this post was submitted on 23 Jun 2026
464 points (97.5% liked)

Technology

85670 readers
3446 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 3 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
464
Volkswagen now blocks grapheneOS (cybernews.com)
submitted 1 day ago by HootinNHollerin@lemmy.dbzer0.com to c/technology@lemmy.world
103 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] abbadon420@sh.itjust.works 13 points 1 day ago (4 children)

But why?

[–] matlag@sh.itjust.works 21 points 1 day ago

Their intent was to block third party app, not GOS specifically. GOS not working is a side effect.

Why blocking third party? As said below: to force the use of privacy invasive apps, and collect more data.

Now they will change course only if they suffer from a sufficient backlash. And that needs to be painful enough to deter other car makers from doing the same.

[–] artyom@piefed.social 4 points 22 hours ago (1 children)

The title makes it sound intentional. The reality is because they added a security feature that verifies the integrity of the OS. Only to make it work on other OS they have to manually add it, but the number of users is so small that they don't even think about it. This was Google's intention when adding it.

[–] encelado748@feddit.org 4 points 17 hours ago (1 children)

Why does my car needs to verify the integrity of my phone OS? Why does my car cares? It is not like my car is using my phone to make money transfer between banks or managing third party medical information no? Why do you need a safe OS to start the AC on my car?

[–] artyom@piefed.social 1 points 17 hours ago (1 children)

Why does my car needs to verify the integrity of my phone OS?

Because the app on your phone has the ability to unlock, start, open, etc. the vehicle.

[–] encelado748@feddit.org 1 points 17 hours ago (1 children)

So? What is the problem? It is not unsafe to start a car. Could you blame VW if the car started because of unsafe software on your phone? Is there really a risk of malicious actors targeting car apps to start random cars?

[–] artyom@piefed.social 1 points 16 hours ago (2 children)

The problem is theft...?

[–] encelado748@feddit.org 2 points 5 hours ago (1 children)

So you have hackers mass compromising rooted android os around the world hoping for an overlap with Volkswagen users with the app, so that they can hack the app to unlock a car hopefully located near them instead of just opening the first car you find with a suction cup on the glass.

Ok, got it

[–] artyom@piefed.social 1 points 4 hours ago* (last edited 4 hours ago) (2 children)

you have hackers mass compromising rooted android os around the world

Not necessary. You only need to compromise one. Any one without some sort of integrity service. And it ain't that hard. Pick one of many with poor security practices.

instead of just opening the first car you find with a suction cup on the glass

You cannot start a car with a suction cup.

[–] jj4211@lemmy.world 1 points 1 hour ago

You cannot start a car with a suction cup.

I can't start my car with my car's app either.

If you really want to be picky about it, block out the unlock feature and any potential 'phone as key' functionality. Leave starting the air conditioning and information.

[–] encelado748@feddit.org 1 points 3 hours ago

Ok, I am the hacker from France that compromise the golf in Florida. Now what? Do I start the engine to pre-condition the car from across the ocean? You know you cannot even drive with the app, just start the engine… There is no reason at all for going all the way and doing this. None.

[–] chaospatterns@lemmy.world 2 points 15 hours ago* (last edited 15 hours ago) (1 children)

It's a question of security risk profiles.

Security ultimately often times comes with a tradeoff for user experience or privacy.

How does device integrity checks materially affect the security posture for theft when considering this system? Presumably the security checks for remotely unlocking a car is based around credentials and authN/authZ for the unlock service call?

Enforcing client side security has entered the picture recently, but a lot of it comes from security checklists from people saying did you add this check? Sure adding a device integrity check may stop at least one malicious actor, but is it worth the cost? To most companies, they're going to say they don't understand or care about the impact.

They could just go back to key fobs since those can't run arbitrary code.

[–] artyom@piefed.social 1 points 15 hours ago

No one cares about privacy.

[–] lokalhorst@feddit.org 6 points 1 day ago

Because they want your data :)

[–] frunch@lemmy.world 2 points 1 day ago

Because fuck GrapheneOS users, apparently 🤷‍♂️