Rooting an Android phone is no longer as popular as it was a few years ago. Plus, if you root your phone now, you will run into several issues, like Google Wallet and banking apps not working, as the device will fail the Play Integrity API test. It makes sense for Google to block banking apps and payment functionality on rooted phones for safety and security reasons. But the company is now taking things a step further and has started blocking RCS from working in Google Messages on rooted or bootloader unlocked Android devices.
↫ Rajesh Pandey
Entirely expected, but no less unconscionable. Banking applications, government ID services, and now even messaging platforms – all entirely crucial functions in the very fabric of society and government that we’re just handing over to two ruthless abusive companies. It’s simply no longer possible to function in many modern societies without having either a blessed Android device, or an iPhone, since any other platform will often lock you out of crucial functionality that you need to function in today’s world.
If there was ever anything the European Union should be fighting against, it’s this.
On one side, I can see the reasoning. The security is an issue if your phone is rooted, and even you should not have 100% trust on what is going on.
On the other hand, I can also see, as the owner (or more like “supposed owner”) of the device, I should be able to do whatever I want with it. When I use a PC, Mac, or Linux, the “root” is pretty open. And of course media companies still block features like 4K playback in streaming, but that is a known compromise. Yet, I can still do my banking on Chrome, or communication with Signal.
Bottom line, is there needs to be a balance, and I think the line is drawn at the wrong place here.
sukru,
I agree with Thom, this is google acting in their own interests at the expense of open computing. Not only that but google shouldn’t be at the top of the security totem pole. More secure approach would be to have a vendor neutral open source secure enclave that could perform secure authentication even on a rooted device. The operating system should always remain under owner control and the secure enclave could perform diffie helman and/or PKI. This could be even more secure than google’s approach.
I believe that Intel, AMD, and ARM have all worked this kind of technology but they were all proprietary. Something like this really needs to be an open standard that can be audited by third parties.
Your suggestion removes an opportunity for vendor lock-in, therefore none of the big names will ever implement it.
Of course,
Look at the current state of streaming devices. Almost all of them have full screen ads on home, even though some of them are premium devices (or rather “used to be” as they are ad supported in addition to $200 price tags now).
I can’t, really. If it’s not rooted, then you still can’t trust what’s going on because the manufacturer won’t let you have full access to it. If you do have full access to it, then you can in some ways do more to secure it in a truly verifiable way than Google or Samsung
The1stImmortal,
Yes, there probably needs more nuance here.
You can (usually) trust a high profile vendor to not purposefully harm your device or experience, and protect you from common threats like malware, randomware, “crypto miners” that steal your data, leaking your banking credentials, and so on.
Though, they will definitely want to monetize your information, by selling it at least as aggregate. And they will occasionally have security bugs that cause issues like leaking of personal information.
On the other hand, the operative word was even there.
The emphasis is, even you can’t trust it, and the 3rd party apps will have much less reasons to do so. Netflix for example can assume you have a screen recorder, which is disabled on stock firmware. So they will regrettably, choose not to offer their services.
Banking on the other hand is not like an optional entertainment service, and they should, I believe, offer their services even if your phone is rooted. If they don’t trust it fully, they might reduce some functionality (like adding a “virtual debit card” to your NFC stack), but simple things like viewing your accounts and making transfers, which they allow on a mobile web version, should be available on the mobile app as well.
Funny the EU doesnt actually care about consumers. They only care about helping other company’s like Epic and Microsoft that complain about having to pay fees for App stores.
Stopping stuff like this….. Won’t happen.
Windows Sucks,
That’s just not true. Epic and other lawsuits may have helped get the ball moving, but the laws really aren’t customized for epic in any way. They are there permit owners to choice alternatives…honestly it should have been done decades ago.
I would have really benefited from an edit button here, haha.
Yes, @Thom, this is a feature that is affecting our experience.
Is it possible to have it back.
Proof that the EU is not partisan in this is that Apple iMessage is not affected by the DMA platform rules unlike WhatsApp and others. iMessage even though is very much a platform and wields a lot of influence and control in the US simply is to small in the EU. Therefore on that aspect, Apple got away.
Google is acting in their own interest. Putting this in “analog” terms, it is like banning ball-pens to be used to write your passwords in your bank book.
yeah *this* should pretty much be illegal. warnings are fine, but punishing users for owning a device they paid for is unacceptable.
Google’s “open standard” that only works with one specific proprietary app, on only one specific proprietary operating system, with root and custom ROMs deliberately blocked, and no APIs published for an open-source reimplementation. With basic features like E2EE running through Google servers.
And yet they run a marketing campaign accusing Apple of not playing fair by not supporting RCS.
I really, REALLY wish Google had a “yes, I know it’s rooted, I did it, the security is fine as it is” to allow me to actually run all those things just fine. I get why if it’s rooted, you want to, by default, NOT run sensitive things. Sure. But if I did it, let me say so, and so then assume it’s OK because I said it was. Might be a way that, like Developer Mode, is a bit convoluted. Ok.
RCS is unreliable anyway. I recommend just turning of “Chat Features” and moving on with life.