The discussion I stumbled upon, about this SSH app for Android, is really worrying. Will Google really manage to make it impossible to root your phone?
But there’s more to this, it’s more complicated. In the Big Picture, Google has every incentive to make these changes — they lead to more security, and they’re aligned with Google’s corporate goals as well.
- When talking to users, Google will emphasize control over hackers.
- When talking to stockholders, Google will emphasize control over users.
Edit: I disagree with “they lead to more security”. That’s not “security”, let’s not turn words upside-down.
Google has managed this years ago, but it’s optional. There was a fairly short timeframe when most phone makers enforced it, but now most allow power users to disable the security and root their phones. But usually they will disable some security-sensitive features like Samsung Knox. And many security-sensitive apps like banking apps will not let you run them anymore (if yours does, great for you, but that also means your bank’s security is shit, just FYI).
A banking app allowing itself to run on rooted devices isn’t a security issue.
That’s right. And if there is, the issue is the bank, not your phone. Rule number 1 in security is never trust the client.
Depends on your level of security consciousness. If you’re relying on security identifiers or apis that need an “intact” system, it certainly can be a security issue if you can’t rely of those.
That being said, it’s not exactly a plausible risk for most people or apps.