Made a bit of progress on the bypass sms verification code when signing up for a new Google account. The whole system is breathtaking from a technical, legal as well as a psychological persepective.
At least on Android, the user is deliberately steered into a “sunk cost falacy” type of situation that suggests that s/he just wasted a couple hundred bucks on a toy that won’t work properly unless connected with a Google Account. Of course, the phone screen is too small to read the terms compfortably and the default is to skip reading your contract anyway. If you want to know what you actually agree to, you pretty much have to look at the wire protocol (it is a lot). How on earth is it that we don’t have laws against this?!
Gosh, I hate SSL/TLS. What most people don’t know is that it’s not a cryptographic protocol in itself, but rather a means for negotiating which cryptographic protocol you want to use. Of course, you have to be an expert in the field to choose wisely, so the general advice is to stick with the defaults. Obviously, I can’t do that, so now it’s Passierschein A38 hell.
Stop telling me, I need an anti virus app…
Guys, computer viruses were a MS DOS phenomenon: code fragments that basically just scanned the filesystem for executable fiels (COM, EXE, Bootsector) to implant a copy in. There were two preconditions for a virus infection:
Android apps are sandboxed from each other and the app store concept ensures that you are no longer share infected binaries with each other. You don’t need anti virus apps and you should not install them either.