[Completed] Need help with changing a ROM around - XDA Assist

Okay so I'm still using a OnePlus One and after the whole debacle with CM getting shut down I decided to switch away from my CM ROM to a 7.1.1 rom and after testing roms for an entire day I found the perfect one and I just love 7.1.1 in general.
HERE'S the problem. Every single Rom i tried comes Rooted. And I can't have that because a lot of apps and games are starting to be very picky with that. So I was wondering if there's a way to make the ROM I want to use completely Root free. Because here's the thing, even if I remove the Root with SuperSU or something afterwards, some apps still show the device as rooted, and for some reason Developer Options don't want to turn themselves off.
To give some of you a example between the two roms.
The ROM i want to use: https://forum.xda-developers.com/oneplus-one/development/nitrogen-os-7-1-0-nde63p-t3491386
The ROM i was using: https://forum.xda-developers.com/on...m-kernel-unofficial-cyanogenmod-13-0-t3242700
The ROM i was using (SultanOS) comes completelly un-rooted out of the box and Android Pay and the game I play (Fate/Grand Order) work just fine.
The ROM i want to use is NitrogenOS and while it works amazingly on my phone and would totally use it as a daily driver, it comes pre-rooted, and even after getting rid of the "superuser" folder in the .zip and editing the "updater-script" file with Notepad++ and removing everything with "superuser" in it (like I was told in the discussion) it seemed like the root wasn't installed, but the apps still seemed to detect some sort of root and i can't seem to turn off developer options (with and without root). Also tried the unSU method by @osm0sis but again...it only seems to get rid of the root but dev options don't allow me to turn them off and apps still see the phone as rooted.
So can anyone help me here? What I basically want is the NitrogenOS ROM, but completely Root free on install like SultanOS.
If I could possibly get input from @amardeep434 and @Sultanxda that would be amazing. Because both of your builds are amazing, but as far as i know Sultan is switching to the OP3T so I'm not expecting a 7.1 ROM anymore.
Root is good for a lot of people, but I personally think with how easy flashing SuperSU is nowadays, ROMs could easily come without it and save some of us a ton of headaches.
Hopefully I can get some help on this. I'd greatly appreciate it.

lsk91 said:
Okay so I'm still using a OnePlus One and after the whole debacle with CM getting shut down I decided to switch away from my CM ROM to a 7.1.1 rom and after testing roms for an entire day I found the perfect one and I just love 7.1.1 in general.
HERE'S the problem. Every single Rom i tried comes Rooted. And I can't have that because a lot of apps and games are starting to be very picky with that. So I was wondering if there's a way to make the ROM I want to use completely Root free. Because here's the thing, even if I remove the Root with SuperSU or something afterwards, some apps still show the device as rooted, and for some reason Developer Options don't want to turn themselves off.
To give some of you a example between the two roms.
The ROM i want to use: https://forum.xda-developers.com/oneplus-one/development/nitrogen-os-7-1-0-nde63p-t3491386
The ROM i was using: https://forum.xda-developers.com/on...m-kernel-unofficial-cyanogenmod-13-0-t3242700
The ROM i was using (SultanOS) comes completelly un-rooted out of the box and Android Pay and the game I play (Fate/Grand Order) work just fine.
The ROM i want to use is NitrogenOS and while it works amazingly on my phone and would totally use it as a daily driver, it comes pre-rooted, and even after getting rid of the "superuser" folder in the .zip and editing the "updater-script" file with Notepad++ and removing everything with "superuser" in it (like I was told in the discussion) it seemed like the root wasn't installed, but the apps still seemed to detect some sort of root and i can't seem to turn off developer options (with and without root). Also tried the unSU method by @osm0sis but again...it only seems to get rid of the root but dev options don't allow me to turn them off and apps still see the phone as rooted.
So can anyone help me here? What I basically want is the NitrogenOS ROM, but completely Root free on install like SultanOS.
If I could possibly get input from @amardeep434 and @Sultanxda that would be amazing. Because both of your builds are amazing, but as far as i know Sultan is switching to the OP3T so I'm not expecting a 7.1 ROM anymore.
Root is good for a lot of people, but I personally think with how easy flashing SuperSU is nowadays, ROMs could easily come without it and save some of us a ton of headaches.
Hopefully I can get some help on this. I'd greatly appreciate it.
Click to expand...
Click to collapse
Hello,
Well you can try magisk and systemless root, something similar to this Magisk development thread.
Here's a support and discussion thread, click here.
If you still run into issues, please post in support and discussion thread. The experts might be able to assist you.
Regards
Vatsal,
Forum Moderator.

I can pass SafetyNet but my banking app still sees my device as rooted. I think some apps just see anything but stock ROM (or at least see the ROMs with built-in root settings) as "rooted" even if all the binaries and files are stripped away.
suhide was the only thing that worked to hide things from my banking app but unfortunately it doesn't work after recent Android security updates. Haven't tried the recent Magiskhide, but I have heard it may work currently as well.

Vatsal said:
Hello,
Well you can try magisk and systemless root, something similar to this Magisk development thread.
Here's a support and discussion thread, click here.
If you still run into issues, please post in support and discussion thread. The experts might be able to assist you.
Regards
Vatsal,
Forum Moderator.
Click to expand...
Click to collapse
Thank you! I'll give that a look and if it doesn't work I'll make this post in the Support threads

osm0sis said:
I can pass SafetyNet but my banking app still sees my device as rooted. I think some apps just see anything but stock ROM (or at least sees the ROMs with built-in root settings) as "rooted" even if all the binaries and files are stripped away.
suhide was the only thing that worked to hide things from my banking app but unfortunately it doesn't work after recent Android security updates. Haven't tried the recent Magiskhide, but it may work currently as well.
Click to expand...
Click to collapse
Yea sultans OS wasn't detected because it comes un-rooted and it's not a stock rom. So I'd assume it's roms with built in root settings? Which....is there a way to get rid of that?

lsk91 said:
Yea sultans OS wasn't detected because it comes un-rooted and it's not a stock rom. So I'd assume it's roms with built in root settings? Which....is there a way to get rid of that?
Click to expand...
Click to collapse
Hello,
No way unless you build one yourself.
Regards
Vatsal,
Forum Moderator.

Related

[Completed] Kingroot works, SuperSU and Super-SUME don't...

Ok, I'm relatively new to Android and modern mobiles, but I've learned quite a bit already on my own, without much help from others.
The fact some communities provide little to no help is why I came to XDA, but I'm afraid I'm already disappointed about this particular issue.
Ok here it is: I'm not using a custom ROM, and I don't think I want to use one. I'm using the stock ROM, but I've rooted my device with Kingroot, which seems the only one that REALLY WORKS for any device. That's what makes me mad (I don't know if mad is the exact word, but.... I don't know how else to put it).
When I try to install SuperSU, it won't work because it can't update or install its own binaries. When I try the Super-SUME solution, it also doesn't work. In Super-SUME's case (which a friend thankfully helped me test most versions):
6.0 = successfully uninstalls Kingroot, but that's it;
6.2 = same as 6.0 and installs SuperSU, but that's it, nothing works, nor are the binaries updated/installed;
any other version above 6.2, including the latest one (9.2.3): hangs/freezes in "processing, please wait..." and does nothing.
And I don't know who programmed Super-SUME, but I think it's pretty bold on their part to charge for the app when it won't even work on people's devices, as noted above.
So, forgive my rant, but even though Kingroot is infamous (because it's Chinese perhaps ?), at least its devs are capable of successfully obtaining root on all devices, whereas SuperSU's and Super-SUME's devs make it impossible because of the binaries or just because their app hangs on "processing". If a team of devs can successfully root a device, why others cannot without making the user go through extra steps ?
As for these "extra steps", there's not one tutorial on the web (that I had come across at least) with a clear, step-by-step process to install SU's binaries, or to fix Super-SUME's hanging/freezing issues. So after rooting my device and getting rid of Kingroot, all I can work with is an unrooted device with most bloatware out of the way.
I just wish these other devs would go the extra mile and make their apps successfully obtain root without complications, just like Kingroot does. The complications just make their apps useless.
Thanks for hearing me, and maybe for helping me.
Model: SM-G530H / Kitkat 4.4.4
EzioGT said:
Ok, I'm relatively new to Android and modern mobiles, but I've learned quite a bit already on my own, without much help from others.
The fact some communities provide little to no help is why I came to XDA, but I'm afraid I'm already disappointed about this particular issue.
Ok here it is: I'm not using a custom ROM, and I don't think I want to use one. I'm using the stock ROM, but I've rooted my device with Kingroot, which seems the only one that REALLY WORKS for any device. That's what makes me mad (I don't know if mad is the exact word, but.... I don't know how else to put it).
When I try to install SuperSU, it won't work because it can't update or install its own binaries. When I try the Super-SUME solution, it also doesn't work. In Super-SUME's case (which a friend thankfully helped me test most versions):
6.0 = successfully uninstalls Kingroot, but that's it;
6.2 = same as 6.0 and installs SuperSU, but that's it, nothing works, nor are the binaries updated/installed;
any other version above 6.2, including the latest one (9.2.3): hangs/freezes in "processing, please wait..." and does nothing.
And I don't know who programmed Super-SUME, but I think it's pretty bold on their part to charge for the app when it won't even work on people's devices, as noted above.
So, forgive my rant, but even though Kingroot is infamous (because it's Chinese perhaps ?), at least its devs are capable of successfully obtaining root on all devices, whereas SuperSU's and Super-SUME's devs make it impossible because of the binaries or just because their app hangs on "processing". If a team of devs can successfully root a device, why others cannot without making the user go through extra steps ?
As for these "extra steps", there's not one tutorial on the web (that I had come across at least) with a clear, step-by-step process to install SU's binaries, or to fix Super-SUME's hanging/freezing issues. So after rooting my device and getting rid of Kingroot, all I can work with is an unrooted device with most bloatware out of the way.
I just wish these other devs would go the extra mile and make their apps successfully obtain root without complications, just like Kingroot does. The complications just make their apps useless.
Thanks for hearing me, and maybe for helping me.
Model: SM-G530H / Kitkat 4.4.4
Click to expand...
Click to collapse
Hi and thank you for using XDA Assist
Kingroot is not always the best choice cause it's not fully compatible with every device.
But i suggest you to head over here
And for futher questions go ahead here: Galaxy Grand Prime Q&A, Help & Troubleshooting
Good luck!
nilac said:
Hi and thank you for using XDA Assist
Kingroot is not always the best choice cause it's not fully compatible with every device.
But i suggest you to head over here
And for futher questions go ahead here: Galaxy Grand Prime Q&A, Help & Troubleshooting
Good luck!
Click to expand...
Click to collapse
Thanks. Unfortunately, I have already tried this root solution in the past. It's the only one where I managed to get SuperSU to work, but... the phone will always boot up in recovery mode. So I gave up on this solution as well.

installing custom ROM CM11

Hello. Im new here and I have Motorola Photon Q with SIM mod and custom ROM Mokee (Android 6.0.1).
I want to know if I want to instal CM11/12 (or CM13) on my phone i need to get back to Stock ROM and than do all of the rom stuff?
Also i trying playing PoGO with Mygisk but when i turn off root it gets back on. Any solution?
And one more, is there a big chance to I change my phone to a ussles brick?
Thanks for help.
There's always the potential to brick a device, if you do something incorrect.
While the chances are less likely nowadays, the issue is still possible. If you are afraid of this potential, stop now.
Otherwise, you can flash any ROM you want - no need to go back to stock.
As for the root comment, no clue - I'm guessing you didn't truly disable root (perhaps you can't disable it in Mokee? Never used it myself. Never wanted to disable root either...).
Good luck.
arrrghhh said:
There's always the potential to brick a device, if you do something incorrect.
While the chances are less likely nowadays, the issue is still possible. If you are afraid of this potential, stop now.
Otherwise, you can flash any ROM you want - no need to go back to stock.
As for the root comment, no clue - I'm guessing you didn't truly disable root (perhaps you can't disable it in Mokee? Never used it myself. Never wanted to disable root either...).
Good luck.
Click to expand...
Click to collapse
I sucessly upgrade my phone to CM12, its nightly in fact but everything is ok for now. :good:
In Mokee I have a option to dislabe root in developer options but this didn't give anything, PoGO still won't start.
I was wondering about it and I think I shouldn't risk to brick my phone for one silly game.
Thank You very much for help
I realize this is way old so you probably figured out a way, but to play PoGo one easy way (that works for me) is to use TWRP to rename the 'su' binaries to something else. There are a couple of them and I don't recall exactly where they are but I found the info on this site. Of course then you won't have root automatically, but can still run your renamed su from a terminal if needed, or use twrp to rename them back to su. Every time you update builds su gets restored, so have to rename again for PoGo.

Root and Xposed info', hoping for mutual help/development

https://forum.xda-developers.com/xposed/unofficial-xposed-miui-t3367634 Thanks goes to SolarWarez
Only one I have seen on wetube https://www.youtube.com/watch?v=OYqng7YFbQE re' rooting
Didn't see a thread for this red 4 prime re' rooting and xposed, and didn't want to cross thread other peoples threads (more than I have done (=
Seems fairly straight forward getting root and xposed up and running, if anyone has any info', good or bad using root and xposed on red prime 4, perhaps this is the thread, please state which rom you are using etc etc.
I always had Samsungs before, root and xposed worked perfectly on each, seems it's not quite as straight forward perhaps on this phone.
Much thanks in advance..
Rom https://xiaomi.eu/community/threads/7-3-9.39116/ twrp https://forum.xda-developers.com/android/development/unofficial-twrp-3-0-2-0-recovery-redmi-t3550074 Root https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445 Xposed https://forum.xda-developers.com/xposed/unofficial-xposed-miui-t3367634
Has anyone one got lucky patcher to work on stock? As seems it may not work on stock... See cut and paste below.
Today, 09:09 PM |#43
Junior Member
14 posts
Thanks Meter: 0
More
Quote:
Originally Posted by kinycx
stock is a good ROM, in order to use xposed you have to flash phh superuser and then a miui version of xposed installer. What made my mind up is that with the phh super user lucky patcher doesn't work, so i decided to flash lineageOS wich is awesome and in particular this SO doesn't use a lot of ram to be executed
Quote:
Originally Posted by SAFI_AFRIDI
I use to try too much time but i got an error that Xpose Installed but couldn't Start. so please share a link of the Xposed files.
Thanks below to member Ardrift for the link and info'
I have uploaded the files to google drive. https://drive.google.com/drive/folders/0B9SW1On-CcCac09VTzd5TW5kcnc?usp=sharing First you have to install the apk, then you can download the zip from the app, or just flash the zip that I've included in the folder. It's the same as If you downloaded the latest miui version from the app.
Using the xposed links above, running on 8.2.1, with super su https://www.google.co.uk/url?sa=t&r...kSiKyUIbkp6Is7kZQ&sig2=nDsK9Xa-mZPzLXoVrHAqcg
phones running sweet. I tried 2 newer super su though had issues with no mtp connection, though with super su 2.6.5..... working a charm, can confirm lucky patcher (latest version) so far has worked flawlessly, no bootloops or lags...
(post write up, found this rom juice hungry after a week or so, with xposed then went epic) must be xposed I thinking.
.
Using eur rom 8.1.3 (after trying global x 2 and epic)
Not using to many apps, phone set up to save battery, cpu on power save etc.
Again my phone battery life sucks big time, seem to spend ages to charge, and depletes in a day.
I have perhaps 10 or more xposed apps, which I like for mods, though feeling maybe miui not really suited to xposed as it's a modified xposed.
Thinking this is the cause of battery drain. Anyone members thinking the same?
I am not using magisk on this rom, though have used it, using the modified version with thanks, though thinking no thanks to using it and uninstalling and perhaps reflashing the rom, or trying another.
Thanks in advance for help re this. Sick of battery drain.
Had similar amount of xposed apps on J5 and battery was ok/good.
Is miui not good with xposed for battery? , Despite the fact it does work
Raggamuffin17 said:
Had similar amount of xposed apps on J5 and battery was ok/good.
Is miui not good with xposed for battery? , Despite the fact it does work
Click to expand...
Click to collapse
Opps added screen shot from my friends phone he sent me, I added by mistake. Developer options one in black, no matter mine set up same.
Also I using greenify and also freeze some apps in TB. Though still battery drain on many roms with xposed. Unless my battery is bad quailty, or xposed no good on miui? thanks for any feedback.
Raggamuffin17 said:
https://forum.xda-developers.com/xposed/unofficial-xposed-miui-t3367634 Thanks goes to SolarWarez
Only one I have seen on wetube https://www.youtube.com/watch?v=OYqng7YFbQE re' rooting
Didn't see a thread for this red 4 prime re' rooting and xposed, and didn't want to cross thread other peoples threads (more than I have done (=
Seems fairly straight forward getting root and xposed up and running, if anyone has any info', good or bad using root and xposed on red prime 4, perhaps this is the thread, please state which rom you are using etc etc.
I always had Samsungs before, root and xposed worked perfectly on each, seems it's not quite as straight forward perhaps on this phone.
Much thanks in advance..
Click to expand...
Click to collapse
As i told you before that do not use Xposed on This Device ? its draining the battery too fast. so what you have to do is that just install a new ROM from Start and then Root it Using Majisk, and then Greenify. you will enjoy the battery Life then.
SAFI_AFRIDI said:
As i told you before that do not use Xposed on This Device ? its draining the battery too fast. so what you have to do is that just install a new ROM from Start and then Root it Using Majisk, and then Greenify. you will enjoy the battery Life then.
Click to expand...
Click to collapse
How do you install Majisk if you already have root with SuperSU?Do you have to uninstall first SuperSU and install Majisk after?There isn't any good info about making the replacement.Also why Majisk is better than SuperSU and what is the difference?
T3sla said:
How do you install Majisk if you already have root with SuperSU?Do you have to uninstall first SuperSU and install Majisk after?There isn't any good info about making the replacement.Also why Majisk is better than SuperSU and what is the difference?
Click to expand...
Click to collapse
Well if your device is already rooted then it's ok but why is it important to replace SU with Majisk. So because SU binary are out dated and if you update it, then you will loose the MTP connection with the PC. And only charging work. You cannot communicate with the your device through PC. If you want to go to Majisk over SU then just unroot from SU menu and the install Majisk and then download the latest binary and then reboot device to TWRP and flash the binary and you have done.
SAFI_AFRIDI said:
Well if your device is already rooted then it's ok but why is it important to replace SU with Majisk. So because SU binary are out dated and if you update it, then you will loose the MTP connection with the PC. And only charging work. You cannot communicate with the your device through PC. If you want to go to Majisk over SU then just unroot from SU menu and the install Majisk and then download the latest binary and then reboot device to TWRP and flash the binary and you have done.
Click to expand...
Click to collapse
I already had the problem with mtp connection even without updating SuperSU.I solved that by adding some lines on build.prop but i don't like this solution.It's very strange that SU binary is outdated, what are these SuperSU updates do then?Anyway, thanks for the answer!
SAFI_AFRIDI said:
Well if your device is already rooted then it's ok but why is it important to replace SU with Majisk. So because SU binary are out dated and if you update it, then you will loose the MTP connection with the PC. And only charging work. You cannot communicate with the your device through PC. If you want to go to Majisk over SU then just unroot from SU menu and the install Majisk and then download the latest binary and then reboot device to TWRP and flash the binary and you have done.
Click to expand...
Click to collapse
Many people are dropping SU due. To them being sold to a Chinese company that is not trusted. Same reason Xiaomi is still not liked by dev.
zelendel said:
Many people are dropping SU due. To them being sold to a Chinese company that is not trusted. Same reason Xiaomi is still not liked by dev.
Click to expand...
Click to collapse
well being using Android and Windows OS and IOS.. its quite clear that everytime you are spying by these Prying eyes and i have a lot of incident that can clear that and even the Assange Laptop is also hacked and deleted all the data from it. and i know many Journalist who are the Victims of such attacks. so using Internet is basically giving yourself xposed to the Hackers. now if they are from China, Russia or from USA
SAFI_AFRIDI said:
well being using Android and Windows OS and IOS.. its quite clear that everytime you are spying by these Prying eyes and i have a lot of incident that can clear that and even the Assange Laptop is also hacked and deleted all the data from it. and i know many Journalist who are the Victims of such attacks. so using Internet is basically giving yourself xposed to the Hackers. now if they are from China, Russia or from USA
Click to expand...
Click to collapse
Only if you don't know what your doing. You must be smarter then the device you are trying to use.

need a special custom ROM

hello,
i need a suggestion for a ROM that should have the following properties:
root should be switchable (on/off) and hidden
saftynet should be OK
security Patchlevel less March 2017
These things are needed to play pokemonGo, yes i know this time and effort for a game but i like it.
so help is very appreciated
If you root via Magisk it can hide root and pass safetynet so long as you're not using Xposed, which you should be able to do on any ROM of choice
If you need Xposed you can use the Magisk systemless module, and turn it off and on as required
Build it yourself? The people on xda aren't your rom-maker-slaves. Figure out yourself.
@000Nick: i dont be searching for slaves only for People which are smart enough to help others. (i'm not to be able to build my own)
@Beanvee7: i had many problems with a superman rom and magisk. result was a bootloop, recover to stock and 2 days of work and cold sweat.
That's because i ask for help and recommendation for a ROM that fulfilled my expectations.
in the past i am using a CM13_by_temasek for my S3 and it work like a charm, now i am searching the same for my S7 but it seems to be much harder to find something that works the same easy way.
I use superman with magisk, so can't offer reasons why it would bootloop
@Beanvee7: maybe my own foolishness.
1. i install cfautoroot with ODIN
2. i install TWRP manager from playstore and installed TWRP
3. i installed Superman ROM 1.9.1
till then all worked fine
then i tried to switch off root in Superuser. in Superuser it shows me "deactivated" but every App could become root.
next try was to activate magisk hide but it doesnt hide root. i tested with saftynet check and in any Android test app (come with superman) shows me root too
next i checked the unload "superuser module" (only unload not delete) in magisk manager, this removes root but saftynet test is still not OK
next i tried to activate the load of the superuser module but thats not possible.
after that, i reboot to recovery and now i got errors and run into a loop shows me something about FRP Lock
nothing else worked than going to download mode and flashing a stock Rom back.
and all of that, including the restore of all my apps and configure many things that could not restored (twice) busy me for two days.
possibly i selected the wrong options in aroma installer but i have no idea what i made wrong and why it doesnt work for me (hide root and let saftynet be OK)
but i do not want to try it again if i am not sure to do it for a last time because it is to much time i have to spend for that.
and every time i loose a little bit of my apps/gamescores and so on.
manyone said:
hello,
i need a special ROM that must have the following properties:
root should be switchable (on/off)
saftynet should be OK
security Patchlevel less March 2017
These things are needed to play pokemonGo, yes i know this time and effort for a game but i like it.
so help is very appreciated
Click to expand...
Click to collapse
Why should someone do this for you? No one owes you a custom ROM, and you're not offering anything in return. Figure out how to get this setup yourself, or a pay a capable dev to do this for you.
YMNDLZ said:
Why should someone do this for you? No one owes you a custom ROM, and you're not offering anything in return. Figure out how to get this setup yourself, or a pay a capable dev to do this for you.
Click to expand...
Click to collapse
i dont ask somebody to build a ROM for me and i am sorry about if i had not clearly described it in my first post.
i only ask for a suggestion of a rom that fulfilled my needs.
but i wonder why i am attacked by you because i ask friendly for that little hint.
manyone said:
i dont ask somebody to build a ROM for me and i am sorry about if i had not clearly described it in my first post.
i only ask for a suggestion of a rom that fulfilled my needs.
but i wonder why i am attacked by you because i ask friendly for that little hint.
Click to expand...
Click to collapse
The way you worded it suggests that you need a rom custom mode for you. You said you need a "special rom" which would be the incorrect thing to say if there are other time like it.
@YMNDLZ: yes, you are right, my wording is a little bit misleading
i revised it in my first post and hope it is better now.
thanx for your advise.

Out of warranty thinking of using a Custom ROM but...

Hi Folks,
I hope you guys can shed some light into this, sorry if this is long and if this has been asked I'm sorry but I could not find the answers I was looking for, as some results they sound almost the same and some had not specified enough. So I hope the clever people here can explain a few things before I go ahead.
Background on my Phone (don't know if its relevant or not)
I own an Exynos SM-G970F, on One UI 3.1, June 2021 Update, this was purchased in Australia. Now that my phone is out of warranty I was thinking of installing a custom ROM. The main motivation was to reduce CPU usage and improve battery life.
I have installed a custom ROM and rooted my tablet for practice and it was easy to follow. I gotta say it was phenomenal how it brought back ancient hardware to buttery smooth performance of newer android versions. I wanted this same experience on my daily driver phone and there are some security based questions I would like to know.
Questions
1. First off unlocking the bootloader, I have read that it reduces your security of the phone as this allows hackers to gain access to your phone unlike a locked bootloader. As far as I understand the bootloader is to check if the system partition is a Samsung ROM. So in an unlocked state it will still load the kernel and run the system regardless if the ROM is Samsung or not, am I correct in this?
1a. If that's the case and if I installed the custom ROM and then locked the bootloader I would brick my phone right? as the bootloader is looking for a Samsung ROM but since it can't recognize the ROM it will boot loop.
1b. So in this case how would an unlocked bootloader make it vulnerable apart from accessing the OS? I'm thinking in a real word scenario if I were to lose my phone and someone found it, they could have means of access from an unlocked bootloader? but then again they could have access through custom recovery?
1c. Would it be necessary to lock a bootloader once you install a custom ROM? Do some custom ROM support signing bootloaders?
2. SafetyNet, as far as I understand this is a Google thing? like the app from Play store will check your system for any tampered software before functioning or at least warning the consequences of using the app in a custom ROM, is this right?
2a. So this could lead to some banking apps not working as it requires a SafetyNet pass on your device. But this only happens if you end up rooting your device? I understand Magisk is systemless root so the SafetyNet should pass in theory?
Primarily I'm concerned of the security and privacy of the phone but nothing is perfect, so there has to be some give and take with privacy and security? Though I will lose some privacy as I will install OpenGApps for some applications to work. So security would be the most important thing. What would be some best practices for a daily driver phone on custom ROM?
I imagine that hackers are not interested attacking an individual as this takes a lot of time and energy, unless they are bored or something like that.
Thanks for taking the time to read all this and if you can shed more information that would be great! I would like to learn more before giving the green light for custom ROM on my Samsung S10e.
With the caveat that I'm really bad at Samsung, I'll try to give a couple of answers. Sounds like you have the gist of it though...
Unlocking the bootloader is necessary to install anything custom, yes, and it does reduce the security of the device but mainly if someone has physical access to it. Keeping the device encrypted can help protecting your data though. There are some devices that allow locking the bootloader with custom firmware installed, but those are few. General rule: don't even try. I've seen some talk from people at Google about letting custom ROMs be certified, so that you could lock the bootloader with them, but currently there's nothing like that (that I know of). Once in a while I see people talking about trying to sign their images to lock the bootloader, but IMHBCO it's not worth the effort (if it's possible). If you're going custom, keep the bootloader unlocked.
About SafetyNet, it's an API provided with Google's play services and can be used by apps to check if a device's security has been compromised. Far from all bank apps will be using this and many instead have their own ways of detecting a "tampered" device (more on that below). SafetyNet will trigger from a number of things:
Unlocked bootloader
Custom ROM
Root
Etc...
So, as you see it's not only rooting that will cause you problems. There are ways around it though, mainly with the help of Magisk.
When it comes to what bank apps will detect, that could include a custom ROM, root apps, files on your device, Magisk, etc. They're often much more picky than SafetyNet even...
If you need help with getting SafetyNet and banking apps working on a custom ROM, with Magisk, I've got a few resources and tips collected here:
https://www.didgeridoohan.com/magisk/HomePage
Regarding security and custom ROMs it's pretty much the same as on a stock device. Don't install weird apps from outside the Play Store, don't click links in emails, etc. On to of that, another thing to look out for is SELinux. Don't use a ROM that has it disabled. It's quite important for the security of the OS... And if you do root, be careful with what apps you give root access, since an app with root access can do whatever it wants.
No idea if this cleared anything up or just created more questions. If there are Samsung specific stuff I've gotten wrong or missed I hope that someone that actually knows what they're talking about shows up...
Didgeridoohan said:
With the caveat that I'm really bad at Samsung, I'll try to give a couple of answers. Sounds like you have the gist of it though...
Unlocking the bootloader is necessary to install anything custom, yes, and it does reduce the security of the device but mainly if someone has physical access to it. Keeping the device encrypted can help protecting your data though. There are some devices that allow locking the bootloader with custom firmware installed, but those are few. General rule: don't even try. I've seen some talk from people at Google about letting custom ROMs be certified, so that you could lock the bootloader with them, but currently there's nothing like that (that I know of). Once in a while I see people talking about trying to sign their images to lock the bootloader, but IMHBCO it's not worth the effort (if it's possible). If you're going custom, keep the bootloader unlocked.
About SafetyNet, it's an API provided with Google's play services and can be used by apps to check if a device's security has been compromised. Far from all bank apps will be using this and many instead have their own ways of detecting a "tampered" device (more on that below). SafetyNet will trigger from a number of things:
Unlocked bootloader
Custom ROM
Root
Etc...
So, as you see it's not only rooting that will cause you problems. There are ways around it though, mainly with the help of Magisk.
When it comes to what bank apps will detect, that could include a custom ROM, root apps, files on your device, Magisk, etc. They're often much more picky than SafetyNet even...
If you need help with getting SafetyNet and banking apps working on a custom ROM, with Magisk, I've got a few resources and tips collected here:
https://www.didgeridoohan.com/magisk/HomePage
Regarding security and custom ROMs it's pretty much the same as on a stock device. Don't install weird apps from outside the Play Store, don't click links in emails, etc. On to of that, another thing to look out for is SELinux. Don't use a ROM that has it disabled. It's quite important for the security of the OS... And if you do root, be careful with what apps you give root access, since an app with root access can do whatever it wants.
No idea if this cleared anything up or just created more questions. If there are Samsung specific stuff I've gotten wrong or missed I hope that someone that actually knows what they're talking about shows up...
Click to expand...
Click to collapse
Hi Didgeridoohan,
Thank you for taking the time to comb through my queries and I believe you have answered what I was looking for. So it has dispelled any myths and misconceptions of custom roms.
Personally I use the phone most and my significant other uses my phone for some games. So physical access is not likely to fall in the hands of someone else unless I lost it. Encrypting the phone is a good safety measure, I assume this is something that can be done in the settings of the OS?
With banking I guess I will have to install and see if it works out, otherwise I don't mind going to a phone web browser and do it that way.
I appreciate your link for further info of Magisk, I will be reading through the page to get better insight.
Regarding SELinux, I had seen this on my phone though it says SE for Android Status and says 'Enforcing' and on the Custom ROM on my tablet in the settings it also says 'Enforcing'. So I can assume that its ensuring the security of the OS.
I didn't have the intention of rooting as I thought I can root at any point in time but if its good practice to do it when flashing the custom ROM please let me know.
I had planned on installing TWRP and use either Lineage or crDroid (kinda leaning to this one). They both are supported on their website so I don't think I will run into issues.
Once again thanks for your help and advice on the custom ROM, I think my questions were broad and it may not be Samsung specific as there are features I know I will lose but have never used when I had the original ROM.
dude777 said:
Encrypting the phone is a good safety measure, I assume this is something that can be done in the settings of the OS?
Click to expand...
Click to collapse
Yes. Just make sure that any ROM you choose is compatible with encryption. And remember that if you ever want to remove the encryption you'll have to wipe the device.
Regarding SELinux, I had seen this on my phone though it says SE for Android Status and says 'Enforcing' and on the Custom ROM on my tablet in the settings it also says 'Enforcing'. So I can assume that its ensuring the security of the OS.
Click to expand...
Click to collapse
Correct. That's the way it should be if you want to keep some security on your device.
I didn't have the intention of rooting as I thought I can root at any point in time but if its good practice to do it when flashing the custom ROM please let me know.
Click to expand...
Click to collapse
You can wait with rooting. If you don't have any need for it, why bother? I use Magisk to hide the fact that I have an unlocked bootloader (and to hide Magisk from some apps), to use a custom hosts file (for adblocking) and for app backups (I use Swift Backup, works great).
Once again thanks for your help and advice on the custom ROM, I think my questions were broad and it may not be Samsung specific as there are features I know I will lose but have never used when I had the original ROM.
Click to expand...
Click to collapse
There are some things you'll lose when unlocking the bootloader on a Samsung, due to the tripped Knox fuse. I can't say much about that though, since I don't do Samsung...
Have fun!
Thanks Didgeridoohan,
This has given me some confidence in going forward with custom ROM. I will make some backups and take measures and if it doesn't work out I can go back but I probably wont .
I've been running LineageOS on my Exynos S10e for a few days now and it's great, better battery life than on Samsung's firmware too from what I can see.
Settings say encryption is enabled. I'm assuming on /data only, I'll have to poke around as I've been away from Android for a while and I haven't been keeping up with what's going on.
I had to use the Magisk props module (selected the same phone model) to pass SafetyNet and enable Google Pay. Banking apps here in Australia don't seem to care, at least CommBank, Bendigo, AMP by I did select them in MagiskHide just in case.
If you decide to go for it, remove all your accounts before flashing the LineageOS recovery. I didn't and wasn't able to flash recovery until I re-added and removed them (Factory Reset Protection kicked in apparently). Smooth ride after I did this.
If you don't like the LOS gestures use Fluid (FNG), I love how customizable it is. You can hide the navigation bar in Termux by running:
su
props qemu.hw.mainkeys 1
Good luck and feel free to ask me questions if you have any!

Categories

Resources