Android @lemdro.id ijeff @lemdro.id 8 mo. ago

Google’s “Web Integrity” Android API could kill “alternative” media clients

arstechnica.com Google’s “Web Integrity” Android API could kill “alternative” media clients

Web Integrity pivots to Android, could permanently kill YouTube Vanced-style apps.

DeGoogle Yourself @lemmy.ml DeadNinja @lemmy.world 8 mo. ago

Google’s “Web Integrity” Android API could kill “alternative” media clients | Ars Technica

arstechnica.com /

44 comments

The key difference between "Android's Play Integrity API" and this new thing which they are no longer proposing to put in Chrome but into Android WebView instead is the remote part of "remote attestation".

The article does not make it entirely clear, but the new thing looks to be exactly the same as the old Web Environment Integrity we knew and hated, but with a new name and temporarily exclusive to Android.
- I'm so glad there are devs behind things like Lineage, DivestOS and Graphene. I'm currently setting up a oh one using Divest without Google.
  
  I'll be buying some Pixel 5's to get me through the next 5 years (my current phones are from 2018, and really fast with Lineage or Divest, and load a bunch of apps, and automation).
As someone who uses root (not at the moment but plans to) as I believe in owning my devices, fully, this is horrible. We still need to oppose this.
- I know right? The article touches on this:
  
  Google said the inspiration for the original Web Integrity project was Android's Play Integrity API, which already scans your phone for root privileges and denies access to things
  
  ^^^ this should have never, ever been a thing!
  
  That is just standard and a completely sensible security measure for preventing people from tampering with an application. It cannot replace proper, server-side security measures but is a big step. Especially for stuff like banking applications.
- The problem with root is that banking applications and many others straight up actively try to detect it and refuse to work if you are rooted. Android is in the process of being completely locked down.
  
  Not just root. Some even detect if you have usb debugging enabled and warn or refuse to work unless you turn that off.
  
  There are many workarounds. It never really is an issue anymore
  
  Switched to web browser...
  
  These apps are fucking obnoxious.
  
  Google wants you to pay for hardware but they get to control it because they can't trust you lol
Big fucking sigh. I've been an Android user since the T-mobile G1, and I have ferociously defended the platform against iPhone for that entire time.

Is there a 3rd option? Or do I have to learn to love the enemy? I won't be a part of the problem with privacy just because I'm too lazy to change.
- Use Graphene, Lineage or DivestOS (fork of Lineage) . Graphene and Divest enable you to sandbox all Google BS if you need it, and Dos uses their own we view from Mull.
  
  What about bank apps and nfc? Do those work or are you just out of luck if you need them on graphene or lineage?
- It's not there yet but... https://www.pine64.org/pinephonepro/
  
  I love the idea, and would be willing to be an early adopter of a linux phone... but its tough to give up application support.
- Honourable mention for Sailfish OS
  
  https://en.wikipedia.org/wiki/Sailfish_OS
  
  The commercial version comes with an android emulator.
  
  It's not recommended for non-technical people, it sometimes crashes, it has random bugs that will drive you insane, and currently the weather app can't connect to the service that provides the weather data.
  
  But:
  
  The people making it are not seeing you as the product and you will be free of all the bullshit.
  
  ..... and i love it :)
- Use custom ROMs
- I have ferociously defended the platform against iPhone
  
  Why tho
  
  Because Apple are: closed system, unrepairable, proprietary, refuse to adopt standards, elitist and exclusionary, and generally less flexible and customizable. They are a baby toy, they are any recent BMW, and they are jerks about it.
  
  And somehow, that's becoming the better option over thieves and scammers with bad intentions. I may have to go with the assholes over the bastards. It doesn't feel great.
Permanently Deleted
- google has been on the dark side since before "don't be evil" was even associated with the company.
  
  The first time I heard "don't be evil" all I could think is why do you have to say it?
- It's been a long time they stopped pretending.. at least 5 years.
  
  You mean removing the "Don't be evil" slogan? That's not entirely true, they moved that from Google to Alphabet
This is like, save the children war fund, or some such nonsense naming scheme.
Permanently Deleted
A bit late... Something new might replace it but this experiment got killed a couple days ago already.
- Google is killing off its proposal for "Web Environment Integrity API" as a new web standard, though Android phones may still have to deal with it.
  
  That is literally the first sentence of the linked article. I think this is one of the things how it comes back.
  
  Does Vanced really use WebView for playback (the link the article provides suggests it's used for sign-in)?
  
  Aside from forgetting to mention Revanced which is very much alive, I have doubts about the article. It feels like the author realized his headline doesn't work anymore so came up with something plausible sounding...

You've viewed 44 comments.