• M-Reimer@lemmy.world
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 year ago

    It will be difficult to get around this on smartphones. Those are walled gardens already.

    But I wonder how Google plans to make this “feature” for desktop PCs? Won’t work at all on Linux and Mac and requires a kernel level always on spy driver to watch the Chrome process to prevent tampering with it?

    • FoxBJK@midwest.social
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      You already can’t get around this on smartphones. So many companies force you to use their app and only their app if you’re not in front of a desktop.

    • graphite@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      and requires a kernel level always on spy driver to watch the Chrome process to prevent tampering with it?

      That would be one method, yeah. The attester supplies a kernel driver and uses that to generate the auth tokens communicating with it via some protocol or via scanning memory.

      The driver is just chilling in the machine, perhaps even evasive to lsmod, such that the only way to detect it is to have your own driver monitoring for some specific signal before the attestor driver gets installed, and then using that signal to track its installation.

      There’s always a way. But, as you say, with phones it’s not as simple.

      GrapheneOS or some other ROM on an unlocked Android phone is probably going to be the only way of bypassing it.