Hacker News new | past | comments | ask | show | jobs | submit login

Yup. I gave up on trying to get Google wallet / Android pay to work on my lineage device. I got it working sometimes but it broke after update and just wasn't reliable enough to keep trying when paying for stuff. I'm not really sure whom they're protecting with this stuff -- the credit card processing companies, maybe?



I have found Play Integrity Fix [1] with playcurl [2] is reliable enough for passing Play Integrity in Wallet and other apps. My current issue is that Google Messages has its own integrity checks that are stricter than Play Integrity, and will silently stop handling RCS messages if it fails those checks. I currently have RCS disabled because it is too unreliable.

[1] https://github.com/chiteroman/PlayIntegrityFix [2] https://github.com/daboynb/PlayIntegrityNEXT


Huh, I don't have issues with RCS on my rooted OP7Pro. Is my version just sufficiently out of date not to have those extra checks?


I also have OP7Pro (what an amazing phone btw), and yes, we're pretty much sufficiently out of date that they still work - a wild but true reality we find ourselves in.


I mean my Messages app. I installed it years ago and never updated, because why would I ever updated an SMS app, the only thing that can ever happen is for things to break that used to be working, lol. I don't even know if I run A12.

I do know, though, that the OP7Pro is one of the last Android devices that are whitelisted by Google to pass SafetyNet without hardware-backed attestation. Shame that TWRP wiped my working setup. I've been trying to get them to add any basic protection against that for over three years: https://github.com/TeamWin/Team-Win-Recovery-Project/issues/...

It is an amazing phone. Notchless, relockable bootloader (not just unlockable, but custom AVB key support!!), in-screen fingerprint sensor, 90Hz AMOLED, and great build quality.


> because why would I ever updated an SMS app, the only thing that can ever happen is for things to break that used to be working, lol.

Text parsing/rendering is a security Achilles' heel, and SMS app vulnerabilities are commonly exploited entry points for persistent malware from the likes of NSO. All things being equal, should update SMS apps for the security updates.


Text parsing and rendering is supposed to be done by the OS. And if there's an OS-level vulnerability like that, then the OS is what you update, not necessarily just the app.


wallet doesn't work reliably on a non-rooted pixel phone with approximately zero software installed on it either, you may not be doing anything wrong


As far as I also understand Google Messages now uses this as well to gatekeep access to carrier RCS.

https://www.theverge.com/2024/3/1/24087418/google-messages-b...


How do you know it's carrier RCS? To the best of my knowledge they are only gatekeeping access to Google Messages private network, not carrier RCS? (Considering the very little number of carrier RCS that's not very relevant though)


All US carriers are now using Google's hosted Jive RCS infrastructure which means "Google Messages".


> I'm not really sure whom they're protecting with this stuff -- the credit card processing companies, maybe?

(small nit: does "whom" even go there?)

They're protecting the TEE because they do not want third parties to be able to automate Google Pay through modified software. This isn't necessarily just about normal end users but more like smartphone farms.


>They're protecting the TEE

Why do Transesophageal Echocardiograms[0] need protecting, and from whom do such diagnostics require protection?

I expect I'm missing something, but a web search for 'TEE' only returns that diagnostic test.[1]

[0] https://www.webmd.com/heart-disease/atrial-fibrillation/tran...

[1] Moral: Don't assume everyone knows what a particular acronym means. Just because it's in your head doesn't mean everyone else knows what you mean.[2] E.g., if I say 'JRE' I mean 'Java Runtime Environment' and not 'Joe Rogan Experience'.

[2] According to Piaget[3], people are able to identify that others don't know what's in their heads sometime between ages two and seven.

[3] https://psychcentral.com/health/piaget-stages-of-development...


I think, probably unintentionally, you've misjudged or ignored the tone your message is likely to be read as having.

To me, your comment comes across as having a rude and insulting tone.

I think the person you were replying to read it in a similar tone to me based on their response. ("No need to be patronizing.")

Is that the tone you intended?

A better way of handling it may have been with a simple, "What does TEE mean in this context please? Googling it didn't help me."

I'm asking the question rather than assuming it was intentional, as you put more effort into your comment than is necessary to just be rude.

It feels like you may have been trying to be helpful and just misjudged the tone. Maybe as a fellow neurodivergent person.


I feel like this part of their comment:

> According to Piaget[3], people are able to identify that others don't know what's in their heads sometime between ages two and seven.

is a little far to be a simple misjudged tone, even if it was intended as a joke. I did find it a bit funny but it still felt a bit insulting too.


>is a little far to be a simple misjudged tone, even if it was intended as a joke. I did find it a bit funny but it still felt a bit insulting too.

No. Not a joke. Just pointing out something you already knew: That I (or anyone else) don't know what's going on inside your mind unless you tell me.

That you ignored such a simple truth and didn't think to define your terms was a waste of my time. As such, I felt insulted at your (apparent) complete lack of respect for the time and attention of others.

Take that as insulting if you wish, and if you find it insulting enough, please ignore me completely going forward. I promise you I won't mind.

Have a good day!


> That you ignored such a simple truth and didn't think to define your terms was a waste of my time. As such, I felt insulted at your (apparent) complete lack of respect for the time and attention of others.

My neglecting to define it was not because I was ignoring that not everyone knows everything I do.

There are quite a few acronyms that are widespread enough on HN (or in programming in general) to be used without defining them anew every single time (such as, say, "API"). I hadn't considered that of those, "TEE" is not one. That doesn't mean I don't understand the concept of individual knowledge, only that I don't always put a complete effort into my drive-by comments, and evidently had not into that one.

Even at that point, it would have taken less time for you to ask for a definition without additional remarks that imply I should have known better. Who are you to imply I didn't know better? I'd say that was the real waste of your time, considering it makes up over 50% of the comment.

Additionally, I don't have a "complete lack of respect" for others' time and attention. I would've edited the comment to fix it if it had still been within the edit window. I apologized for having left the definition out because that was an honest mistake, and it was never meant to waste anyone's time or attention. Even before the apology, I don't think it was very reasonable for you to have assumed that the waste of time was intentional, and replied in the way you did.

> Take that as insulting if you wish, and if you find it insulting enough, please ignore me completely going forward. I promise you I won't mind.

I generally don't ignore people until I have nothing left to say to them. But yes, people (myself included) typically find it insulting when you assume bad faith of them. If this was truly your intention, then it is not just my fault for "wishing" to take it as insulting. Your tone has an impact on how others perceive you.

To be blunt, if you are rude on purpose and proceed not to care about how it makes others feel, that behavior isn't welcome here. I can understand if you felt frustrated that I didn't define my acronyms, but that's no reason to lash out about it, even when it's in the form of mere patronizing remarks.

You have a good day too.


Yeah, I'm sorry that they spoke to you like that. It was unwarranted, as was the subsequent benefit of the doubt I gave them. It's apparently just the attitude they communicate with others with. Unfortunate.


Your assumptions were mostly incorrect.

That said, thank you for your thoughts on this. I'm glad you shared them. Good on you.

That said, I don't need you (or anyone else, for that matter) to tell me how I should or shouldn't interact with others -- as that's incredibly condescending (and incredibly rude as well) and makes a number of unwarranted (as I mentioned) assumptions.

Again, thanks for your thoughts. I'll give them the attention they deserve.

Edit: Fixed prose.


I'm pretty sure you told the GP how they should or should not interact with others by telling them not to use acronyms. I'm don't understand how that's any different.


>'m pretty sure you told the GP how they should or should not interact with others by telling them not to use acronyms. I'm don't understand how that's any different.

Except I did nothing of the sort. I took the information given and attempted to interpolate (unsuccessfully, I might add) what OP was talking about.

While I did make the point that OP should have realized that others don't know what they're talking about if they don't tell us, I most certainly didn't say they shouldn't use acronyms.

Rather, I chastised them for not defining ambiguous terms, which wasted my time and energy trying to figure out what they were going on about.


>I took the information given and attempted to interpolate (unsuccessfully, I might add) what OP was talking about.

You could have used your brain and just Googled "TEE Android". But by all means, despite not having either the domain-specific knowledge nor the common sense to manage to Google it competently, feel entitled to be an arse about it. I trust you can read my tone here?


I see the benefit of the doubt was unwarranted. Righto.


Sorry, TEE stands for Trusted Execution Environment. It's where stuff like DRM executes with access to secrets that the HLOS (Android) can't tamper with. On ARM SoCs the TEE is usually provided as part of TrustZone. No need to patronize.


>Sorry, TEE stands for Trusted Execution Environment.

No apology necessary. I was just a little confused. Thanks for straightening me out!




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: