305
you are viewing a single comment's thread
view the rest of the comments
[-] notfromhere@lemmy.ml 3 points 8 months ago

That goes for unrooted phones as well. The danger with rooting a phone comes from the automated software that is doing the initial rooting. It could install anything in there and the user would be none the wiser. Once it’s rooted and permissions are requested via the superuser app, it’s not any more dangerous than a non-rooted phone, assuming nothing malicious was installed during the rooting process, that is.

[-] evo@sh.itjust.works 3 points 8 months ago

Once it’s rooted and permissions are requested via the superuser app

And you expect this piece of community software (that is often closed source to avoid detection by safetynet) is perfect? Never had any bugs or exploits?

it’s not any more dangerous than a non-rooted phone

The SU software itself is an attack vector. One with the ultimate payoff (root access). When you root the device you install a window in what was otherwise a solid wall. It is inherently less secure and I can't understand how a knowledgeable person would argue otherwise.

[-] michaelmrose@lemmy.world 2 points 8 months ago

SU software has been a thing for about as long as android about 20 years or about. Has otherwise legitimate su been a source of unattended exploiting?

The obvious risk factors are that users shall be tricked into granting inappropriate permissions to otherwise malicious or compromised software that they have deliberately installed. Outside of mobile platforms this is considered an acceptable risk that competent users can consistently successfully manage on their own hardware.

In fact if you look at actual users even those with very limited technical know how the primary thing that

The secondary risk is that users with no legit source of tools to root

[-] notfromhere@lemmy.ml 2 points 8 months ago* (last edited 8 months ago)

I agree with what you’re saying, but all software is insecure and it should be up to the user what their risk tolerance is. Instead, users’ control of their equipment is whittled down and before long the only choice will be deal with it or don’t play. Pinephone comes to mind as a phone with root access that is somewhat secure, but it also has latent vulnerabilities that could be exploited as its version of sudo is also an attack vector. Everything is a trade off especially in software/tech.

[-] evo@sh.itjust.works 2 points 8 months ago

but all software is insecure and it should be up to the user what their risk tolerance is

Yes. And app developers/companies should in turn do the same. A banking app and a lemmy app probably don't have the same security requirements. Each needs to apply the appropriate security constraints, and if that means not allowing rooted decices that's fair imo.

this post was submitted on 01 Mar 2024
305 points (100.0% liked)

Android

27985 readers
331 users here now

DROID DOES

Welcome to the droidymcdroidface-iest, Lemmyest (Lemmiest), test, bestest, phoniest, pluckiest, snarkiest, and spiciest Android community on Lemmy (Do not respond)! Here you can participate in amazing discussions and events relating to all things Android.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules


1. All posts must be relevant to Android devices/operating system.


2. Posts cannot be illegal or NSFW material.


3. No spam, self promotion, or upvote farming. Sources engaging in these behavior will be added to the Blacklist.


4. Non-whitelisted bots will be banned.


5. Engage respectfully: Harassment, flamebaiting, bad faith engagement, or agenda posting will result in your posts being removed. Excessive violations will result in temporary or permanent ban, depending on severity.


6. Memes are not allowed to be posts, but are allowed in the comments.


7. Posts from clickbait sources are heavily discouraged. Please de-clickbait titles if it needs to be submitted.


8. Submission statements of any length composed of your own thoughts inside the post text field are mandatory for any microblog posts, and are optional but recommended for article/image/video posts.


Community Resources:


We are Android girls*,

In our Lemmy.world.

The back is plastic,

It's fantastic.

*Well, not just girls: people of all gender identities are welcomed here.


Our Partner Communities:

!android@lemmy.ml


founded 1 year ago
MODERATORS