John Wu

John Wu

06-10-2021

11:02

Continuing with the discussion on Android modding. If you unlock the bootloader of an Android device, you *actually can* run almost whatever software you want! (Except proprietary/trusted components such as the bootloader, TEE, radio, firmware etc.)

You can replace the kernel. You can compile your own Android OS. On Pixels, you can even sign the images and have verified boot enforced. You can install F-Droid and only run FOSS apps. You actually DO have the freedom to run almost all software with something you can control.

However, with how the world is directing, there is an increasing demand for "Trusted Computing". It is how devices store/process secret data securely. User data encryption, biometric authentication, contactless payments, DRMs, all depend on some "trusted environment".

By the nature of it being "trusted", it is by definition *NOT* supposed to be something you can modify freely. And this is why a lot of free software advocates strongly object "Trusted Computing". You can decide how you want to feel about it, but this is the reality we live in.

On Android, key attestation provides the state of your device, including the bootloader status, the signing keys of system images, and many more info, through TEE (trusted execution environment). As it is supposed to be "trusted", by design it is difficult to manipulate this data

Now here is our problem: a lot of apps will do this attestation, either directly or indirectly (e.g. SafetyNet), and simply refuse to function if it encounters a device in an "unexpected" state. Note that here I use "unexpected" instead of "insecure".

It is a well known fact that running an up-to-date custom ROM is very likely to be actually more secure than running on an out-of-date, or simply poorly engineered stock ROM. However all HW key attestation knows is whether the device is in a state that it "expects".

It is non-trivial to check whether an unexpected device is running a nice and secure custom ROM, or is it using Magisk with harmless mods, or is it maliciously injecting code into app processes trying to abuse it. So often the strategy is to simply reject all "unexpected" devices

In conclusion, I don't think rejecting Trusted Computing is practical in this day and age. Heck, even Windows 11 requires TPM 2.0. Us poor modding enthusiasts are unfortunately caught in the crossfire of malicious actors and increasingly secure computing devices.

I don't think there is a solution if you want modding and cannot tolerate compromises while using proprietary services that decide to rely on aggressive strategies backed by trusted computing. Your best bet is to find more open minded, or even better, open source alternatives.


Follow us on Twitter

to be informed of the latest developments and updates!


You can easily use to @tivitikothread bot for create more readable thread!
Donate 💲

You can keep this app free of charge by supporting 😊

for server charges...