Revert safetynet hardware based key attestation to just basic attestation
Revert safetynet hardware based key attestation to just basic attestation
Dear Google
Please revert the decision to determine safetynet status using hardware based attestation this decision won't do any good in terms of security as safetynet doesn't work in case of vulnerability also hardware based attestation would effectively kill off the custom ROM community
Every android user would then be on the mercy of their OEM's for getting updates and latest security patches and let's be honest OEM's don't wanna provide updates to their devices they wanna make the device obsolete ASAP so that people end up buying a new device in a year or two also some OEM's have terrible stock ROM with bloatware and ad's in the UI which ultimately tarnishes the image of android as an OS
Let's do a comparison shall we iphone6 (launched in 2015) got the latest iOS 14 wherein your own device the pixel 1 got it's last android 10 update last year so apple takes the crown for best software support over time and let's be real pixel 1 is the phone that got the longest software updates most other OEM's mostly provide 2 years of update and that's it!
Installing a custom ROM in device was a great way to get timely software updates and latest features of android using aosp source code
Having safetynet to fail on bootloader unlocked devices will essentially kill the open sourced nature of android also many people won't get to enjoy stock android as most of the OEM android skins are so heavy that they feel like a different operating system altogether without even a hint of how stock android feels
I therefore request the devs to revert safetynet check to basic check instead of hardware based
This doesn't provide additional security as the applications that exploit android do it on the basis of vulnerability and not a unlocked bootloader and a safetynet check fail on unlocked devices will be something that make the device unusable as a daily driver
If the safetynet hardware based check is allowed to be implemented then it will be something that very minutely affect the safety of the device but it will effectively kill off 90% of the custom ROM community hence doing more harm than good
So we request you to reconsider the decision to make safetynet check hardware based to basic check
P.S. I have written this petition in a simple language for normal people to understand it i hope my message is clear