167
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 17 Mar 2026
167 points (99.4% liked)
Android
21622 readers
90 users here now
The new home of /r/Android on Lemmy and the Fediverse!
Android news, reviews, tips, and discussions about rooting, tutorials, and apps.
🔗Universal Link: !android@lemdro.id
💡Content Philosophy:
Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it's in violation of the rules.
Support, technical, or app related questions belong in: !askandroid@lemdro.id
For fresh communities, lemmy apps, and instance updates: !lemdroid@lemdro.id
📰Our communities below
Rules
-
Stay on topic: All posts should be related to the Android OS or ecosystem.
-
No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to !askandroid@lemdro.id.
-
Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to !androidmemes@lemdro.id.
-
No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.
-
No reposts or rehosted content: Share only the original source of an article, unless it's not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.
-
No editorializing titles: You can add the author or website's name if helpful, but keep article titles unchanged.
-
No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.
-
No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.
-
No offensive or low-effort content: Don't post offensive or unhelpful content. Keep it civil and friendly!
-
No affiliate links: Posting affiliate links is not allowed.
Quick Links
Our Communities
- !askandroid@lemdro.id
- !androidmemes@lemdro.id
- !techkit@lemdro.id
- !google@lemdro.id
- !nothing@lemdro.id
- !googlepixel@lemdro.id
- !xiaomi@lemdro.id
- !sony@lemdro.id
- !samsung@lemdro.id
- !galaxywatch@lemdro.id
- !oneplus@lemdro.id
- !motorola@lemdro.id
- !meta@lemdro.id
- !apple@lemdro.id
- !microsoft@lemdro.id
- !chatgpt@lemdro.id
- !bing@lemdro.id
- !reddit@lemdro.id
Lemmy App List
Chat and More
founded 2 years ago
MODERATORS
Okay, I get what Google is trying to do - Android is a mature OS, and thanks to its embedded nature, is considered a secure runtime, so banks etc. have released apps that have lowered security compared to a browser - such as, long lived logins (aside from the usual biometric/code unlock, how often do you really have to go through the full login sequence?), lowered security for secure actions (often you can confirm transactions and other potentially dangerous things with just your biometrics, because it's a trusted device, on desktop etc. you'd need access to an OTP provider for every action), and so on. And that's just banking...
problem is, Android is far from perfect and exploits that allow the exploiting process root access or even worse, well, those happen.
(what's even worse? well... Android most recently runs essentially in a virtual machine, managed by a SoC-level hypervisor, which in turn is managed by the platform TEE. Basically, userspace is EL0, root on the OS is EL1, Hypervisor access is EL2, TEE is EL3. The higher the number the more access the exploit has. For example, an EL0-EL1 exploit can be detected by usual root detection - but an EL0 to EL2 exploit can't be because the exploit happens to be outside what the OS can see, which is where the trusted boot chain attestation comes in)
So anyway, Google has been trying to curtail such exploits by various attestation approaches for Play Integrity. And now they're trying to catch this from the other end by blocking app installs from unknown sources.
The main issue with this? A lot of the apps that contain malware or exploits, come from the Play Store. Basically Google is trying to play cop while allowing a select group of thieves to continue operating without any attempt to shut them down...
It's just about control not security
It definitely is. And if we take the bank apps as mentioned, they got lazyvand rely on the google mafia to manage their security for themselves. And now those bank apps are trying to police how the fuck I use my own device. Thank goodness there's still geto and sjizuku I can still hide Dev options and accessibility being turned on.
For the bank apps, I just straight up reviewed them saying they are hostile to disabled persons because they disallow accessing their apps with accessibility features turned on. It's not much but it helps getting my anger out