Now Niantic's decision to disallow root devices, imo, is pretty regretful, as serious botters will likely be able to get around that restriction regardless. This only serves to punish users who are stuck between having a root-enabled custom ROM or a stock ROM where critical root exploits may exist.
One thing that I observed is that no one seems to be interested in producing a ROM that is both stable, has a variety of features, do not rely on root, and supports the device for a long time.
This is a shame really, because root itself breaks the security mechanism for android and users probably are not fully aware what it means when they grant applications root.
I personally got around this problem by compiling a build of CyanogenMod without root enabled, but with things like FDroid (with PrivilegeExtension) and adblock built-in to the ROM itself (albeit the update mechanism is to update the ROM it self). This is not a solution for the mass majority of users.
This problem is pretty difficult to solve and it is pretty deep, much deeper than what I'm willing to type in a single comment, so I'll stop here.
The TLDR is that it'd be nice if Android was more like Windows/Intel: install the OS (i.e. AOSP), drivers (or binary driver package format and an SDK to auto-build it) and boom you're done. Clean, stock, standard. Same with many Linux distros on x86/64.
I need to write an update to the article though. Lately I've been struggling with a Clearfog ARM board, and coupled with Torvald's recent comments on Intel vs ARM, I wonder if a huge chunk of the problem is ARM itself.
I've noticed for every distro there are really specific images, not just for each ARM chipset, but for individual boards, even when those manufacture patches make it into the mainline kernel.
I haven't looked closely at Android and I'm really curious at the build system/workflow used by things like Cyanogen and Omnirom. Are kernels really specialized per device? Does the ARM architecture itself make it difficult to have general purpose kernels that will boot on all of them like in the x86/64 world?
It's not really about the CPU architecture, but the peripherals of the devices. In the x86 world, the peripherals are governed by the "PC" standard, which these days is implemented by the chipset on your motherboard. They all have similar functionality, although you still do need some chipset-specific drivers in your kernel.
In the ARM world, the landscape is different. There has never been a de facto standard configuration of an ARM computer like the PC was/is for x86. There are ARM computers that are more like a micro controller and there are tablet/mobile devices based on ARM that have a system on chip (SoC) that's got all the peripherals, including GPUs, network adapters, etc. Every SoC is pretty different, there's a bunch of devices connected with i2c, spi and other buses. These are required to control the power and clock management and all the I/O devices.
ARM (the company) doesn't really design these, they just license ARM (the architecture) to a SoC manufacturer and call it a day. This leads to a very diverse and fragmented landscape.
The ARM world has been making strides to reduce the amount of chip-specific code. One good example is the device-tree configuration which, in theory, allows running the same kernel binary on different devices. With device-tree, you pass a config file from the bootloader to the kernel, which contains configuration (i/o memory maps, etc) of the peripherals (which you'd query from the hw/firmware in a x86 machine). This is a huge improvement over what was before it, but there's still a long way to go. And there's still plenty of older ARM SoCs out there that don't support this.
But yes, it's pretty much a mess. There's a lot of duplicate work that every ARM SoC manufacturer has to go through. Given that the mobile world is financed by a planned obsolescence cycle where they expect customers to upgrade every few years, I find it unlikely that this issue will be solved any time soon.
To be honest, x86 seems to be heading in the same direction these days. It generally has enough of an emulation of traditional PC architecture for boot purposes, but look at - for example - how CPU power saving on modern Intel chips requires the co-operation of stuff like the SATA links, or how traditional PC interfaces like PS/2 for keyboard/mouse and HD Audio are being replaced with more embedded-like interfaces such as I2C touchpads and I2S audio links connected to vendor-specific controllers.
We had Z80, 6509, 68000 and so so, but everything else that was plugged into their pins was different.
So it doesn't matter if the Assembly is the same, the kernel also needs to talk to the hardware.
Also ARM just resells the base designs, each company usually adds they own set of Assembly instructions or fine tunes the designs in some other way.
The IBM PC clones were the only ones that had some kind of standardization going on, and even that seems to be gone now, with OEMs going to the same kind of hardware designs we used to have (everything bolted on the board).
Unfortunately most mobile devices are not supported by mainline Linux (N900 is best supported, but not fully), usually only server/desktop/laptop vendors have any incentive to mainline their drivers.
The 2013 Nexus 7 was, at some point, 50 patches away from running mainline [1]. I know, single datapoint, but it gives me hope that there's some way out of the tabletification of computing.
Android kernels are built differently from PC kernels because unlike a PC where you might upgrade the motherboard, or add/remove hardware that would change what kernel modules are needed (and still expect the PC to boot), a cell phone almost never changes its hardware configuration after installation. If the phone is a Wombat 4s, it'll have X, Y, and Z hardware components and these will never ever change. If it's a Foobar 8000, it'll have X, Y, and Q, and there might be two different sizes of W which aren't even something that requires a driver and those will never change either. Including all the modules that might be present on any device compatible with the same CPU architecture would mean wildly more than 90% of the space used by the kernel/drivers would be completely and utterly wasted (and theres at least four more types of resources that would also be wasted that come to mind). This is not a thing one does with a device expected to run as long as it possibly can with a very limited supply of power and less RAM than pretty much any desktop machine you'd care to use.
A few botters don't hurt Pokémon go. But when it's easy to bot, lots of people will bot. It's easy to circumvent anti root, but it's impossible to use the same way for lots of devices without niantic being able to block it again.
So it really makes sense for them to go this way IMO.
Not really. It doesn't matter if the phone is rooted or not, what matters is whether it is feeding false gps data or not. Bots will soon find a way around this (non-rooted) restriction anyway.
That said, proper protection against cheating would involve using markers (other phones?) in vicinity, so it should be possible too.
Yes, bots will most likely always find a way, but I think it's more about thwarting the casual users. If you could gps hack by simply installing an app more people would do it. By making it extremely tedious, the causal user won't be as inclined to do it since the time it takes to figure it out won't be worth it.
I don't condone Niantic's behavior, but I understand it.
To me, it would make more sense if they weren't also banning users their auto-detection system thinks are spoofing GPS. A system which is fairly overzealous, might I add. I was banned for being in Japan, for example. One day out of the blue on my vacation, got the ToS violation notification which still hasn't been reversed, two weeks later.
The spoofers have had a way around this for some time now, as GPS spoofing simply does not require root privileges.
Niantic is not actually making any attempt to look for GPS spoofing software. They simply invoke Android's SafetyNet which doesn't care about GPS at all but does care about other things which happen to coincide with what's on some cheater's phones. It will never be anything like an effective measure against GPS spoofing.
> I personally got around this problem by compiling a build of CyanogenMod without root enabled, but with things like FDroid (with PrivilegeExtension) and adblock built-in to the ROM itself...
I just bought a Nexus 5x and loaded CopperheadOS on it, and to my dismay I see Ad-Away from F-Droid requires root to function (plus a couple other apps I really like). How much of a hassle is it really, because I absolutely want system wide ad blocking and I worry that I will be defeating the purpose of using a hardened OS in the first place?
Do you rebuild and flash each OS update as a new ROM? Is all your data on the phone persistent or backed up & restored each time?
> How much of a hassle is it really, because I absolutely want system wide ad blocking and I worry that I will be defeating the purpose of using a hardened OS in the first place?
Ad-away works by using a host file to block. The hosts file is generally not writable by the user without root as it lives on a read only partition (/system).
Another way to block ads is to connect to a VPN that blocks thoses hosts for you, however that is more cumbersome to setup.
While hosts blocking is not perfect... my thought on this was to expose a limited API that allows apps to update the hosts file without having root. This could be sketchy and a security risk on its own tho, because you're essentially hijacking DNS... In addition, I don't think the community is interested in this because they all love root..
> Do you rebuild and flash each OS update as a new ROM?
Every month, immediately after the security bulletin and a resync.
> Is all your data on the phone persistent or backed up & restored each time?
So android has a /system partition and a /data partition. When you reflash your system, the data partition (where all your apps, settings, what not are stored) is left untouched. Android will detect this and perform an upgrade operation on the /data partition, if applicable.
Apple added specific ad blocking features to iOS 9, and I don't think those rely on editing the hosts file. So in principle a similar design could work for Android, although I doubt Google would ever support that.
Apple added specific ad-blocking features to its browser on iOS 9. There are plenty of browsers that support ad blocking on Android, and they have existed since pretty much the beginning.
It is also possible to block ads in other apps on Android. One way is to use a custom hosts file that blackholes ad-serving domains. The hosts file is stored on a read-only partition for security purposes on most builds of Android, so overwriting it requires root. Another option is to point your phone to a DNS server that does the same thing. This does not require root and works across multiple platforms. Another Android-specific option is to use the VpnService API to implement filtering in an app that does not use root but gets to see all other apps' Internet traffic. There are several apps that do this.
I honestly would be very happy with a ROM that copies stock Android entirely, without any added features or customizations, rather focusing solely on stability, security, supporting a wide range of devices, and tracking the official Android release schedule as closely as possible.
Can someone point me to a ROM like this if one already exists?
That's not only about UI. Most people want customizations / features that enable things like 4G radio, wifi and graphics. What would be the point otherwise?
Maybe I should have been a bit more specific, but I was mostly just talking about UI features and customizations. I have no problems with a ROM modifying stock Android under the hood if it's necessary to enable basic hardware functionality. The point is to keep modifications to a bare minimum, to limit the overhead required to support each new Android release, and to maximize the number of devices the ROM is able to support given limited resources.
I was going to point you to the Pure series of roms by Beanstown, but I don't understand your question... You don't want ANY custom stuff at all or features, then what's the point? Just install stock android...?
I don't understand this sentence. Google only has a single phone that has only been out for like 1 day now, the Pixel. And it's not even stock Android, it's got extra features that the stock Nougat doesn't have. Again though, I think this whole thing is moot, because lots of phones have roms on xda that is basically just stock android with no customizations, so just install that and be done with it.
I said Google-branded, not Google-manufactured. The Nexus line is what people typically understand by "stock Android".
The point isn't that there are no vanilla AOSP ROMs for most devices. The point is that they usually suck, and a reputable well-supported one that actually worked properly would be a massive innovation.
When people say "Google's phones" it is generally understood to mean the unlocked line of Nexus devices that they sell directly and provide updates/firmware images for directly.
The problem is that you don't need root for GPS spoofing. Botters also don't care about SafetyNet (used to detect root before the game starts), since they reverse engineer the API and make REST calls directly.
Furthermore, there are ways around the root check - mostly involving hiding the su binary and some additional tweaks.
Is that really something that's available? Nothing turned up on a cursory web search, aside from a story about students building their own with $3,000 dollars worth of equipment (and it sure didn't fit in a pocket)
edit: And Wikipedia says "GPS spoofing attacks had been predicted and discussed in the GPS community previously, but no known example of a malicious spoofing attack has yet been confirmed"
They're highly illegal under US laws but from my reading around this topic, as someone who is currently building a gps-dependent app, is it's feasible.
Almost every country has something like that. The Dutch Agentschap Telecom will hunt you down for transmitting a fake GPS signal too.
The thing is, nobody cares if you send a signal too weak to go beyond a meter of your pocket. That's why it's totally legal to send FM on registered frequencies as long as your output is under a certain amount. Same with WiFi even.
I heard about someone looking into GPS spoofing once in the context of catching drones, even nearby ones (e.g. fly near to it). It takes a lot of energy to do that and was basically not practical outside of military settings.
This is not always true - FM transmitters were not legal in the UK, regardless of power, until 2011 or so. Can't imagine anyone was actually prosecuted for using one, though.
If there is no chance of getting caught anyway, there is only moral law. Since you're not disturbing anyone with an FM transmitter in your car that transmits only as far as you car radio, it passes moral law.
Interesting to learn that it wasn't legal in the UK though. I wouldn't know of the legality in the Netherlands, but I know they're in use and nobody's complaining.
Wow. You really have to stop drinking the Kool-Aid. This actually was the first thing they did, and very possibly the only thing they've done specific to Pokemon.
Niantic uses the same techniques they used for Ingress to deal with GPS spoofers, and they're not that advanced. Play for an unrealistically long period of time without stopping and you might get a tempban and flagged for careful examination. Appear to travel at jet plane speeds by performing non-idempotent actions without stopping by an airport first, or doing this too many times in a short period, and you'll also get flagged for possible banning. Beyond that, they're really not doing much and it doesn't really qualify as "advanced localtion anomaly detection". You're giving Niantic far too much credit.
Yes, the author makes the fundamental mistake of thinking that custom ROMs and having root access are the same thing. It is possible to have a custom ROM that does not give the user root access, and such a configuration is more secure for the user.
You literally didn't need to do any of this (and I'm astonished someone would wait through a CM build rather than do ten minutes of research). Also, I'd like to remind you that SEAndroid (i.e., SELinux) doesn't give a fig about "root" so your statements about that are quite wrong.
You can simply rename your su binaries through the recovery environment to disable them, which neatly disables "root access" and makes the SafetyNet check Niantic is invoking pass with flying colors. Should you need them again, they're only a reboot and couple of mv invocations away.
For me personally, this is not the reason for me to build CyanogenMod. I will occasionally modify certain things inside android to suit my needs and there are enough of these things that are not merged upstream that it's more convenient for me to just build my own version every month/week/whenever.
> Also, I'd like to remind you that SEAndroid (i.e., SELinux) doesn't give a fig about "root" so your statements about that are quite wrong.
This is an area i'm not quite informed, so maybe you can elaborate further.
The core issue that I wanted to express is that barely any community ROMs are CTS compliant, which is ultimately what SafetyNet checks.
> You can simply rename your su binaries through the recovery environment to disable them, which neatly disables "root access" and makes the SafetyNet check Niantic is invoking pass with flying colors. Should you need them again, they're only a reboot and couple of mv invocations away.
Doing a bunch of mv's is a hassle (esp over multiple devices) as I rarely ever need root on my phone. The only times when I need it nowadays is host based ad blocking, which I just integrated into my ROM. So this way I can just get rid of root all together, which is one more step towards CTS compliance.
It's two mv invocations. That falls quite a bit short of "a bunch of mv's". It doesn't exactly qualify as going out of one's way when most of us are already going through recovery (like TWRP) to install the updates.
SEAndroid/SELinux is a mandatory labeling system, which simply doesn't believe in special UIDs at all. It gives us pretty incredible granularity of control over things as well. Deny/grant access any number of users to each and every object and facility of the system, in any combination you like. Just understand that there's a steep and somewhat unforgiving learning curve and the documentation on what labels have been put into play on any given deployment has a strong and nearly universal tendency to suck until you're looking directly at the source code that sets up those rules.
If you never change any files outside of the ones you own (i.e. the ones owned by "root"), you don't need to back them up, right? For example, if I never touch any of the files under C:\Windows, I have no need to back up that folder (especially the files owned by SYSTEM that you can't access).
Root by itself does not break security entirely. Selinux policies and capabilities assigned to binaries can be used to drastically mitigate privileged processes from doing much harm.
I stopped playing Pokemon go when they put out the no-root update. I have never cheated, I even purchased some coins - I was a paying user. But they don't seem to want my money, and I'm not going to unroot my phone for a stupid game. I uninstalled it and ask for a refund. (They haven't granted it yet but I'm not giving up. I believe I'm in the right here and they owe me a refund since they've removed the functionality after I paid.)
Yes, Niantic was very lazy in their attempts to stop spoofers and botters. Rather than write some code to actually look for the few pieces of software the cheaters are using, they just started invoking Android's SafetyNet. Notably, very little was accomplished.
The problem? SafetyNet does not care about game spoofers/cheaters. That's literally not what it was designed to do. Pokemon Go does not represent "planned obsolescence". It represents Niantic being too damn lazy to search an array result for "Xposed" and instead invoking something that will make it look like they expended some effort.
It takes about five minutes to make a stock CyanogenMod device "compatible" with SafetyNet. All you have to do is rename two files, specifically /system/xbin/su and /system/bin/su. Boot into recovery (TWRP or whatever you have), and start a terminal from there (where you are as "root" as root gets, and this will always be so) and type `mount /system` to start. Next, rename those two files. Lastly unmount /system and boot normally. SafetyNet will be happy, which means Pokemon Go and Android Pay will also be happy. If you want "root access" back on your phone, all you have to do is go back into recovery and rename those two files back to what they were.
You can unroot CyanogenMod running on the Nexus 4 & Pokemon Go will run just fine. You have to give the SuperSU app root privileges in order to unroot ironically, but it works just fine & you can always root your system from the bootloader in the future if it turns out that you need root for some reason.
There’s an app in the Play Store that runs the tests the Google library that Niantic is using to check whether a phone is rooted or not (it’s the same tests used by the Google Pay infrastructure IIRC).
Also I was under the impression that SafetyNet would only pass on stock ROMs (to include official CyanogenMod builds lacking root). Is that not true? Will it also pass on any custom ROM lacking root?
Edit: According to http://androiding.how/use-android-pay-cm14-cm13/, SafetyNet (the tamper detection API in use by Android Pay and Pokemon Go) will only pass on official stable (non-nightly) releases of CM13/CM14 that have root disabled in the Developer options. It will not pass on debug releases of firmwares/ROMs, including Android 7.0 Nougat based CM14 and Android 6.0 Marshmallow based CM13 ROMs.
The SafetyNet API returns multiple booleans. The stricter version of the detection enforces that the system is an Android CTS-compliant device, but there are several levels below that. Apps using SafetyNet can decide how much they enforce. Unfortunately this testing app you linked doesn't seem to surface this at all and only shows the highest level (CTS).
Well, it's not like you haven't seen bloggers talking through their hats before, right? The amount of cargo cult nonsense in Android "news" kills me.
SafetyNet is completely fine with a nightly of CM13 (on Samsung Galaxy S5) after the su binary and it's accompanying symlink are renamed to get them out of sight (and effectively disabled). You don't have to touch the settings in developer options at all because SafetyNet isn't going on some extended search to look for the setting. It's just looking for the presence of an su binary in the filesystem in a few places during that phase of its checks.
This did not work for every user - for example my buddy bought an Asus Zenfone 2 (ZE551ML) specifically to play this game. I warned him not to buy from a China seller but he proceeded because he was finding guides that told him it was a great phone for the game - he literally bought this phone to play this game.
I attempted to remove root however this has now forced the phone to be stuck on Edge network (he can play but now only on WiFi :/) I have attempted to re-flash the physical ROM's (as well as the recovery matching those ROMs) from ASUS (successfully) and it still is stuck on edge. I've contacted his phone company (T-mobile) - insured the proper bands were being requested, 5x checked the APN settings and yet the phone still doesn't want to connect past edge. Here is the kicker, I scan for nearby cellular networks and T-Mobile (LTE) shows up, the phone registers, yet still won't obtain the connection.
Honestly that issue is probably due to some other restriction but it shows the frustration some users have had to deal with because of this move.
I even tried re-rooting the phone just to get his network back because he'd rather have his phone than Pokemon GO yet the phone had something special done to it to allow the network to work under root.
No one should have to go to those extremes especially when they aren't cheating and they are a paying customer.
In all honesty I don't believe the ban on root was done to deter hacking - my belief is that it was done because on average users only root because they want paid apps for free (a lot claim it's to tweak the UI and remove bloatware, but as more and more phone's get released we are starting to see this less and less of a requirement). While many rooted players (due to pre-rooting) are actually paying customers it still doesn't outweigh the paying customers who are not rooted and therefore it was more then likely a move to remove users who are less likely to put money into the game.
Every move they have done really reflects that they only want more money with the least amount of work and that is why I only keep the game installed to keep my 1 star reviewed from being weighted down due to being a review for an older version.
One of the big guys who is involved in creating a usable tracking system via a third-party map has made a wonderful statement about the many failures of Niantic [1]. From unnecessary obfuscation that only slows down older models, to banning the devices that aren't the reason cheating is happening, to not creating a good way to achieve feedback (apart from "critical errors" which is built into the app - maybe I should start complaining about the critical "Niantic" bug and that it needs to be fixed ASAP, but complaining won't really get anywhere if the company isn't listening to those problems) Niantic truly is on a path to destruction and I hope Nintendo doesn't let this amazing idea die if Niantic falls.
It really doesn't make sense to why they are making these decisions. The developers should know that banning rooted devices won't deter hackers - in fact I would have to say it's grown a few hackers/cheaters due to the frustration of dealing with lack of communication and oddly made decisions.
It should be pretty easy to get around this by using Magisk[0] systemless root, is it not? Magisk is able to pass Google's SafetyNet tamper detection API which IIRC is what Pokemon Go uses to detect root. Works for Android Pay at least, which also prevents use of the app on rooted devices.
I find it both hilarious and disappointing how much effort is going into an escalating arms race between video game cheaters and cheat detection. Considering that the players can't even win anything of real value. I think future archaeologists will see this whole thing as a bizarre ritual and struggle to understand what was really going on.
"A strange game. The only winning move is not to play. How about a nice game of chess?"
It is a relevant quote, but both the cheaters and the developers tasked to combating the cheaters both learn a great deal in the process. That, I feel is the true value-added.
The real value is knowledge gained. And I've seen some pretty crafty solutions created.
To what end? This is ultimately nothing more than a bunch of little kids playing cops and robbers. There's nothing wrong with playing the game, but let's not pretend that it actually counts for anything.
How so? I play Pokémon Go and can't think of a single thing they've done that has spoiled the experience for me. Neither can my friends. We love the game as it is. Bear in mind we are casual players, like most are.
Granted it's not the most representive sample but a glance through https://www.reddit.com/r/pokemongo shows that the majority of people are complaining.
I live by a park where there are 3 Pokestops and a Gym and it used to be mildly crowded, now it's empty. It's obvious that the game has died down and it all can be traced back to when Niantic broke the tracking system and proceeded to go after Maps.
Every "anti-cheat" measure they introduced (Detecting movement speed and root) netted a large number of false positives and they refuse to listen to their active and vocal community.
Not to mention the inherently broken Gym battle system where anyone can take over a Gym even if you were the one to beat the Gym owners. That was the one aspect I found too frustrating.
I wouldn't say that the vocal minority of reddit is representative of the player base in large but I see your point.
And yes, I've noticed the same thing. However, I don't think anyone thought it would continue like the crazy early days forever, where every other person you saw played. Just because that extreme hype died down doesn't mean no-one is playing.
I don't agree that it's due to the actions of Niantic though. I think it's just a natural fade of the hype. It would be completely insane if the player percentage had continued at that level until now. Even if they did all the right things I think the fade would have been inevitable.
I'm pretty sure they've been going after the mapping people both because those guys add a ridiculous load to the map servers, and because eventually people are going to start asking serious questions about why all of two cities have varying spawn areas for Pokemon, and the rest of the world put together has about as much detail as those two cities.
If you're not in San Francisco or New York, sadly, your most efficient method of "catching them all" is to simply sit and camp lures, because what doesn't spawn from that isn't going to spawn anywhere nearby so there's little point in searching. Flogging an RNG endlessly is _not fun_, and that's apparently a heavy player in what's driving players away from the game.
That made me quit too. It's basically a slot machine now. You can't hunt anymore, you just have to accidentally stumble across something.
> + Gameplay is highly repetitive past lvl 20
I would say gameplay is highly repetitive in general. You're basically just throwing Pokeballs around hoping something sticks. Sometimes a gym battle once you get to that point but most gyms around here are controlled by people with such ridiculous levels and Pokemon that it's barely possible.
I started just after footpad tracking was disabled, but now "Sightings" lets me track down 'mons just fine. Maybe it's more work than footpad? I wouldn't know.
That only exists in San Francisco. Anywhere else, we are pretty much blind without cheating tools. Besides, the Sightings system is only helpful in areas with high pokestop density: Without it, the system wouldn't help: There are ZERO pokestops in a one mile radius around me. The nearest area with pokestops has 5 clustered together in a park... that has no pokemon spawns barring luring pokestops.
Third party tracking systems let me go with my son pokehunting in my subdivision: we could see a pokemon we want, and leave the house to look for it. Without that, the game is no fun, as a typical trip will only yield pidgeys and weedles.
The problem is that Niantic recreated Ingress instead of creating Pokemon. So, the Pokemon players are leaving after the initial hype. The worst part is that Niantic has scads of data as to what game the players want to play and has failed to implement it.
The other piece to this is that it really seems like Niantic don't have a stake in whether Pokemon Go continues to succeed. I suspect Niantic was desperate, Nintendo beat them up in negotiations, gave them a fixed payment, and then flogged them mercilessly. The terribly slow pace of reaction reeks of:
"<American side> We don't automatically get a percentage of success, so we're not going to implement that without more money."
"<Japanese side> Well, let me discuss that with my manager. But we expect you to be honorable and fix this anyway."
"<American side> Uh, yeah. Sure. We'll work real hard on the promise that we might get paid when we're already having to do WAY more than we expected in terms of support given what you paid us. Yeah. We'll get right on that." Rolls eyes, and goes back to team "Do the MINIMUM you need to keep it from burning down and NOTHING else".
Pokemon Go may not have been the superstar everyone expected much later, but it still drives more revenue than most mobile games. (Nintendo is probably OK with that since it will no longer detract from Sun/Moon)
Me too. Kids still do. They seem to jump on/off the latest craze a lot slower. It gives them something to do while walking with their parent, which is inherently boring to them.
When I have a choice between Pokemon Go or root, I choose root every single time. I loathe Niantic for this stupid decision. The equivalent would be if Riot decided that League of Legends can only be played on PCs with a guest account and not an admin account. Completely pointless and dumb. I can't believe I bought some stuff in the Pokemon Go store, I want a refund. They robbed me, a legitimate and paying customer, of the ability to play the game on my device. This borders on fraud.
This practice needs to be stopped. There needs to be a simple app that can be installed that completely shields from, blocks and stumps this fascist SDK that detects root. And every custom ROM should have it installed by default. The problem is obviously bigger than Niantic. The problem is that people think we shouldn't fully own our phones and that such a mindset is acceptable.
This story hits close to home - I have the exact same problem as the blogger. I own a Nexus 4, run the latest CyanogenMod 13, played Pokémon GO for a while, and was blocked in the September update. I never used the root features of my phone, and tried some attempts to remove the root without success. Shame on Niantic for being so heavy-handed on its users.
For all I want a good tracker, and the sympathy I have for friends I have with rooted devices who can no longer play...
Niantic is not beholden to anyone to release anything, add any features, or do anything.
Its their game.
If you don't like it, either a) don't play, or b) make something better.
It's a testament to the compellingness of the AR game genre, and the brand recognition that Pokemon has they so many people are willing to put so much time and effort into the game despite how primitive it is.
People calling for an open API are fooling themselves. Why on earth would they give away the keys to the kingdom?
Hacking the protocol and the cheaters created this situation.
They have only themselves to blame for it. Cry. Me. A. River.
You might say that serious cheaters can bypass the restrictions / measures, but clearly from the fuss (and that fastpokemap is still down), its doing the intended job pretty much spot on.
Realistically, nothing is going to change, unless someone starts offering a compelling alternative to drive innovation.
The article is basically saying that because of Niantic, we have to choose to compromise between security and pragmatism of using apps.
The choice between running the software you want, like Pokemon Go, and the quick road
to obsolete devices in the Android ecosystem, at best forces users to make a choice
between security and functionality.
I think it's pretty obvious from the comments in here that there's plenty of blame being poured on Niantic for whats happening.
I'm just pointing out that the root cause and people who should be shouldering the blame here aren't necessarily Niantic... but more importantly, whinging about it won't change anything.
>Niantic is not beholden to anyone to release anything, add any features, or do anything.
I disagree. Some people with rooted devices paid money for this game and now they can no longer play it. In any other industry, this would give rise to a series of lawsuits and the company doing it would be in big trouble. Somehow, though, for games, it's acceptable to just take away the thing you paid for.
After Niantic's move to "encrypt" API calls (which was broken a few days after, btw), I'm not surprised they would arbitrarily block some devices based on phony explanations.
Bear in mind, bots have little to no effects on the game itself because you have little to no virtual interactions with other players. It's not like you were able to trade Pokémons you caught with someone else.
It is a problem that cheaters will fill gyms with ridiculously strong pokémon. Unfortunately, if you started playing significantly after release, even legit players are so much stronger that the game experience is the same. Alas, the underlying problem is bad game design.
In one of their past banwaves, getting off a high speed train or airplane and then killing some time at the airport playing Pokemon Go often got you banned because of "teleporting". (Not always a temporary shadowban)
Getting support to even respond to your mails (even when they're related to other issues) seems to be a matter of waiting for the right stars to align.
Maybe my comment was unnecessarily rude, but demanding a refund and calling a company a piece of shit because you got banned for cheating is absolutely entitlement. Just because you spend money on a service does not entitle you to have unlimited access against TOS.
When you pay for a product or service, you're entitled to the receipt of the product or service that you paid for. If you think I'm breaking your Terms of Service, you have every right to refuse service to me, like any other establishment. However, you also have to refuse my money. If I've already paid, you give it back.
That's my moral standpoint, anyway. Arguments against it exist (should people who start fights in bars and get thrown out by the bouncer get their money back?), but in this case I'm not sure cheating actually hurts anyone. Which is what Niantec has got so totally incomprehensibly wrong about this whole thing. No one is hurt by the things they're preventing. All they're doing is chopping chunks off their user base.
Niantec is falling in the classic 'never trust the client' trap, just like every other multiplayer game out there. At first the game works great for everyone, but some cheating is possible. They freak out about the cheating, start trying to prevent it (which is impossible, since they are trusting the client) by installing intrusive software on the client's device.
The real hackers don't really care. They just reverse the game's network protocol and talk to the servers directly, completely ignoring the anti cheat business. Or they work around the anti cheat, which is of course possible, because they control the client.
But the legitimate users? Their machines will become sluggish, they will get hit with false positives and banned for nothing, and in the worst cases their privacy is also forfeit as everything they do on their own system gets monitored by some game company.
I guess I'm splitting hairs here, but they didn't really pay for the service they were banned from. Using your bar analogy, it's like they were let into the bar for free, bought a drink (maybe finished it, we don't know?) then got kicked out for fighting. Would they be entitled to their money back for the drink?
Cheating has a small impact on the player base and probably on how much money Niantic is able to extract from the store. Holding onto gyms for a period of time nets the trainer "free" coins they didn't have to purchase. GPS spoofing opens up some of the more remote gyms to more attacks, and allows certain people to level up faster. It also has the effect of driving legitimate players away because they feel they can't compete.
I don't agree with many of the decisions Niantic have made, and I no longer play the game. But I don't agree with people demanding refunds from game companies that they have been banned from. I like that cheating players are punished. Cheaters in Counter Strike have left a very sour impression on me.
They were banned. Niantic ban for what they consider cheating. I figured if the OP was mistakenly banned for some reason they probably would have mentioned that in their original comment.
One thing that I observed is that no one seems to be interested in producing a ROM that is both stable, has a variety of features, do not rely on root, and supports the device for a long time.
This is a shame really, because root itself breaks the security mechanism for android and users probably are not fully aware what it means when they grant applications root.
I personally got around this problem by compiling a build of CyanogenMod without root enabled, but with things like FDroid (with PrivilegeExtension) and adblock built-in to the ROM itself (albeit the update mechanism is to update the ROM it self). This is not a solution for the mass majority of users.
This problem is pretty difficult to solve and it is pretty deep, much deeper than what I'm willing to type in a single comment, so I'll stop here.