upvote
We should be fighting against SafetyNet and similar attestation systems.

The proper solution is one we had with desktop computing for decades. If you keep the key material on your eID or bank card, you don't need a locked down operating system. Which then allows devices to live for much longer.

We're slowly losing the war on General Purpose Computing.

https://media.ccc.de/v/28c3-4848-en-the_coming_war_on_genera...

reply
> We should be fighting against SafetyNet and similar attestation systems. The proper solution is one we had with desktop computing for decades. If you keep the key material on your eID or bank card

So you want a bank card/ID card to be required each time you use Google Pay? What's the point of Google Pay then.

reply
Actually I have a better idea. What if, instead of holding my phone up to the payment terminal, the bank could give me a plastic card with an antenna and chip, that I could hold up to the payment terminal. The chip could be powered by induction from the terminal.

Maybe I could even duct-tape it to my phone if I really want to do that.

reply
The obvious way to do this is that you need to physically attach the bank card in order to authorize a new vendor. So then when you sign up for Google Pay or Paypal or what have you, you need to get out your card -- which is good. You can't steal a physical card by breaching some other merchant it was used at.

From then your Google Pay account is authorized to initiate charges until you tell your bank otherwise and you don't need the card again unless you want to sign up for Venmo etc.

And it makes things easy if someone steals your phone, because you just sign into the payment processor and deauthorize the device or, if they've already changed your password etc., sign into (or go to) the bank and deauthorize the payment processor.

reply
Once upon a time(tm), Google had a great solution for that: You could get a credit card in nano SIM format, and insert into in your dual-SIM phone.

That then allows you to do secure NFC credit card payments even on a rooted phone with custom ROM.

reply
That doesn't work when someone has multiple or virtual cards. That also means if someone steals my phone they get my credit card too.

Not a great solution.

reply
You can load multiple card identities onto the same SIM and select the one you want to use.
reply
> That also means if someone steals my phone they get my credit card too.

Which hasn't been an issue since Chip & PIN became required, 22 years ago (at least over here).

reply
I think some banks still do this with NFC instead?
reply
Do you have more details on the sim credit card?
reply
> Agreed, but I think this will force the average user to upgrade* their phones after losing access to sensitive apps (bank, gov) before getting compromised.

The problem being that there are many millions of people who can't afford to replace a phone they only recently bought just because the vendor never updates it, which means those banks and things can't in practice demand that people do that. Indeed, it creates the opposite problem, because installing a custom ROM on that device would give it a patched kernel but cause it to fail attestation, so what the attestation is actually doing is requiring those people to continue to use the vulnerable OS.

reply
"this will force the average user to upgrade their phones"

A lot of phones don't receive any upgrades after 1 or 2 years...

I wish that Google would have forced vendors to implement a proper hardware abstraction (uefi or similar) so that a single kernel could run on any smartphone, just like it's the case for PCs...

reply
Google has required vendors to do that since Android 12. For a given version that same exact kernel is used on all phones with that version.

https://source.android.com/docs/core/architecture/kernel/gen...

reply
Unfortunately it still requires OEMs to ship that kernel.
reply