Once again, I have to remind everyone the difference between a replacement and an alternative.
- Yes, google is shit
- That dosent mean /e/, iode, and the rest is automatically better than google.
That being said, the volla attestation API is once again a google replacement. Not an alternative, but a „google” with another name. They are still just as vulnerable to corruption, court orders, etc as google is. Its like throwing out your Alexa for spying, but instead buying another Alexa, but instead of Amazon it’s nozama. Look people, instead of unsecured s3 bucket 3, I use unsecured S3 bucket 4 that I’m sending my data through via http. Me so smarty pants
Can someone explain what this is?
Banks cant trust every client device to be secure and not compromise their infra, therefore they are using a certificate from a software authority to make sure their apps only run on secure devices. Currently, this authority is Google.
But since everything is using google as their authority, google can at any time decide if they want to exclude any devices/manufacturers/whatever from running most banking apps.
For example, they are excluding everything that is not shipping their G services Spyware. (And to ship the G services, you need a license, so you can’t have most banking apps without paying google)
Now, volla, a maker of a Linux Phone is trying to make a new attestation API. This in no way mitigates any problem I mentioned in the paragraphs above. In that case, Volla is the Authority, and they can at any time exclude anyone for any reason.
There is already an adequate Attestation system that mitigates every issue I mentioned built into android. Since the system is present at any time, this will not only reduce the attack vector on a system, but allow any app to add any authority they want.
Does this mean that /e does it too? Why are they part of the post? Also, they just use MicroG so if it’s deleted (which is a hack) then why does it matter?