Because Android lets you run apps that iOS won't, including apps that you write yourself. Attestation is a security issue. If there's some useful feature you can't get on Android, that is a permission issue. It is silly to throw permissions out the window and allow apps to do absolutely anything. Instead, make an appropriate permission.
It's not permissions, those are fine. It's apps being able to tell the difference between a corporation's operating system and my own customized system. They should not be able to tell the difference.
Unfortunately, hardware remote attestation makes it possible for them to know. Now apps will insist that you run the unmodified corporation's software. Bank apps will require attestation because of "fraud". WhatsApp will require attestation because of "terms of service". Streaming apps will require attestation because of "piracy". Games will require attestation because of "cheating". Every app in the Play Store will find a bullshit reason to require it and the result is we can't use their software if we own the machine. We're all hostile users and the only way they'll allow us to use their services is if we cede control to the corporations who lock everything down and spy on us.
It's a heavy blow to mobile computing freedom. It wasn't that great to begin with but this makes it even worse.
And why not? If it's tampered with, it could have been tampered with by a malicious actor who can now lift your bank keys from the device.
Ultimately, it is about permissions. You modified your OS to do something you couldn't do on an OS that wasn't tampered with. If instead, the thing you wanted to do was available behind an appropriate permission, you wouldn't have had to modify your OS to begin with.
Because I'm the owner of the machine and I decide what informarion the applications running on it can obtain. If I want them to believe they're running on an unmodified operating system, then that's what they should believe.
> it could have been tampered with by a malicious actor who can now lift your bank keys from the device
Then give me the keys to the machine and let me use them to sign my own software. People who don't care can use the easy corporation attestation but I still get to maintain control.
> You modified your OS to do something you couldn't do on an OS that wasn't tampered with.
> If instead, the thing you wanted to do was available behind an appropriate permission, you wouldn't have had to modify your OS to begin with.
And what if what I want to do goes against some corporation's terms of service or whatever? What if I want to monitor what apps send over the network? Reverse engineer an app? Copy and manipulate their data? Automate tasks? Fake the personal information returned by system calls? Block advertising? Block surveillance?
Essentially, what if I want to do anything that harms their bottom line? These are not things that corporations will ever give me permission to do. It's an affront to my freedom as a computer user.
> And what if what I want to do goes against some corporation's terms of service or whatever? What if I want to monitor what apps send over the network? Reverse engineer an app? Copy and manipulate their data? Automate tasks? Fake the personal information returned by system calls? Block advertising? Block surveillance?
You can do all of that on Android, many of those without root. If you want to modify any process's memory, you need a permission that doesn't exist. With sufficient imagination, you could invent a permission system that allows you to do that but doesn't allow a malicious app to do that. If instead you allow arbitrary tampering like you want, up to and including replacing the system partition without indication, there's no way for the bank to know your banking has been hijacked by somebody other than yourself. Your bank doesn't give a damn what you do with the banking app on your device. It cares if it has to deal with mass exploitation of its customers.
