Last time I checked, it was broken for years already. It’s been a while though. edit: Confirmed: https://xdaforums.com/t/module-play-integrity-fix-safetynet-fix.4607985/ Only basic/device attestation is working.
ByteWelder
As far as I’m aware, there are no work-arounds that allow for circumventing the Play Integrity API. Probably because you cannot avoid the involvement of a Google backend API that is accessed by the app’s backend. It works like this: Play Services hands a token to the app, the app sends it to the app backend, and then the app backend lets a Google backend verify the token, which results in a verdict. You cannot manipulate the token.
More specifically, Play Integrity API will fail on the Play Service integrity check. If I recall correctly, this is why Google Pay won’t work on GrapheneOS.
Some banks require the app to be used as second factor to log into their website.
That’s incorrect. At least as a generalization. For example: In The Netherlands, you do not own the airspace above your property. The EU laws for drones do state that you can’t just film people without permission, though. Operators of camera drones also need to register and get an operator id.
The scanning is done on your device. You could theoretically only overload the CSAM reporting feature if such a thing will exist.
If a messaging service is non-compliant, the government could theoretically take action with court orders against domain owners, server owners or pursue anyone hosting a node in case of a distributed setup. In a worse case scenario, they might instruct ISPs via court orders to block these services (e.g. The Pirate Bay in some countries)
It’s literally in the article: They want to use client-side scanning. The client already has the data decrypted. This is much like what Apple wanted to introduce with CSAM scanning a while back. It’s a backdoor in each client and it’s a matter of time until it will be abused by malicious entities.
Regarding gaslighting: See Apple’s response on the CSAM backdoor shit show. All the critics were wrong, including the various advocacy groups.
A trigger warning on this post for Android devs would’ve been nice.
At least you’re not using Azure Devops boards, Service Now or Basecamp. Those are all worse in my opinion. I miss Jira.