[Security] - How to protect with or without root permissions - Security Discussion

Hi everyone. I just want to make it clear.
Rooting isn't bad if you know what you are doing.
First of all, there are attack methods for android as well as for PC's.
Here's how to prevent them.
NON-ROOTED:
Make sure you clear cache and dalvik once every month (This is just for the sake of free storage).
If a third-party app you downloaded doesn't have a name in the package installer, don't install it. More likely delete even the apk.
Otherwise it will probably show random webpages by using default browser.
Download any kind of Anti-Virus like Avast, AVG, CM security etc...
Don't turn Play Protect off, if you don't have root, you probably don't have apps that can be recognised as a threat.
Don't download any file from anywhere with an unknown extension.
If your phone supports it without any issues, you can use Full Device Encryption in Security Settings this will put the Normal mode lock to recovery, and even the phone can't be booted unless you type the password in, also in recovery if the atacker deletes the entire system partition, your user data partition will still be encrypted so your data is safe.
ROOTED:
First of all, to protect yourself from network-based attack vectors, install AFWall+ (Free on Play Store).
It rquires root acces bc it's modifying the device's iptable rules to prevent specified apps or app kinds from reaching differenet sort of network, if you are paranoid you can even deny the entire system from reaching any sort of network.
Second install a root privileged anti-virus (I'm pretty sure such things exist).
Third use magisk rooting instead of SuperSU or phh's Superuser, magisk has 2 very usefull mods, one is Energized Protection what blocks malwares adware etc... and the second one is Unified Hosts Adblock (i prefer thsi a bit more cause it has a GUI where you can select what must be blocked).
Also magisk rooting method doesn't corrupts your device's fingerprint so it passes SafetyNET so you still can use Snapchat and Super Mario Run even with a rooted device.
Fourth you still can use Full Device Encryption (Remember if you forget your password or something doesn't working after the encryption like the fingerprint sensor you should consider going back to stock with nand erase to get the data partition Decrypted (Causes full internal sd content loss) otherwise factory reset won't do the job.)

Thanks for sharing information.
I agree with you that rooting is not bad when you know what you are doing but also you should know WHAT APPS ARE DOING.
As a Cyber Security Expert, there are alot of attacking tactics for android phone too as well as PC. These days there are lot of vulnerabilities networking and android system.
1. WPA2/PSK wireless technology is not safe as it is vulnerable to Blueborn attack
2. Newly found vulnerability in LTE networks, allowing three types of attacking methods.
3. The adware is most common in rooted phones and if it got administrator permisiions, it becomes evil.
4. MITM attack is always here
And there are lot of other methods using these days to hijack devices.

bencetari said:
Hi everyone. I just want to make it clear.
Rooting isn't bad if you know what you are doing.
First of all, there are attack methods for android as well as for PC's.
Here's how to prevent them.
NON-ROOTED:
Make sure you clear cache and dalvik once every month (This is just for the sake of free storage).
If a third-party app you downloaded doesn't have a name in the package installer, don't install it. More likely delete even the apk.
Otherwise it will probably show random webpages by using default browser.
Download any kind of Anti-Virus like Avast, AVG, CM security etc...
Don't turn Play Protect off, if you don't have root, you probably don't have apps that can be recognised as a threat.
Don't download any file from anywhere with an unknown extension.
If your phone supports it without any issues, you can use Full Device Encryption in Security Settings this will put the Normal mode lock to recovery, and even the phone can't be booted unless you type the password in, also in recovery if the atacker deletes the entire system partition, your user data partition will still be encrypted so your data is safe.
ROOTED:
First of all, to protect yourself from network-based attack vectors, install AFWall+ (Free on Play Store).
It rquires root acces bc it's modifying the device's iptable rules to prevent specified apps or app kinds from reaching differenet sort of network, if you are paranoid you can even deny the entire system from reaching any sort of network.
Second install a root privileged anti-virus (I'm pretty sure such things exist).
Third use magisk rooting instead of SuperSU or phh's Superuser, magisk has 2 very usefull mods, one is Energized Protection what blocks malwares adware etc... and the second one is Unified Hosts Adblock (i prefer thsi a bit more cause it has a GUI where you can select what must be blocked).
Also magisk rooting method doesn't corrupts your device's fingerprint so it passes SafetyNET so you still can use Snapchat and Super Mario Run even with a rooted device.
Fourth you still can use Full Device Encryption (Remember if you forget your password or something doesn't working after the encryption like the fingerprint sensor you should consider going back to stock with nand erase to get the data partition Decrypted (Causes full internal sd content loss) otherwise factory reset won't do the job.)
Click to expand...
Click to collapse
**rooted user**
What happens if I lose my phone and someone get's into the recovery and deletes the lockscreen security? How can I avoid that? Is running a custom ROM without a custom recovery safe, or is it even possible?

I'd like to add:
• Using a trusted VPN
• Possibly changing your DNS settings to use a provider that supports DNS over HTTPS

clonechill said:
**rooted user**
What happens if I lose my phone and someone get's into the recovery and deletes the lockscreen security? How can I avoid that? Is running a custom ROM without a custom recovery safe, or is it even possible?
Click to expand...
Click to collapse
Philz CWM recovery and some other custom TWRP-s has recovery lock. And with full device encryption data partition can't be reached without giving the unlock.

Related

Is there any way to install an app in twrp recovery mode?

Earlier today I successfully rooted my phone and uninstalled a bunch of bloatware. Foolishly, I also uninstalled the Samsung keyboard (figuring I only use the Swype keyboard) which I now suspect it is used to enter my pin when turning the phone on. Now I can't get past the pin entry because the keypad does not show up. Is there anyway to reinstall the app in this situation?
trusko1 said:
Earlier today I successfully rooted my phone and uninstalled a bunch of bloatware. Foolishly, I also uninstalled the Samsung keyboard (figuring I only use the Swype keyboard) which I now suspect it is used to enter my pin when turning the phone on. Now I can't get past the pin entry because the keypad does not show up. Is there anyway to reinstall the app in this situation?
Click to expand...
Click to collapse
You can get a copy of the .apk file and then boot to TWRP, then use adb to sideload the .apk to /system/app or /system/priv-app (wherever it was at before you deleted it).
Or you can reflash your stock firmware or custom ROM if you're using one.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
I flash magisk.zip but it is normal app not system app
Magisk is a 3rd-party-app. Take note that a system-app is necessary part of Android OS. And Magisk isn't.
jwoegerbauer said:
Magisk is a 3rd-party-app. Take note that a system-app is necessary part of Android OS. And Magisk isn't.
Click to expand...
Click to collapse
Not quite right, when a 3rd party user app is installed or pushed to system, it then becomes a system app. The term "system app" refers to any app that is in the system partition, it has nothing to do with whether the app is a necessary part of the OS. Stock system apps, or, at least, "some" of them can be considered to be necessary parts of the OS but this isn't completely true because a lot of devices come pre-installed with non essential bloatware apps in the system partition. These non essential bloatware apps can be removed via root or by adb on non rooted devices because they are not necessary parts of the system.
For me a "system app" is - as already mentioned - an app that comes pre-installed in Android ROM's one of the partitions /system/app or /product/app or /product/overlay or /vendor/app, is a "system app" an app that is intended for the functioning of the Android device.
Your admission to this view of mine does not change my opinion.
private app is also a system app but seems to be an add-on. and i flashed the zip but it was not set as a system app, it seems the zip is not related to install like the system in twrp, and twrp mounted the system but couldn't delete any folder in. rooted but so bad!

I have root, even though I don't...?

So the thing was the secure folder app and the samsung pay app and health app is saying I have root even though i never installed root, and even checked if i have root via root checkers saying that i have no root... how do i fix this???
Did you install a different ROM?
DarkerJava said:
Did you install a different ROM?
Click to expand...
Click to collapse
i haven't installed any rom but I did retrieved the old bootloader [ I changed to s8 boot loader but came back to the original boot loader (backup) ]
It appears that any modifications you've made in the past have left behind "pieces" or corpse folders/files. I have a 930F and in order to use banking apps, payment apps, etc. I had to use Magisk (hides from newer apps quite well). NO superuser or su framework can be present (apps see it right away and su doesn't hide well on new devices / apps). So I believe that there is a remnant or file related to root triggering the warning msg you are seeing. My advice would be to flash fresh firmware (also a full wipe).
*Sometimes changes made related to root (even if you don't have root) can trigger apps/system warnings even though you didn't root.
JOHN.WAYNE said:
It appears that any modifications you've made in the past have left behind "pieces" or corpse folders/files. I have a 930F and in order to use banking apps, payment apps, etc. I had to use Magisk (hides from newer apps quite well). NO superuser or su framework can be present (apps see it right away and su doesn't hide well on new devices / apps). So I believe that there is a remnant or file related to root triggering the warning msg you are seeing. My advice would be to flash fresh firmware (also a full wipe).
*Sometimes changes made related to root (even if you don't have root) can trigger apps/system warnings even though you didn't root.
Click to expand...
Click to collapse
Would this affect major os update? and how do I remove remnant/corpse files

Backup app data without root

Hi there, I'm working on a project.
I have below questions.
1. Is it possible to backup app data without root and without adb as app doesn't allow backup. I don't want to root my phone and i don't have any custom recovery.
2. If above question's answer is "No" then is it possible that i sign and update mod of an app on top of already installed original app from play store. I don't want to uninstall previous app i just want to update app with different signature. My device is not rooted and i don't have any custom recovery.
Thanks in advance
An app's data is stored either in /data/data/<pkg-name> or in /Android/data/<pkg-name> what depends on Android version and/or app. To successfully backup these data Android OS must be rooted, AFAIK.
self-signed app will treated as other app, so this is not possible. some apps however could be downgraded to older version with adb backup allowed (for example WhatsApp)
starting with api level 30 the flag android:allowBackup="false" seems ignored
https://www.xda-developers.com/android-11-force-app-local-backup-restore-handicap-cloud-backup
starting with api level 31 different flag android:debuggable="true" is required for adb backup
https://developer.android.com/about/versions/12/behavior-changes-12#adb-backup-restrictions
so your only chance is find the proper OEMs D2D transfer app (like Samsung Smart Switch for Samsung, Phone Clone for Huawei, etc.)

Can't install isolation apps after unlock device

Hi.
I unlocked the bootloader and rooted the phone with magisk. I can't install the island and shelter apps. The island application returns that the security policy prevents the creation of a work profile because a custom operating system is installed on this device. The case looks identical even when there is no root.
userned said:
Hi.
I unlocked the bootloader and rooted the phone with magisk. I can't install the island and shelter apps. The island application returns that the security policy prevents the creation of a work profile because a custom operating system is installed on this device. The case looks identical even when there is no root.
Click to expand...
Click to collapse
Congratulations! You have blown a fuse and Knox will NEVER work on your phone again.
I knew all about it. However, I am interested in a way to bypass this problem and restore at least application isolation.
Should i use multidisabler ?
Isn't it simpler to ask the islander/shelter app developer a question?
multidisabler nothing changed. In general, I can't manually create a profile using adb.

Question I want try to unroot my pixel 7 pro but...

Hi, I use root in all my devices from a lot of time but now I'm 41yo and no more interested in this.
I use root "now only" for
1) call recording (BCR);
2) SwifthBackup;
3) Revanced.
So, call recorder seems to be installed also without root: just put apk in system app directory!
... but, how I can move an apk in system directory without root or twrp, and with locked bootloader?
SwifthBackup can work without root? I don't remember but I can search.
Revanced isn't a problem, I can use with microG.
----
Any help about my doubts?
I want try also because VPN not work, and after a months of email with support "seems" can be related to unlocked/rooted device.
I want just try.
Ty.
Without root, Swift Backup can backup app APK files, but not the app data. It does allow you to grant adb permissions through Shizuku, but I never figured out what [if anything] that allows it to do. I wasn't able to backup app data with ADB privelages.
I don't know the answer to the Call Recording issue.
lupastro82 said:
Hi, I use root in all my devices from a lot of time but now I'm 41yo and no more interested in this.
I use root "now only" for
1) call recording (BCR);
2) SwifthBackup;
3) Revanced.
So, call recorder seems to be installed also without root: just put apk in system app directory!
... but, how I can move an apk in system directory without root or twrp, and with locked bootloader?
SwifthBackup can work without root? I don't remember but I can search.
Revanced isn't a problem, I can use with microG.
----
Any help about my doubts?
I want try also because VPN not work, and after a months of email with support "seems" can be related to unlocked/rooted device.
I want just try.
Ty.
Click to expand...
Click to collapse
I imagine that, once you move that .apk to the system app directory (while rooted), once you unroot, it should still stay there and probably be accessible; but I'm unsure whether successfully running it will be possible -- it depends on the call recording app and if the app requires root to run. If it doesn't and it simply needs root just to be inserted, then I imagine it would probably work if you unroot.
But I have never heard of this method of getting a mod or add-on to work by inserting it in the system app directory...it's fascinating...
Like you said, ReVanced doesn't necessarily need root to work; it just works better with it. Swift Backup will only in a basic way be able to back your device up without root access.
But if you are simply just trying to get a certain VPN to work -- and in the end you don't want to lose root -- you could try doing the numerous root-hiding methods. There are many games, banking apps, and streaming apps that won't work with root (without even giving you a warning that it's because of root detection sometimes) that, once you hide root successfully, are able to run it. It sounds like that could possibly be the case for your VPN.
There are these you can try (if you haven't yet); Zygisk Deny List, UniversalSafetyNetFix (Displax mod works best with P7P), Shamiko, HideMyApp, Magisk Delta, etc.
Also, please be aware (or reminded if you know already) that while unrooting will not wipe and reset your device, locking your bootloader requires wiping the device and you losing everything! You'll be able to get some stuff restored through Google One Backup/Sync, but most everything will need to be set back up and/or lost. And if all you are seeking is to get a VPN to work, I really highly doubt that the app/service goes so far as to detect if you have an unlocked bootloader; it seems there are some banking apps that go that far, but most apps out there don't go that far, and hearing a VPN does would be a first...
Good luck!
Just Google VPN. Do not work anymore from about two months and seems can be a root/unlocked issue.
Anyway, u're right. Ty so much.

Categories

Resources