Reply to post: Re: will the user be able to uninstall Russian made software

From July, you better be Putin these Kremlin-approved apps on gadgets sold in Russia

doublelayer Silver badge

Re: will the user be able to uninstall Russian made software

"Keep your bridge (and your snark)."

In that case, I'll hold onto this bridge. Other people will eventually buy it. You'll get the snark anyway, though. Because your "what's the fuss" statement is bad. First, there are lots of phones out there that aren't rootable. And even if a phone is rootable, the user has to know:

1. What rooting is.

2. Why they want to root.

3. How to root.

4. How to deal with the bootloader which, in some cases, is English only (or in a rarer case, Chinese only).

5. How to find a trustworthy replacement ROM.

6. How to deal with the situation if their replacement ROM doesn't actually work, including how to obtain a manufacturer ROM and replace it.

Some people here know all these things. But that's in a community with a lot of technical people. The general public does not know these things, and it's not completely self-explanatory. But let's leave rooting aside for the moment. What would happen if Russia wanted this done, but everyone was able to uninstall or root at will? Simple answer. They would make another law requiring manufacturers to prevent that. Russia-specific models without rooting capability and/or mandatory malware that watches for use of ADB and inserts a compromised ROM in place of the real one (or just notifies the police).

I assume you or someone with similarly bad beliefs may look at my arguments and come to the conclusion that none of this matters for us, as we know how to evade this kind of interference. Why should I care if this happens; my phone will be malware-free? The reason I care is that many around me will have this surveillance on their devices. I care about other people, but that's not all of it. If they have surveillance on their devices, then they have surveillance on me every time we communicate. Every time their device is near me. And the malware can be updated, meaning I have to worry every time I receive something from them that could exploit a security flaw that their malware may have been developed to exploit that mechanism to spread itself. And we've seen that plenty of times before, so don't accuse me of extrapolating to extremes.

It is not at all acceptable to have a preinstalled application from a government. It is rarely acceptable to have a preinstalled application from someone who isn't the manufacturer, but at least I hope some of them check the payload and don't allow purely malicious software. It does not matter if the device has an "Uninstall this app" button because I cannot trust that button to do what it says. It does not matter if the device might in theory be rootable because most people won't go to that extent. It is not acceptable.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2020