Over the weekend, it was discovered that the Android Netflix application could no longer be installed on rooted Android devices – in fact, it vanished from the Play Store on rooted devices completely. Netflix then confirmed it started blocking rooted devices from installing the Netflix application.
Well, it turns out we’ll only be going downhill from here, as Google explained at I/O that from now on, developers will be able to block their applications from being installed on rooted Android devices.
Developers will be able to choose from 3 states shown in the top image: not excluding devices based on SafetyNet, excluding those that don’t pass integrity, or excluding the latter plus those that aren’t certified by Google. That means any dev could potentially block their apps from showing and being directly installable in the Play Store on devices that are rooted and/or running a custom ROM, as well as on emulators and uncertified devices (think Meizu and its not-so-legal way of getting Play Services and the Play Store on its phones). This is exactly what many of you were afraid would happen after the Play Store app started surfacing a Device certification status.
This is bad news for the custom ROM community. If I can no longer install Netflix (and possibly more applications) on custom ROMs, there’s no way I’ll be using custom ROMs on my devices. For now, this is a Play function and we can still sideload the applications in question, but with Google Play Services installed on virtually every Android device, one has to wonder – and worry – how long it’ll be before such checks happen on-device instead of in-Play.
Apple Music is blocked too
The API already supports the app doing a cryptographic check every 30 minutes to ensure the device is uncompromised. Google sends key to app, app sends key to server, server asks google to validate the key. If the key has been messed with — server can turn off the app. Everything is protected with public key encryption.
They are using a similar scheme to keep anyone except the anointed few from building Chromecast devices. All of the Chromecast code is available, but if your device key is not in the authorized database no one will cast to you. If you’re not a multinational corporation forget about making a Chromecast device unless you don’t mind incorporating a $70 HW module from one of these giants.
https://developer.android.com/training/safetynet/attestation.html
Edited 2017-05-18 22:29 UTC
Google want to kill the ROM market once and for all. It served its purpose, brought Devs to the platform. Now with apple/android duopoly firmly in place they don’t need it anymore. Time to monetize it.
To paraphrase the TorrentFreak article, we’ll see if this causes any increase in piracy.
(It won’t change my habits, but only because NetFlix was already too DRMed and too “financially endorsing the behaviour of the MPAA” for me to subscribe. In fact, I’ve been boycotting the MPAA for so long that I accidentally trained myself to find film as a medium to be too slow-moving and information-sparse compared to novels.)
Edited 2017-05-18 23:06 UTC
Somehow I always felt a taste of ‘wrong’ with Google/Android allowing one to get root access so easy when the only real competitor is locking down its platform so hard … if you’re having a monopole, you don’t want your product being open for hacks of all sort.
Nevertheless I got fooled into it too and Google snubbed me with this move. I’ll get rid of Android asap. Just … there are no real options yet(?) Hope for other people looking for an alternative.
Ubuntu (sigh) or Firefox OS etc.. Linux for Phones in the end now for real? While I’m using Linux as my primary OS atm, I’m hoping for someome coming up with something really new, better, cleaner, faster … using a system that has its roots more than 40 years ago on brand-new technology doesn’t feel right too (granted, *nix is stable & well known though)
Edited 2017-05-18 23:17 UTC
Linux for Phones is practically dead: Mozilla dropped it, Canonical dropped it, Samsung is incompetent.
Regarding Linux for Phones – I think the only chance of getting proper (open)Linux phone off the ground and outwith of corporate control and vested interests: would be if some big names -and I’m thinking Torvalds, Stallman, Behlendorf etc- set-up an international crowdfunded project to do a linux phone from scratch (hardware but largely software)using zero binary blobs – even if that means using second or third tier SOCs, developing baseband processors from scratch – would be a big project. But only one FUNDED by the people for the people could really do the business. Don’t see it happening. Would be nice though
Edited 2017-05-19 08:17 UTC
Or it may comes to another company, like Nokia or something else…
A new kid on the block company which will become hype.
Exactly like Google was when it started Android : A project full of hopes until it became a pure cash cow.
No ?
_QJ_,
Yes, there would be merit to having a new kid on the block. Many of us are longing for one to be viable, however look at all those that have tried and fallen… I have no reason to believe an independent phone can compete unless it’s backed by billions, that’s what it takes to join the market these days. I imagine even android itself would have failed if it hadn’t been pulled into the google machine.
Google, you know damn well DRM doesn’t stop piracy, this serves to increase piracy by forcing us to loose access to content through legitimate channels. As always, DRM hurts innocent users while doing nothing whatsoever to stop actual infringers. We’re all loosing rights on our own devices because of this. Fuck you google.
…and to everyone who thought open promoters like me were only being critical of microsoft, take note!
I second that, fuck Google. Now who wants to try to go back to the Nokia N900 or N9 and update things? I already thought of doing such, only thing that was stopping me is I kind of like my Samsung Gear S2.
Granted, I don’t use Netflix on any of my Android devices, but I don’t get it, they finally made it so it’d work correctly in Firefox on Linux, then they break it for rooted Android phones? And seriously, what is wrong with rooting your own device? It was SO easy on the Nokia, but on Android devices you have to run around and install untrusted random crap (which of course does make it ‘wrong’). Ugh.
Companies like Netflix don’t care if actual piracy is increased, as long as they aren’t the source. Because that’s the stick that the studios & groups like the MPAA will use to beat them with.
This.
Also, this is one of the reasons anyone spending big money on a non-Nexus and non-Pixel phone is IMO doing a big mistake. You are paying a truckload of money just to have to deal with the pain of slow updates or the pain of unofficial ROMs, and, as this example proves, unofficial ROMs won’t be treated as first class citizens for long…
Edited 2017-05-19 10:21 UTC
On the other side, if you buy Pixel or Nexus devices you are actively supporting the same company that lured users with openness and now is closing the doors on them. Most OEMs don’t care so much because they mainly want to sell you hardware.
On the other hand, if you expect openness to become mainstream, you are probably busy buying the Brooklyn Bridge and the Eiffel Tower right now.
There are just too many interests working against openness. There are corporate interests like DRM (essentially, fully open OSes avoid DRM by avoiding official content clients and opting for unofficial ones that have to play catch up with new versions of the DRM) and there are customer interests like the need to have a single platform that runs the same apps across all devices and “flavors” (remember that the reason Google can enforce the Android Compatibility Definition is because they hold the keys to the proprietary closed Play Store).
Everybody knew Google’s openness promise was a lie since the Honeycomb era, but they still feel the need to whine about it. And no, it didn’t play a role in Google’s success, otherwise the Nexus One would have been a roaring success, as the most open Android phone. Yet the majority of customers opted for Samsung’s closed TouchWiz.
Edited 2017-05-19 12:06 UTC
I went with Samsung’s phones because of their better overall hardware, and they support SD cards, which none of the damn Nexus/Pixel devices do.
And the only reason I root my devices is so that I can avoid advertisements. This doesn’t even prevent apk piracy, and since when does a rooted phone automatically mean you’re stealing shows off of netflix? None of this makes sense to me. I’ll admit though, maybe there IS a way to capture streams from Netflix that requires a rooted device? I’ve never heard of one though…
There’s your second reason for Google wanting to disincentivize rooting.
Good news then: You can use Disconnect Pro from Samsung’s store. It uses KNOX so it will natively filter ads, without requiring root, a proxy, or a VPN.
I never looked back.
Why would any company care about some statistically insignificant hippies who don’t have any money anyway ?
Edited 2017-05-19 06:51 UTC
I think the point is not just Netflix per se. It is that every developer might be doing so sooner or later and it might become unfeasible to use a rooted device in daily life.
There are workarounds for this, one of them is Magisk which is already gaining traction in the custom ROMs world. Magisk can hide the fact that the device is rooted to a list of selected applications, making the system to pass the SafetyNet checks.
Anyway, the reason why Google is doing that it’s not because they don’t like rooted devices but because is more easy to tamper with a rooted device and for Netflix, by example, this means that videos downloaded in app can be easily extracted.
Edited 2017-05-19 07:31 UTC
Yeah, but isn’t that the same in the end – users having full control over a device simply implies some of them messing around with, and some of these some wanting to circumvent stupid lockdowns like not being able to get Spotify music as .mp3/.ogg or, well, netflix as .mp4 …
I’d pay gladly for such services, if they weren’t so locked down … just a neutral look at, dealing with the average pirated stuff these days implies ad- and malware-infested one(two/three/fiveteen) click hosters, fake countdowns just to have a “we hate adblock” thingy pop up after the video finally started (and that adblock was already off, because of this very reason, fkkit) – so if it isn’t for anything else, just the convenience of e.g. Spotify is worth the money.. but DRM, uff..
On my old MacBook there was a tool that was able to capture Spotify in realtime including the ID tags, cover art etc.. but this was, of course, illegal again (at least by the TOS)
(I know it’s an old argument, but when I invest several hundreds in a piece of tech, then I want to have the ability to gain full access over it, without loosing functionality or other kind of penalty.)
—
Workarounds for Google Play DRM?
Welcome to iOS Land :/
Edited 2017-05-19 15:21 UTC
I use mag and still failed saftynet as my bootloader is unlocked.
I havent had g framework on my phone for years and enjoy the extended battery life
Block too many apps and i’ll do the same with my tablet, why would i give up the privacy and flexability of a custom rom?
The main reason for me to stay with Android is getting root and choose a custom ROM, so I can do much more with my phone when compared to iPhone/iOS.
Now, I’m using a cheap Motoroloa phone with latest Android thanks to a custom ROM. I can also choose what it’ll run, saving space, memory and battery life. I would never pay the price of a high end Android if I couldn’t get root acces or install a custom ROM.
For now, Magisk is working as promised, and I can install Netflix and Super Mario Run from Play Store, but we don’t know for how long this will be truth. If both platforms (Android and iOS) have the same drawbacks, I’ll jump to Apple’s – at least I don’t need to wait 1+ year for an official update.
You trust your ROM provider. Netflix maybe not.
Everyone would like to walk over trusted layering. I would, but can’t.
As In Alien the movie: First to Wake OWNS the Ship
Time will come, when ROMs credentials will be enforced. Remembering Shielded CPUs are already in production.
So, first they block me making payments with my Nexus 4, now my main apps won’t be able to install. They stopped updating for the Nexus 4 long ago, and ROMs were the only way for me to keep up on it short of buying a new phone. Even with me using AOSP, the payment stuff doesn’t work, and it counts as a custom ROM.
Good thing my iPhone 5S is still getting supported updates…
Funny, it’s making me decide that Netflix isn’t worth my money anymore. Back to piracy I go.
I don’t need draconian DRM to be convinced to pirate movies. The money I save every month and the trouble I save from not having to hunt for content in half dozen streaming services is enough for me (pirates have only two sources to deal with, Exodus and Real-Movies).
But you see, there are people who value a little more convenience more than not having to deal with DRM, saving money and not being extorted into buying the same content over and over. So open OSes will never have a fair fighting chance, no matter what you and me do.
Edited 2017-05-19 19:40 UTC
Open Code will always be there. As a commonality. A shared framing. A linking language.
Hardly as a popular tool. Lacks the power behind it.
Not trying to offend, but suspecting even RedHat would consider alternative monetizing models, if as big as Apple or Microsoft.
RedHat at much higher moral grounds, on working over open code -But also suspecting because result a lot cheaper to the way Institutional and Big Business work.
Funny thing is, Netflix finally works under Firefox for Linux instead of blocking it based on it’s User Agent…
Really if they’re going to break this much functionality, maybe I should invest in a Sailfish phone..
Don’t worry Thom. This is like the 80’s when software companies started putting disk protection on. Some inventive little cracker is going to disassemble the thing, find the check, issue a mighty JMP instruction, package up into a 1337 version of the APK and everyone will be trading with it on the dark web.
Sad.. but, you watch. It’ll happen.
uridium,
You are right, software based DRM is inherently flawed from a security point of view. A google employee posted a discussed of this in 2013:
https://plus.google.com/+IanHickson/posts/iPmatxBYuj2
However the damage goes further than just DRM. Even if it’s cracked, a significant portion of users will give up their phone customizations when the barriers get too difficult.
My rooted blu life phone running stock android is triggering google’s tilt bits and certain apps are missing from the store even when I search for them. I tried the “Magisk” root manager, mentioned by others already, but it’s not working on my phone. I’m currently stuck with reduced functionality because google elected to side with media companies to punish owners of modified phones rather than defending owner’s rights to modify their own phones. I wonder if google is getting something in return for throwing modified phone users under the bus or if this is something they are doing of their own volition.
Yeah, I was serious but there was a generous degree of tongue in cheek. Your unfortunately spot on with your “once it becomes too hard..” comment and I’m sorry to hear about what’s happening with your phone. That’s rubbish. My only android device is an antique galaxy note 10.1. The experience turned me off Samsung and soured my opinion of droid thus far.
Reminds me of the days of OpenDarwin and when you could compile up to mid-way through the 10.2 era your own kernel and user-land then CCC or ditto the proprietary bits over to have your own distro. Once it became too hard and too many missing parts.. people gave up. I was one.
Perhaps there needs to be a different approach. See.. DEC and Microsoft did a couple of interesting things with a couple of their propriety systems by giving access to enthusiasts to their systems in a controlled and legit way. I noticed with both instances that giving enthusiasts a positive direction to focus their energies on. DEC (and continued by HP) did it with VMS and the hobbyist license where they would for an annual re-issue (free) give you a set of license codes for everything in the SPL (software product lib) .. everything. All compilers.
Microsoft did it when people were trying to run homebrew on the Xbox360 and PS3 ..MS released the XNA platform which let people develop and share software that ran on the console with access to all the consoles features. I firmly feel that this dramatically reduced the cracking efforts for the platform and indeed I recall it was around 2-3 years after the PS3 was cracked that the 360 was quietly cracked and then mostly for pirated software.
Perhaps there needs to be a sandbox so people can pull the O/S and apps apart .. in a sensible and controlled fashion?
Food for thought hopefully,
Currently Netflix’s all works on rooted phones. You just have to side load it
No surprises here. When it comes to DRM, the corporations benefiting from the rights will go to great lengths to enforce them.
As the media industry moves more and more into streaming as the dominant distribution channel, capturing the content for re-use when off-line will become next to impossible. Think about it – the network providers (bandwidth), advertisement channels (Google, Yahoo, etc.), and content providers (Apple, Netflix, etc.) all benefit in some form or another from streaming rather than downloading.
At this time, the enforcement appears to be only from a few content providers. It will likely go to game providers next.
The Linux fanboys laughed and insulted when I pointed out Google was gonna pull a “EEE” on Android and it would end up about as open as a TiVo, and here it comes.
With more and more critical functions locked behind the Playwall and it becoming harder and harder to root phones (which in and of itself is a slap in the face, you shouldn’t have to break into your own hardware just to remove the default apps, even MSFT was never THAT nasty) without using malware like Kingoroot, this is the final E..extinguish.
The future of Android is an OS that won’t run any apps anyone wants unless it is on an approved hardware/software combo (a feat even MSFT was unable to pull off) and while you’ll be given the code it will be just as useless as the code TiVo hands out because there will be no hardware that will actually run it.
Its sad that so many fell for the EEE and championed for Google but for all of us who saw this coming years ago…we tried to warn you.