this comes with the caveat that SafetyNet will flay you alive. The cat and mouse game with Magisk and other methods to maintain root undetected is moot when I've used apps these days that make a fuss when you have developer settings enabled. To be honest, that seems acceptable to me, I can do what I want with my device, software vendors like banks and the like have a say in how I choose to access their more convenient services. I can play nice with them if I want, even using a second phone perhaps, but I have a choice.
I disagree. I don't understand how it's fine that I can access my banking services with my Gentoo machine, with everything compiled from source by myself, but it's somehow a problem when I'm not using either Apple or Google certified OS on my phone.
I'm sure they want to prevent the first scenario, like various streaming cartels already do, but I hope something like EU throws a fit if they do.
Because it's a bank there's going to be insurance behind the scenes to cover them if something goes wrong, and I assume part of that is ticking off enough points to be confident a transaction is secure or different payment limits on confidence levels.
Isn’t this just a second device? How can you hold a manufacturer liable if the user was given unsupervised time as root?
PCs had root access by default, so why wasn't it a significant problem for them? Banking is possible on a PC without a banking app.
As Noam Chomsky has said, as in politics, manufacturers and OS vendors such as Google and Microsoft have been deliberately "manufacturing concent" — a widespread belief in the population of users that benefits them to the disadvantage of many of said users.
PS: While he maybe in effectively hospice now, at least he outlived Kissinger.
Right, I've never fully understood why the media was (and still is) so complicit. There's a long history of the media, especially the tech media, mags etc. ass-licking the likes of Microsoft, Google et al. It's been horrible sight to watch over the decades. Perhaps it's because of kickbacks, fear of exclusion from events, press releases, or handouts—free software etc., or that many had/have shares in such entities—or the belief that those who run such entities are only one step removed from the gods—hero worshiping.
We users would now be in a damn side better prosition if the media had done its job professionally.
"technical vocations are still frowned upon in socially most of America."
Right again, and America is not the only place, such thought is endemic across the anglosphere.
They weren't networked. They were notoriously buggy. And most importantly, they weren't warrantied [1].
Root should always be an option. But once you root, it's fair for the warranty to be voided.
> OS vendors such as Google and Microsoft have been deliberately "manufacturing concent"
Nitpick, the propaganda model [2] attempts to describe traditional mass media. Two of its five pillars (ownership and sourcing) fall apart in a world with smartphones and social media.
[1] https://www.studocu.com/ph/document/university-of-rizal-syst...
[2] https://en.wikipedia.org/wiki/Propaganda_model#Criticism
Where on earth did you get that notion from? Just because some vendor [your links] has conned the unfortunate client into an unacceptable contract doesn't mean it's commonplace or ever was.
These additional restrictions are not there for security despite what we are told.
I've had to cloak the rooted state from an app or two or they'd choose to withhold functionality. That was a couple of phones ago. I've not had trouble with banking, payments, etc since.
I think they're supposed to prevent people from reverse-engineering banking app APIs and writing bots that perform millions of requests per second, trying to brute force their way into peoples' accounts.
As an extra protection, SafetyNet also makes it harder to distribute apps that repackage your genuine banking app, but with an extra trojan added.
If a bank (or any entity for that matter) needs to control the client in order to make their systems secure, then it's bad security. The system must be secure despite the client.