this post was submitted on 26 Dec 2025
11 points (100.0% liked)

Android

1020 readers
1 users here now

Android news for android developers. Everything that happens in android world.

For Android development specific topics please see /c/android_dev

The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License

founded 2 years ago
MODERATORS
erlingur@programming.dev
askat@programming.dev
Ategon@programming.dev
11
Does Android's SafetyNet actually make it safer for apps to run? (programming.dev)
submitted 2 days ago by voicesfromdeep@programming.dev to c/android@programming.dev
8 comments fedilink hide all child comments
 

I currently have a complaint at kifid (instititute for complaints against financial service providers in the Netherlands) against Revolut because it doesn't work on degoogled phones. They claim it makes it more secure. Can anybody point me to a study or expert opinion on the security benefits of safetynet and how it protects android phones?

My inkling about googled OEM phones is this:

  • many are old
  • many aren't receiving patches anymore
  • many receive security patches late (weeks or months)

And regarding degoogled phones:

  • they are more likely to get security patches more quickly
  • they are often maintained longer than OEM phones
  • certain ROMs like calyxos and grapheneos (to a certain degree eos) are actually more secure than stock OEMs due to either
    • security focus
    • faster security patches
    • being limited to relockable bootloaders

Revolut claims that allowing these ROMs (or similar ROMs) to run their application would reduce the security of the application. I'm not a security expert so it would be nice to find out if that really is true for android.

This was posted on mastodon and reddit for reach.

you are viewing a single comment's thread
view the rest of the comments
[–] ArfArfWoof@feddit.org 1 points 1 day ago* (last edited 1 day ago) (1 children)

This was posted on (...) reddit for reach.

[ Removed by moderator ]

lmao

[–] SSUPII@sopuli.xyz 0 points 1 day ago (1 children)

Now it is. Before removal it was empty. Likely seen as spam.

[–] voicesfromdeep@programming.dev 1 points 1 day ago

It's not empty to the submitter (me).

Must be some reddit bug or it works that way by design.