• limonfiesta@lemmy.world
    link
    fedilink
    English
    arrow-up
    8
    arrow-down
    3
    ·
    1 year ago

    Rooting can harm the security of your device, significantly.

    I understand you’re wanting to root for privacy reasons, and I’m not saying you should never root, just understand the risks.

    Instead, I’d suggest keeping your Pixel and installing GrapheneOS.

    Or, find another phone that is supported by DivestOS.

    Both of those ROMs are privacy and security hardened and relock your bootloader for a secure boot.

    • lemmyvore@feddit.nl
      link
      fedilink
      English
      arrow-up
      13
      ·
      1 year ago

      Rooting can harm the security of your device, significantly.

      Why is that? On a rooted device you still benefit from Google scanning installed apk, and root access is protected by an explicit accept dialog.

      It’s the exact same setup as UAC on Windows or the admin prompts on Linux and Mac.

      • floofloof@lemmy.caOP
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        The rooting process itself often involves running an exploit and trusting whoever wrote the rooting tool not to use that exploit to do anything undisclosed. If you wanted to install an undetectable rootkit, slipping something into such a tool wouldn’t be a bad way to do it.

        • lemmyvore@feddit.nl
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          The rooting process itself often involves running an exploit

          It most certainly does not. Exploits were used a decade ago, nowadays you unlock the bootloader using a manufacturer-provided key. And regardless of the key you need physical access to the device and rebooting into a special runtime.

      • limonfiesta@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        1 year ago

        You just answered your own question. How many users click approve without thinking? How many install Xposed modules that intentionally, or unintentionally, create security issues?

        I didn’t say rooting will break your security, just that it can. Rooting exponentially increasing the attack surface, which for some users isn’t a concern, but for your average user, it probably should be.

        In this case, this person wanted to increase his privacy, which is why I recommended what I did.

        Also, FWIW, there’s a reason why GrapheneOS and DivestOS specifically design their ROMS to NOT be rooted and to RELOCK the bootloader.

        • lemmyvore@feddit.nl
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          2
          ·
          edit-2
          1 year ago

          Saying “rooting can harm the security of your device significantly” is like saying “crossing the street exposes you to mortal danger”. It’s technically true but fails to take into consideration a huge amount of factors, to the point it loses all meaning. Either qualify your statements or refrain from making such generic ones.

          You just answered your own question. How many users click approve without thinking? How many install Xposed modules that intentionally, or unintentionally, create security issues?

          You do realize that most of the Internet runs on servers where people have admin access? And there’s no shortage of attacks against machines on the Internt. If they can manage to function under these conditions I think my phone will also be fine.