1. Download our Official Android App: Forums for Android!

How to upgrade Note 2 to newer Android and pass SafetyNet / without being flagged

Discussion in 'Android Devices' started by masterton, Oct 3, 2018.

  1. masterton

    masterton Member
    Thread Starter
    Rank:
     #489
    Points:
    26
    Posts:
    44
    Joined:
    Nov 17, 2016

    Nov 17, 2016
    44
    2
    26
    Sorry but "rooted" does not mean you automatically give root access to every app. You can still decide which app can have root access, which not. In the above case, he only installs banking and finance apps (without root access) and no more, not even use the device to browse the Internet. I fail to see how dangerous it is simply because the device is rooted.

    I'm not talking about which should be responsible. Rooted can be safe if the user knows clearly what he is doing. It is more dangerous if the user is reckless and does not have any sense of security. An unrooted device does not help to save his butts. The user is usually the weakest link in security.


    If this is the case, the bank should redesign its app. SafetyNet can be fooled, so do other root detection methods. A cyberthief would find a way to run the bank app in a rooted device anyway.

    What's more some bank/finance apps simply let them run, or only disable some features but not disallow running. It is beyond me they still let them run if it were so dangerous to allow an app to run in a rooted device.
     

    Advertisement

    #26 masterton, Oct 10, 2018
    Last edited: Oct 10, 2018
  2. chanchan05

    chanchan05 The Doctor
    Rank:
     #25
    Points:
    1,108
    Posts:
    15,147
    Joined:
    Jun 30, 2011

    Jun 30, 2011
    15,147
    4,822
    1,108
    Male
    In this scenario we are talking about an OS version of 4.4, which back then, yes a properly coded malware app can give itself root privelage using certain methods that I will not discuss here. The fix for one of those methods was introduced in Android at around the time of Nougat.

    Yes we know that. But the bank and Google does not know if the user is tech savvy or not. Hence, it's common practice to just cover for every idiot out there, which of course makes it more difficult for more tech savvy people.


    How much more can you redesign a portal that just accesses your database? Whatever you do, it's still going to access a database and a thief can piggyback on that if access was achieved. Without that access, that bank app is useless anyway. Even if root detection methods can be fooled, it also does not mean that it's the only security feature of the app. Plus, you don't have to make it easier for the cyberthief. If it was as easy as that, then everybody with a little time spent Googling can crack their banks. Which obviously in this case, did not work.
    Also, you also have to consider the server side protection. If the bank employs a server side protection that they are confident enough to let their app run on a rooted device albeit in a limited manner, then they will code their app to do so. But if a bank is paranoid and/or has not yet upgraded their server side protections, then obviously they're going to slap on every lock they can find.

    The main issue here is people seem to think about these things as "just THEIR phone". It's not. It's connected to several things, and each of these things are connected to other things which may or may not have their own security protocols which you have to respect. Security on the apps goes beyond that device you hold in your hand.
     
    Dannydet likes this.
  3. nixonsherrie

    nixonsherrie Newbie
    Rank:
     #796
    Points:
    16
    Posts:
    13
    Joined:
    Oct 3, 2018

    Oct 3, 2018
    13
    3
    16

Share This Page

Loading...