A new European initiative dubbed UnifiedAttestation aims to build a free and open-source alternative to Google’s Play Integrity checks. The initiative is backed by smartphone maker Volla, while other partners include /e/OS maker Murena and the team behind iodé OS. The feature will be distributed under an Apache 2.0 license.
It breaks their sandboxing model, which limits the impact of malicious/compromised apps.
To be clear, I’m not arguing against root here. I daily a rooted phone, and I believe if it’s impossible to get root on something, it isn’t really yours. You can get root on GrapheneOS; they just discourage it because they’re strongly focused on security.
They’re right. If a bug in AdAway, which needs root to write /etc/hosts caused it to fetch and execute malicious code, the malware could do anything I can do to my device. The scenario is plausible; it routinely fetches blocklists, and I imagine a sophisticated enough attacker could compromise the delivery mechanism.
I don’t worry about that scenario because it’s unlikely that kind of attacker will target me. GrapheneOS is meant for people who do have to worry about that kind of thing.
@Onomatopoeia @Zak@lemmy.world
I don’t disagree.
Problem is their binary attitude about root.
Root us used, every day, on every system on the planet.
Even Windows now uses a more granular Admin system - which is a better approach.
In Linux we only escalate as-needed, and strictly limit accounts that are used for services (Windows too actually).