Ah yes, getting access to your own data would be a massive problem, can you imagine such a world?! /s
Such data should be put in (or encrypted by) the hardware-backed keystore. You get to have full access to what the OS does, including seeing what data gets passed into this secure element for encryption or signing (you retain visibility and control), and yet secrets can't be leaked to you or an attacker who tries to extract those secrets
See e.g. your bank card: it's yours, you can choose where to stick it and what transactions it authorizes, but you can't get at the token that serves as proof of possession nor reset the PIN attempts counter. Your phone('s banking app) could work in the same way and has the hardware on board that makes this possible. So you see, it's a choice that you don't get to see what apps are doing and people are scared into believing that access to their own phone is bad. It's a matter of conflicting incentives on the vendor side, not technical risk
There is an API for backing up all app data that requires authorization. This is different from giving the user root, so any malicious can back up all app data at any time.
Oh, that useless thing. I was very confused about something which can "app data that requires authorization" (thought maybe it's some Google service that extracts your secrets for device migrations) but you just mean the old adb backup that the security industry (that I'm part of, and fighting from within :p) destroyed in the name of people's own good
Like, yes this exists, but it doesn't back up half the things you need :(
Because my new phone would be my new phone. And a phone is a computer. That should be enough of a reason.
I'm quite surprised people who post here don't get that. I've been lurking for years even though my account is new and even though general hackerishness here has gotten a bit reduced over the years, but it's still HackerNews, not ConsumerNews. No offense implied - I just hoped I'd see more people willing to claim their right to own and modify their OS like a true hacker.
I do (re-)root my phone (after each update I have to flash the Magisk-modified boot.img again), but FWIW almost nothing needs root on Android, it lets you do way more by default than iOS. I think some people equate jailbreaking and rooting when there's not really a jail to begin with. You can install a custom ROM without having root and I think that's what most people really want to do. Cleaner base system, maybe some new features. I run LineageOS without gapps and it's great. I can use `sudo` inside termux since I have root. I don't really use it for anything except to verify that Magisk reinstalled okay (I do `sudo ls /` as a quick check). Installing F-Droid doesn't need root. You can even do it on locked down TVs and Amazon tablets usually. adb works as well, not sure why someone was saying it doesn't. Hell, adb should work even without either root or a custom ROM. I use it to reboot my phone into fastboot without the button combo and then flash Magisk right after.
I agree you might not need it, but the issue is one of principle. I want it because I might need it. I don't want to find another OS that supports root if I realize I need it.
Just how I may be OK with staying at home for months with deliveries and internet access and everything else provided for me, but I want the freedom to go outside. There is rarely anything I need that's outside, to be honest. And outside is more dangerous. But I want to be able to sudo outside whenever I want for whatever reason I want.
Well, as far as I know, none of the popular Android custom ROMs prevent root, though what you found about them not wanting to support you when you run into issues is probably somewhat true everywhere. I think the idea is that if something you're doing to get root or after getting root is causing problems, it would be outside the scope of the ROM itself and not their problem. I do still get help in the #LineageOS IRC channel and mention issues in there despite being rooted. I don't mention it unless it seems relevant, but I've seen bug report forms where they specifically ask. Ultimately it's gonna come down to whether they can reproduce it, consider it an issue, and if it's a problem with the ROM or something else. I don't think they intend to be malicious. I used to work in tech support for some enterprise backup software, and if there were signs that the customer's issue was because of their OS or network or someone else's software, that wasn't our problem to fix, and as soon as we could prove that, we could usually close the case. We were only there as support for a specific piece of software, it was their problem, or at least someone else's to keep the general servers and network working. I imagine the volunteer maintainers of LineageOS don't want to help you with things unrelated to what they do either. Have not used GrapheneOS as I've never owned a Pixel, but I imagine it's a similar situation.
I think you are answering not quite what's being asked.
I think it's completely reasonable to want to be able to get root on your device. For the exact reasons you mentioned. GrapheneOS allows that.
To actually do so, it's reasonable to have a reason. Otherwise what you're doing is basically running commands with sudo "because you can", which will bite you.
To have a rooted phone just for the sake of the trophy of having a rooted phone is something generally considered worse. Better to have a rootable phone, which you root if or when you have need of it.
>To have a rooted phone just for the sake of the trophy of having a rooted phone is something generally considered worse. Better to have a rootable phone, which you root if or when you have need of it.
This is indeed pretty reasonable. Very easy to root at any time after flashing LineageOS, for example.
If I could point out, the vast majority of people you see writing things as stupid as that are either have a huge stake in the company/industry or the government.
Thanks for all of your other comments in this thread I read them all and it is such useful advice for everyone, even seasoned security people.
