Linked by Thom Holwerda on Thu 18th May 2017 21:46 UTC
Android

Over the weekend, it was discovered that the Android Netflix application could no longer be installed on rooted Android devices - in fact, it vanished from the Play Store on rooted devices completely. Netflix then confirmed it started blocking rooted devices from installing the Netflix application.

Well, it turns out we'll only be going downhill from here, as Google explained at I/O that from now on, developers will be able to block their applications from being installed on rooted Android devices.

Developers will be able to choose from 3 states shown in the top image: not excluding devices based on SafetyNet, excluding those that don't pass integrity, or excluding the latter plus those that aren't certified by Google. That means any dev could potentially block their apps from showing and being directly installable in the Play Store on devices that are rooted and/or running a custom ROM, as well as on emulators and uncertified devices (think Meizu and its not-so-legal way of getting Play Services and the Play Store on its phones). This is exactly what many of you were afraid would happen after the Play Store app started surfacing a Device certification status.

This is bad news for the custom ROM community. If I can no longer install Netflix (and possibly more applications) on custom ROMs, there's no way I'll be using custom ROMs on my devices. For now, this is a Play function and we can still sideload the applications in question, but with Google Play Services installed on virtually every Android device, one has to wonder - and worry - how long it'll be before such checks happen on-device instead of in-Play.

Permalink for comment 644431
To read all comments associated with this story, please click here.
Apple Music
by jonsmirl on Thu 18th May 2017 22:18 UTC
jonsmirl
Member since:
2005-07-06

Apple Music is blocked too

The API already supports the app doing a cryptographic check every 30 minutes to ensure the device is uncompromised. Google sends key to app, app sends key to server, server asks google to validate the key. If the key has been messed with -- server can turn off the app. Everything is protected with public key encryption.

They are using a similar scheme to keep anyone except the anointed few from building Chromecast devices. All of the Chromecast code is available, but if your device key is not in the authorized database no one will cast to you. If you're not a multinational corporation forget about making a Chromecast device unless you don't mind incorporating a $70 HW module from one of these giants.

https://developer.android.com/training/safetynet/attestation.html

Edited 2017-05-18 22:29 UTC

Reply Score: 6