Comment by mschuster91

> There's plenty of physical devices where it is possible

Yup, but say Samsung, kiss KNOX goodbye. Fused off once you flash a non-Samsung image.

> and Google publish official emulator images with root access for every Android version released to date. This part is still OK.

Many apps will straight refuse to run in emulators unless you're lucky to snag a debug build that accidentally got pushed to production.

> Most of the root detection is beatable with Frida etc, mostly.

It's a cat and mouse game and frankly, I'm sick of it - and especially about the fact that it's either "accept that you'll need to wait X weeks until <Magisk plugin> gets an update" or "install some unofficial closed source fork that may or may not be laced with malware".

> Best hope here is that a) it creates much work for most apps to bother and b) it eventually gets restricted as anti-competitive.

Rooting detection used to be too much work, then SDKs cropped up that made it very easy, and that will be the case for remote-verifiable hardware attestation.

And restrictions from anti-trust? No way that will happen in the next three years in the US, and here in the EU it takes about 5-10 years until our parliament finally gets to work after a problem gets too much attention for their lazy asses to ignore. And even then, the lobby from banks, game studios ("them cheaters!!!" in f2p scam games) and other influential lobbyists will likely prevent any serious action.