Google said the inspiration for the original Web Integrity project was Android’s Play Integrity API, which already scans your phone for root privileges and denies access to things
That is just standard and a completely sensible security measure for preventing people from tampering with an application. It cannot replace proper, server-side security measures but is a big step. Especially for stuff like banking applications.
As someone who uses root (not at the moment but plans to) as I believe in owning my devices, fully, this is horrible. We still need to oppose this.
I know right? The article touches on this:
^^^ this should have never, ever been a thing!
That is just standard and a completely sensible security measure for preventing people from tampering with an application. It cannot replace proper, server-side security measures but is a big step. Especially for stuff like banking applications.
I never really understood that:
If I’m using my browser to do banking via the website, Having root privileges and tampering with the Browser running the applications is not an issue.
If i use the banking app, Having root privileges suddenly become a problem.
–> To me, it doesn’t look like the problem is technical, but that users are accepting things on mobile that they wouldn’t accept on a PC.