> Android Virtualization Framework is the first step in reducing the over-broad conflation of device measurements with "security". It can lead to narrower measurements and attestation of specific OS components , while opening up other components to user modification without "breaking" device verification.
Okay... and then someone releases some new "security" library with an all-or-nothing philosophy that contains every possible check under the sun for any kind of rooting, modification, customization or even unlocking - and then all the banking apps start using this.
You can't win against security theater. You just can't.
> then someone releases some new "security" library with an all-or-nothing philosophy
Don't be demoralized by PTSD :)
AVF/pKVM is not security theater, especially if "apps" are incorrectly using attestation. pKVM provides strong isolation between Android and other VMs, using CPU support for nested (2-level) virtualization. The Android "host" VM can be isolated from the Debian Linux VM.
Search for pKVM technical videos. Implementation code was upstreamed to mainline Linux around 2021 and is public.
Banking websites work on desktop Linux browsers, which can be run in the isolated Debian Linux VM.
I said the banking apps are full of security theater. That's why they do root checks and such. AVF/pKVM will not prevent apps from incorrectly using attestation. If there's a way for an app to check for root or any possible deviation from fully trusted and unmodified, then it will be checked by certain types of apps, like banking apps, that rely on security theater. To be clear, the checking everything possible and completely locking you out if anything is even slightly off is the security theater. Not AVF/pKVM itself.
> checking everything possible and completely locking you out if anything is even slightly off is the security theater
Sadly not the first or last time that technology is wielded imprecisely or carelessly. Improvement options include:
1. Marketing and rewarding non-theatrical attestation
2. Open training content for attestation best practices.
3. Symmetrical 2-way attestation of open components.
4. Automated CI/CD detection of over-broad attestation.
5. IETF or other advocacy to improve attestation protocols.
6. Legal/regulatory mechanisms.
Okay... and then someone releases some new "security" library with an all-or-nothing philosophy that contains every possible check under the sun for any kind of rooting, modification, customization or even unlocking - and then all the banking apps start using this.
You can't win against security theater. You just can't.