• Zak@lemmy.world
    link
    fedilink
    English
    arrow-up
    46
    ·
    5 months ago

    Many devices, including Google’s own Pixel devices have user-unlockable bootloaders. No security vulnerabilities are involved in the process of gaining root access or installing a third-party Android distribution on those devices.

    What’s going on here isn’t patching a vulnerability, but tightening remote attestation, a means by which a device can prove to a third party app that it is not modified. They’re selling it as “integrity” or proof that a device is “genuine”, but I see it as an invasion of user privacy.

    Google can’t exactly make root access and custom ROMs easier to use in 2025.

    Sure they can. They’re in a much stronger position to dictate terms to app developers than they were in 2010 when it was not yet clear there would be an Android/iOS duopoly.

    They don’t want to though, because their remote attestation scheme means they can force OEMs to only bundle Google-approved Android builds that steer people to use Google services that make money for Google, and charge those OEMs licensing fees. A phone that doesn’t pass attestation isn’t commercially viable because enough important apps (often banking apps) use it.