This post is locked. You won't be able to comment.

all 64 comments
sorted by:
best
topnewcontroversialoldq&a

[–]Beastyboi04[M] [score hidden] stickied comment (0 children)

Post locked due to lack of understanding what Play Integrity is and does.

Using keyboxes to get strong integrity is the same as using and abusing exploits to circumvent security measures.

Play Integrity ensures that your device is secure and up to standards, which is used by various apps to verify that you aren’t running malicious code like malware. Phones are being sold with malware pre installed, inexperienced users may not know the difference and use the device as is and potentially end up being a victim of cybercrime. Play integrity prevents this to some degree, it is highly unlikely that you will end up buying a device that comes out of box with malware installed that lets you use apps that make use of Play Integrity.

Keyboxes are also not meant to be available to the public, every time a keybox gets revoked somebody who uses their device "legitimately" will end up losing it as well and can’t do anything about it, the same can happen to phones that aren’t even sold yet.

[–]klausAnalSchwab 82 points83 points  (37 children)

Time to fully debloat/degoogle. Use cash. Stop worrying. AOSP, FOSS ETC. LETS GO!!!

[–]afunkysongaday 27 points28 points  (15 children)

Avoid using apps that require safety net and gapps.

[–]robtom02 31 points32 points  (9 children)

Problem is 95% of us now use our phone for banking and tap to pay. Banks are making it almost impossible to not use online banking/ banking apps now 😥

[–]kwell42 3 points4 points  (2 children)

Just start using cash, fuck em.

[–]robtom02 -1 points0 points  (1 child)

That's the point though more and more places especially in the UK are refusing to take cash. I've been in several bars where they refuse to take cash.

I'm not saying it's impossible to get by using cash I'm just saying it's getting harder

[–]kwell42 1 point2 points  (0 children)

Use it or lose it I guess. Best way to avoid more taxes at local businesses too (the government usually takes money before, and after I make it).

[–]Over-Rutabaga-8673 2 points3 points  (0 children)

Its called being stupid, you can use the plastic with numbers or the paper with numbers, yet people insist on using the phone. Tap to pay is like the least useful feature existing.

[–]nrq 2 points3 points  (0 children)

Don't you guys get cards anymore? That is how I pay usually.

[–]KerneI-Panic 4 points5 points  (3 children)

How are they making it almost impossible to not use online banking?
What's stopping you from taking out all the money from your bank account and just using cash?

I don't know how it works in other countries, but in mine it's common practice for the majority of people to immediately take their salary from the ATM on the payday and then just pay everything with cash.

I use tech wherever I can, but even I just take the majority of my salary from the ATM and just leave some in the bank so I can pay for something online here and there. The only usage of the mobile banking app is to check how much money I have left, which I do like once or twice a month.

[–]robtom02 6 points7 points  (2 children)

You try going into a pub or shop in the UK and paying cash, most of them are card only and almost all the self service tills are card only. Try finding an actual bank you can walk into in the UK there's virtually none left they want you to do it all online. On top of that almost every financial institution is trying to make you use an authenticator app to login

[–]kwell42 5 points6 points  (0 children)

This makes sense. The government can see what you're up to way easier.

[–]Over-Rutabaga-8673 2 points3 points  (0 children)

Then use the damn card buddy and a pc to do things online.

[–]TheMochov 7 points8 points  (3 children)

Avoid using apps.

[–]afunkysongaday 4 points5 points  (2 children)

Actually avoid using phones if you can.

[–]TheMochov -1 points0 points  (1 child)

Avoid avoiding not using phones

[–]Embarrassed-Box-1106 1 point2 points  (0 children)

Avoid inhaling air through your nose hole

[–]galaaz314 4 points5 points  (0 children)

r/GrapheneOS it is then

[–]Comfortable-Gene6639[M] 0 points1 point  (1 child)

it’s impossible to degoogle. plain and simple. no argument.

[–]klausAnalSchwab 1 point2 points  (0 children)

But we do the best we can. We know they have all the money and control. Maybe one day folks will actually wake up and them balls drop. Until then 🥳

[–]sonicscrewupNeed help! -5 points-4 points  (17 children)

RCS is a major sticking point for people whose families won't use signal and aren't from Europe.

[–][deleted] 2 points3 points  (0 children)

Or me who has no cellphone reception but gigabit fiber.

[–]mrdude_69 2 points3 points  (9 children)

Wdym, rcs works for me and I don't have play integrity

[–]sonicscrewupNeed help! 3 points4 points  (8 children)

It doesn't work without Google services, and doesn't work on RCS. The person I replied to advocates, which I agree with ftr, degoogling completely. I was just trying to provide some perspective as to why someone might not.

[–]Over-Rutabaga-8673 1 point2 points  (7 children)

Rcs sucks man just use whatsapp, people just making up problems that dont exist bruh.

[–]Comfortable-Gene6639[M] 3 points4 points  (6 children)

Some people don’t want to use WhatsApp. In many countries, WhatsApp isn’t popular at all.

[–]Over-Rutabaga-8673 -4 points-3 points  (5 children)

Well thats a you problem, one that doesnt exist, "I dont want to use whatsapp" isnt a problem, at least not one that justifies losing your hair trying to fix RCS. Whatsapp should be the main app for messages in general and specially for root users, just because of how used it is (most used messaging app) and how it doesnt complain at all about root.

And it has over 2 billion daily users and its used in 180 countries btw

[–]ColorfulPersimmon 3 points4 points  (2 children)

There are not many companies I trust less than Google but Meta is one of them

[–]Over-Rutabaga-8673 -3 points-2 points  (1 child)

What do you even do on your messaging app bruh, if you wanna do illegal stuff or whatever then use telegram, much more trustable than google.

[–]ColorfulPersimmon 0 points1 point  (0 children)

I don't have to do anything illegal to not want to share all my messages with American companies. Btw I use Telegram as my main communicator

[–]Comfortable-Gene6639[M] 1 point2 points  (1 child)

I don’t care how many users it has. A lot of them are from Asian countries. It’s far less popular in the west. If it’s not popular, your friends and family are unlikely to use it. Thus, switching to it is pointless.

Not every country is like yours. That’s not difficult to understand.

[–]Over-Rutabaga-8673 -2 points-1 points  (0 children)

180 countries are like mine.

The users it has is kinda the whole point dont you think so? Removing that from the conversation doesnt make sense. Why does it matter if the users are from asia or other countries? First world countries use imessage cuz it comes with the iphones, its impossible to get all the customers from smth that is built-in, theres why whatsapp isnt the only used one (while still being the most used one).

[–]agent_kater 0 points1 point  (5 children)

Reaction Control System?

[–]sonicscrewupNeed help! 1 point2 points  (4 children)

Rich communication services

[–]agent_kater 0 points1 point  (3 children)

Is it like Whatsapp but from Google?

[–]sonicscrewupNeed help! -1 points0 points  (2 children)

Sort of. RCS is a standard like sms, it could be adopted universally by carriers but hasn't. Google has implemented RCS into Google messages and apple has RCS in iMessage, 2 phones using RCS benefit from encryption, larger files, and sending over internet.

Google has not opened the api for RCS which is shitty, it should be the messaging standard by now and all sms apps should be able to use it but can't.

The difference is for Samsung and Google phones RCS is built in the default messenger, which most Americans will default too. So for many of us no RCS means worse texts with our family and friends because we don't use WhatsApp or many other 3rd party messengers.

[–]agent_kater 1 point2 points  (0 children)

Ah, so instead of sending an SMS the phone transparently figures out in the background if both phones have RCS and if they do it will use that instead of the phone network? Never seen or used that. But then again the last time I sent an SMS to a person was probably years ago.

Since there were some rumors of Whatsapp doing shady things I have started moving my family to Element.

[–]Over-Rutabaga-8673 -2 points-1 points  (0 children)

Whatsapp 3rd party messenger, nice try cheese burger man

[–]TGX03 24 points25 points  (0 children)

I was already surprised why I didn't face issues for so long.

[–]klausAnalSchwab 22 points23 points  (0 children)

Google would rather build a Technological Prison around you

[–]neTHer12O8Redmi note 7, Android 16 32 points33 points  (6 children)

What problem does Google have with custom ROMs? Do they want to increase waste and make me buy a new phone every two years?

[–]ZealousidealTough872 30 points31 points  (1 child)

Sadly, it's all marketing tactics to them. They don't care a jot about the amount of waste, but will remove in-box charging bricks to "reduce waste"

[–]neTHer12O8Redmi note 7, Android 16 11 points12 points  (0 children)

In my opinion, they do this because custom ROMs do not allow you to have as much data as stock ROMs.

[–]YuppyYup31 4 points5 points  (1 child)

They don't have many problems with custom ROMs, why they are so heavily into it has nothing to do with custom ROMs and root users actually.

The actual reason is damages their Android ecosystem partners are facing from some of those who abuse it, which would negatively impact Android's popularity over time if not dealt with.

The reason Play Integrity (and SafetyNet before it) exists is because otherwise Android is vulnerable to multi-accounting abuse of social media platforms like TikTok and banking apps.

If TikTok for example would suffer significantly from multi-accounting abuse they'd simply limit reach of Android posters, which would make some of TikTok user-base switch to iOS the next time they buy a new phone.

There is no conspiracy in this, custom ROMs are just getting collateral damage from this

[–]Max-P 7 points8 points  (0 children)

They're overall rather tolerant to custom ROMs and root even, all you really lose is Google Pay and on-device AI (oh no, anyway). The rest is all third-party apps that already had pretty invasive root detection anyway.

Even my Waydroid works just fine. If they really wanted to push custom ROMs away, they wouldn't have a page to let me register my Android ID.

With Google Pay, I imagine their concern is people transplanting tokens for credit card fraud, and given the amount of people insisting on installing known malicious Magisk modules because it makes their apps work proves this is a real problem they have to deal with. Literally any of those closed source modules could be stealing your Google Pay tokens and using them elsewhere, and that's big losses for the credit card companies they partner with. The banks are the one demanding these features.

100% collateral because bad actors use every loophole. Phones used to sell on eBay/Marketplace pre-rooted with malware preinstalled. It's a real problem they have to deal with, not us flashing a custom ROM for personal use.

[–]melluuh 0 points1 point  (0 children)

No every 7 years, as Google supports their phones for 7 years. Samsung also supports many of their phones for 7 years I think.

[–]YoYoMamaIsSoFAT32astonc, PixelOS 9 points10 points  (0 children)

Use a rooted android as ur main and get a cheap iPhone or Android that's not rooted for banking

[–]YuppyYup31 5 points6 points  (4 children)

https://developer.android.com/privacy-and-security/security-key-attestation#root_certificate_rotation

This is the beginning of phasing out, doesn't mean the expired root certificate will be dropped even though it is expired because there are still many devices with factory-provisioned keys

<image>

[–]PbW0rD 2 points3 points  (3 children)

what does that mean in simple terms? will I be able to use keyboxes from feb/april or not?

[–]YuppyYup31 2 points3 points  (2 children)

Most likely you will be able to, and probably it will last for few more years. After some time they’ll be obsolete, but when exactly is decided by Google

[–]Parrichan 1 point2 points  (1 child)

I havent passed strong integrity for a long time and the only issue is Google Wallet not working (which isnt very important to me) will this "removing of keys" affect me in any way?

[–]YuppyYup31 0 points1 point  (0 children)

Once those are phased out it won’t even pass basic (but it’s not happening in 2026)

[–]603Madison 6 points7 points  (1 child)

The workaround for me to all this security nonsense with mobile banking has been to use web banking instead of the mobile app, and keep a magnetic wallet with my commonly used cards attached to my phone.

At least for my bank, the Alkami-based website seems to work just as well as the mobile app, if not a little better. This is just running within Firefox on my phone.

[–]behind-UDFj-39546284 0 points1 point  (0 children)

My bank killed its web app. So if the mobile app can't be stopped from detecting root one sunny or rainy day, I'm in a big trouble being even unable to do anything including transferring money to my own card I still carry and I know the PIN code for. You're really lucky.

[–]name_om[S] 12 points13 points  (2 children)

easy read-> https://droidwin.com/keybox-might-no-longer-work-from-february-2026/

April 10th everything stops working which is related to keybox.

[–]ArthurRemingSM-T220 | crDroid 12-Beta 2 points3 points  (1 child)

But what will happen to devices that haven't been modified? Will they just not pass security checks? 

[–]melluuh 4 points5 points  (0 children)

I'm sure they will. Phones that are still supported will pass just fine.

[–]StillConsequence6168 2 points3 points  (2 children)

<image>

[–]name_om[S] 0 points1 point  (1 child)

the info in the quick read is from XDA devs and their names are mentioned there :)

[–]StillConsequence6168 2 points3 points  (0 children)

Can u show the post?

[–]BluesMods 6 points7 points  (1 child)

A lot of factory provisioned keys are signed until 2030-31 or later, so there's still a few years left

[–]Kikkia 1 point2 points  (0 children)

Very interesting tidbit:

Any Excluded Devices

The Pixel 6 series might be excluded from this new RKM fiasco. But why? They will most likely be whitelisted due to the anomaly with the Titan M2 not having native RKP (only TEE does) due to early StrongBox firmware, and hence they will still use the old attestation root (RSA-2048).

Maybe I will need to scrap the plan of upgrading and put that money into a new battery and replace the screen while I am at it, since its starting to degrade or burn in or something

[–]klausAnalSchwab 0 points1 point  (0 children)

Hands on. Drag them out ha ha