The discussion I stumbled upon, about this SSH app for Android, is really worrying. Will Google really manage to make it impossible to root your phone?
But there’s more to this, it’s more complicated. In the Big Picture, Google has every incentive to make these changes — they lead to more security, and they’re aligned with Google’s corporate goals as well.
- When talking to users, Google will emphasize control over hackers.
- When talking to stockholders, Google will emphasize control over users.
Edit: I disagree with “they lead to more security”. That’s not “security”, let’s not turn words upside-down.
A banking app allowing itself to run on rooted devices isn’t a security issue.
That’s right. And if there is, the issue is the bank, not your phone. Rule number 1 in security is never trust the client.
Depends on your level of security consciousness. If you’re relying on security identifiers or apis that need an “intact” system, it certainly can be a security issue if you can’t rely of those.
That being said, it’s not exactly a plausible risk for most people or apps.