Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The elephant in the room, for Google and Microsoft, is verifiable security is worthless if no one actually trusts the organization that released the verified firmware.

Android should be have been split off from Google a long time ago.



If you're using Pixel with stock OS, you trust them anyways - it's about making sure your phone hasn't been tampered with by another party.


Trust isn't binary, there are several dimensions and varying levels of trust along those.


It doesn't mean that, it just means you selected it out of the available options.


How does this relate to verifying that the software running is the same as what google ships to everyone?


I'm responding to "you trust them anyways"

How does using a device mean you trust the vendors?

That's wrong. It's like saying you trust your governor because you live in a particular U. S. state.


If you don't trust them, why verify the integrity of the software blob they ship with their hardware at all?


that was the point of the original comment


I still want to make sure it's the correct download. And yes I think of the preloaded OS as a sort of download.


And who would fund that version of Android?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: