Trusting clients is probably a security flaw

That's entirely reasonable, but I think it's unlikely to make a difference in most cases.

It has certainly been locked down a bit. This makes easily backing up all your data using some techniques harder/impossible.

I can't include podcasts in the backup I do via rsync via termux anymore, unless I switch to an app that uses a shared storage area instead, as termux can not longer read app directories only its own and shared storage. You have to rely on each app that used app-local storage to have its own backup method. Not that I really care from the podcast PoV, hence I've done nothing about it, but it is a sign of apps being better sandboxed at the filesystem level than they used to be.

Is it not the same for computers most of the apps data is accessible by all the apps. Mobile OS came from the paradigm of the past and as the way we use our phones change so do the way how mobile os work. For a long time Android devs have wanted to obfuscate the disk from the user like iOS does but have faced push back from users and developers so in the end they created a permission where an app needs to ask permission to access the disk. Keeping the file system a black box or allowing user/apps to mess with it is a development question of the times dumb it down or not. Then people here complain children don't know anything about computers these days well yeah because we have dumbed it down so much in the name of security and usablity.

That is how it works. Apps on android and iOS can’t access data outside of their contsiner.

By default you can `ls` almost anything on an entire drive.

Thanks, I was thinking of phoning and asking, but good to know there is some point in waiting in the queue to talk to someone!

> i wonder what caused the change

In many countries, if the consumer gets defrauded, the bank foots the bill.

I don't think the problem here is consumers getting defrauded by having an insecure rooted device. It's fraudsters using the mobile app APIs for nefarious purposes, and the best way to prevent that is to use SafetyNet and other similar mechanisms.

The app works perfectly well on my device, parent comment is just mistaken.

It works fine for me on Android 15 with non-Google Play apps installed too.

DRM doesn't protect, it only delays.

Never trust the client. Anything the client has access to, whether "protected" by Play Integrity or not, should be considered compromised.

GPIDRM doesn't protect against much, even if it's perfect [0]. What it gives you is an API your Android app can call into to inspect the device status.

That's not enough because the owner of the phone can just twiddle that memory between you calling the API and using the value. You fully own the code that runs on your devices, and if you don't like it then you can just choose to run different code. The GPIDRM hinders some users who want to fully own their device and also use your app, but it doesn't actually protect your app from being executed in other environments (similarly with any other modification to how the GPIDRM might function, short of it physically decrypting the code/data you intend to run and only ever running in environments that would somehow prevent people from backing up those decrypted bytes -- or, similarly, physically decrypting data unique to a particular instance of using the app and not useful for any reason when somebody else runs the app).

When, then, does GPIDRM make sense to use?

_Arguably_ the thing that banks do isn't terrible [1]. Their servers are authenticated, so it's not a security thing. They're just managing risk (people with rooted phones might be more likely to have root-level malware for example). If somebody has a rootkit leaking banking details and the attacker is also willing to pay $10 to borrow their phone number for the day, the bank account will be fully compromised. When that happens, the bank is on the hook some fraction of the time. The bank server trusts requests to either come from a real user or a user with stolen credentials, and they're trying to reduce the chance of the latter (but not eliminate, even from rooted Android phones).

How does McDonald's differ? There are no server-side checks, no passwords, no logins, no crypto handshakes, no anything. If you send a request pinky promising you're a trusted client then you'll get your free food. The implementation was so bad that the TFA demonstrated compromising it on a phone which _correctly_ passed the GPIDRM check.

[0] No such technique can be perfect. At its core, it relies on a secure hardware enclave. Physical keys are always reversible with enough time and effort, in time _linear_ in the key length. The goal is just to create a constant factor big enough that almost nobody with expensive enough tools to dismantle the chip and go probing is willing to go through the effort (or, ideally, not able to with the current generation of technology, so that rotating keys every few years can keep up with reversing efforts).

[1] I'd be shocked if people with rooted Android phones were actually more likely to be victims of phishing/malware/....

What's implemented wrongly is the idea that this kind of client side check somehow removes the need for server side verification.

And the idea that this kind of check can't be defeated.

It makes sense, to some degree, that for example some banking apps refuse to run if they detect that the phone has been rooted, or even to go as far as to refuse to run if there are non-Play apps on the phone.

Maybe some apps with DRM media playback do this kind of check too, yes. Haven’t used Android for many years now.

Hopefully iOS stays the way it is where apps don’t get so much info about other apps on device. I prefer it that way.

That goes without saying in the software business today. I was in software for decades and I’ve never seen it so cynical. Shameless profiteering seems to be the gold standard strategy. It’s like Gordon Gecko style greed.

Actually interested in learning more about the attack surface area?

I've had my SSN stolen learned multiple people are using it lol so I doubt banking info stolen from Mickey Dees would make a difference could something worse be achieved

A company doing outsourced dev for someone the size of McDonald’s would have an iron clad statement of work that the would point to and say “show us where you asked for server validation”

Which indicate that the management wants to feel good, not that the app developers care about actual security.

Yes, except the answer is opposite to what you think. Shitty and insecure apps make more money than decent and secure ones.

> any employers would survive long if it transpired they were disfavouring members of IEEE, ACM, IET or whatever.

I highly doubt most employers even know what those organisations are. Taking it even further, there is probably even a significant amount of devs that are unaware of them as well. I don't think devs have this much power. Unless you are a tech company, devs are likely highly replaceable and in my opinion the trend goes in that direction. Obviously, this excludes skilled FAANG devs

The same way it works in engineering. What happens when a building collapses due to not following engineering code?

The ones who own the firm do. They are the managers.

Also I think you mistook my comment for something about financial success. I am questioning how much power a lawyer has to invoke moral authority (unless they own the firm).

Worth mentioning that the IT jobs crisis is mostly an US thing. It's still relatively easy to find a dev job in Poland or many other EU countries. It's worse than before, as in bootcamps are no longer enough, but as a mid+ it's still very easy.

It's easy to find entry level jobs? Where? I was trying for ages and barely anyone even replied to my applications