Rooting, useful and safe? - OnePlus 7 Pro Questions & Answers

Hi guys, I need advice about rooting. I own this fantastic phone from its release, I've never used a cell phone like this, I'm so satisfied, the oxygen os is phenomenal.
Returning to the question, its worth rooting this phone? I personally all the cell phones I had before, I have always rooted them, but with this I am a little hesitant. I had thought of rooting it to have the aux cameras on Gcam that i use alots and for playing PoGo doing spoof gps. My real question is:What would I lose by unlocking the bootloader, flashing the twrp and installing magisk? If im not wrong, only Netflix HD right?
Do you advise me to do it?
Edit: Outside of the above reasons, I don't need to root my 7 pro. If I decided to do it, would I still receive updates via OTA?
Thanks in advance

You do not need to do Ask me a comment because the rom of op 7 Pro He is already good, but if you like to play a game or want to test a custom ROM, you must root it.

riioKen said:
Hi guys, I need advice about rooting. I own this fantastic phone from its release, I've never used a cell phone like this, I'm so satisfied, the oxygen os is phenomenal.
Returning to the question, its worth rooting this phone? I personally all the cell phones I had before, I have always rooted them, but with this I am a little hesitant. I had thought of rooting it to have the aux cameras on Gcam that i use alots and for playing PoGo doing spoof gps. My real question is:What would I lose by unlocking the bootloader, flashing the twrp and installing magisk? If im not wrong, only Netflix HD right?
Do you advise me to do it?
Edit: Outside of the above reasons, I don't need to root my 7 pro. If I decided to do it, would I still receive updates via OTA?
Thanks in advance
Click to expand...
Click to collapse
Your data would be wiped unlocking the bootloader, as I'm sure you know. Your are correct about Netflix, but there are a million free streaming apps to choose from. Magisk has a repo of modules that you could use and there's a few custom ROMs that are magisk versions. Magisk can hide from apps if need be. You can make your device faster and more battery effecient with custom kernels and it wouldn't affect OTAs aside from downloading the full zip rather than an incremental version. There are plenty of instructions on xda for updating with twrp and magisk to keep root. I have been rooted with my OP7Pro since the first hour I had the device. You also have Swift backup for apps, messages and call logs, so you could restore them to a new device as well if you root it also. You can block ads better with root, use viper4android for a superior sound experience and create a nandroid backup to restore it to a previous state if something should go wrong.

Related

OnePlus 7P Root w/o Magisk/TWRP

Hi,
I'm quite new to rooting. I've jailbroken many iPhones but it's been much easier than rooting Android.
Either way, I have an app to connect my PS3 controller to my OP7pro. This app requires the phone to be rooted. I'm wondering if I have to do everything in the tutorials or just something simple like unlocking the bootloader. I'm also curious if after the root I will be able to install the backup from my pc and keep the root. I do not need nor want Magisk or TWRP at the moment, I will install it at some point.
What do I need to do to make a root-critical app work as simply as possible?
is very simple to root just follow one of the multiples guides in this forum, if you have a T-mobile variant you need to sim unlock first then convert it to intl.
it all sounds complicated but is very easy
piotrekkrzewi said:
Hi,
I'm quite new to rooting. I've jailbroken many iPhones but it's been much easier than rooting Android.
Either way, I have an app to connect my PS3 controller to my OP7pro. This app requires the phone to be rooted. I'm wondering if I have to do everything in the tutorials or just something simple like unlocking the bootloader. I'm also curious if after the root I will be able to install the backup from my pc and keep the root. I do not need nor want Magisk or TWRP at the moment, I will install it at some point.
What do I need to do to make a root-critical app work as simply as possible?
Click to expand...
Click to collapse
If you NEED root then at the moment you NEED magisk
Unlock bootloader first for you need to and it'll wipe all your data...
Twrp is not necessary however it makes things easier such as backing up, flashing from recovery, etc.
HtcOnekid said:
is very simple to root just follow one of the multiples guides in this forum, if you have a T-mobile variant you need to sim unlock first then convert it to intl.
it all sounds complicated but is very easy
Click to expand...
Click to collapse
Aight, but will I be able to restore my backup and keep the root?
What's this app you are using to use your ps3/4 controller?
No point in trying to avoid Magisk. I reckon the same applies to TWRP as well. They're extremely simple to install. Connect your phone to a PC, reboot to bootloader/fastboot mode, then run
fastboot boot TWRP.img (either rename the twrp image or change the filename the command refers to), then in the temporary twrp you flash 2 zip files (twrp installer + Magisk). Done. Rooted with twrp and magisk (After you unlock your bootloader, of course).
Trying to root without Magisk or TWRP will not only be more difficult, but also likely cause you issues (such as no Google Pay).
Magisk is your best XDA friend! Cheers
equlizer said:
What's this app you are using to use your ps3/4 controller?
Click to expand...
Click to collapse
Sixaxis controller is the app
I'd like to thank you all for clarifying the topic. It seems like a really nice forum. But what I need to know is will I be able to restore my OnePlus Switch backup from the app and will i keep the root? The last thing I want is to reinstall all the apps.
Why would you need root to use a bluetooth device?
djsubterrain said:
Why would you need root to use a bluetooth device?
Click to expand...
Click to collapse
You can not pair a ps3 controller with the phone and just make it work. It need some sort of a driver, and this app is one. But for some reason it needs root to show the local bluetooth adress and connect.
piotrekkrzewi said:
I'm wondering if I have to do everything in the tutorials or just something simple like unlocking the bootloader.
Click to expand...
Click to collapse
Unlocked bootloader is just an unlocked bootloader. It is not root.
As other have touched upon, Magisk is the root method for this device. I'm not aware of any other root method. Only different variations on flashing Magisk. It's awesome, works great, reliable, and well supported by the developer. So I see no reason to avoid it. Yes, Magisk has some features you may not need. But you can simply opt not to use them. My opinion, it still is a lightweight and unbloated root solution.
You can root using Magisk, without TWRP. But you need to flash a patched boot image (and the correct one for your OOS version, or you will have problems). So you would really be making the process harder for no good reason. And in my opinion, having a modded device (root) without a custom recovery (TWRP) is not a good idea. It is called "recovery" for a reason, as it allows you a lot of options to recover the device if things go wrong. Much more so than the stock recovery (which is nearly useless, really only good for installing stock OTA updates on stock devices).
I don't personally use Oneplus Switch backup app. But I don't see any reason why it would not work once rooted. If you downloaded the apps from the Google Play store, they should just automatically reinstall anyway (after root, and starting up the phone again)?
In any case, losing data (having to setup the phone again, etc.) is always a possibility when unlocking the bootloader and rooting these devices. If you choose to mod the phone, it's just a possibility we all live with.

Is it worth rooting the OnePlus 7?

Hi All.
I've got a OP 7 Pro which for the most part, am loving it, except the camera (Messing with GCam ports atm).
I usually root my handsets for the usual de-bloat / custom rom reasons. The last OnePlus I had, I rooted and installed TWRP. Didn't have much success with custom roms so ended up running pretty much stock (but could no longer update OTA for some reason). Since OP don't put loads of bloatware on, I din't mind so much, although I do like to mess around. I really want to be able to do full nand backup which requires unlocked bootloader = all data gone. I can handle reinstalling apps etc but loosing Google Authenticator is a pain in he ass. Do you guys think it is worth rooting at all? Is there a full backup technique that doesn't rquire unlocking bootloader / loosing current data?
I'm not particualrtly hopeful but any suggestions would be appreciaed.
Thanks.
Answered numerous times already. Please use the search box. https://forum.xda-developers.com/oneplus-7-pro/help/worth-rooting-days-gain-t3937894
Root is a good way to start the new year on XDA! ??
Love root!!!
Short answer, yes
I have lived fine without rooting for years.
Have not bricked my device once since I stopped rooting, but why ask here ? People come here just to root devices, try ROMs, Kernels, Mods ....... This place is biased and they will tell you rooting in great everytime
hallo dare said:
Answered numerous times already. Please use the search box. https://forum.xda-developers.com/oneplus-7-pro/help/worth-rooting-days-gain-t3937894
Click to expand...
Click to collapse
I read the thread you linked to. Nowhere do I see it discussing:
What all will be LOST by rooting besides Netflix 720P. (ie google pay etc and yes I know magisk has a "hide" feature but it fails on several common apps)
How the root can be accomplished without losing data or with a method to restore data lost from bootloader unlock.
Both questions were asked by the op in the original post.
Would like to know this too. I haven't rooted a device for many years, because I need the use of banking apps and Google Pay is my main (sometimes only) method of payment.
How reliable is custom kernels from hiding root?
famewolf said:
I read the thread you linked to. Nowhere do I see it discussing:
What all will be LOST by rooting besides Netflix 720P. (ie google pay etc and yes I know magisk has a "hide" feature but it fails on several common apps)
How the root can be accomplished without losing data or with a method to restore data lost from bootloader unlock.
Both questions were asked by the op in the original post.
Click to expand...
Click to collapse
I have my OnePlus 7 Pro rooted just following the guides on here and my phone still has functioning Google Pay and full quality Netflix.
Pokemon Go was trickier to get it to not recognize the root, I had to setup Magisk Manager a specific way besides just hiding root from the app but other than that everything works great.
QuintonAjStevens said:
I have my OnePlus 7 Pro rooted just following the guides on here and my phone still has functioning Google Pay and full quality Netflix.
Pokemon Go was trickier to get it to not recognize the root, I had to setup Magisk Manager a specific way besides just hiding root from the app but other than that everything works great.
Click to expand...
Click to collapse
How u have hd quality on netflix?This is not possible because when u unlock bootloaded u lose drm for hd.
johnnyman25 said:
How u have hd quality on netflix?This is not possible because when u unlock bootloaded u lose drm for hd.
Click to expand...
Click to collapse
Whoops. Didn't realize this was such a big problem. I assumed it was in full quality as I only tested it, but don't regularly use Netflix on my phone. After digging into the app it says I have Widevine L3 and can use only SD with no HDR.

what are the interesting things I can do after rooting my op6?

After leaving Samsung, I did not root my phone as never felt the need for it, as I used root for battery mods and roms.
So can anyone tell me that what interesting mods I can do after rooting my phone?
You can install custom ROMs which have extended features for your phone like changing what buttons do, having an always on display show different things, have shortcuts mapped etc. Custom kernels can manage your phone better whether you like more battery or more performance. Then you have magisk modules come in that can add further functionality and then Edxposed, F-droid the list goes on and on.
You can get rid of ads in your apps.
You can have modded youtube without any ads and other stuff.
Tons of stuff
i root because a few mods:
Viper4android
Call Recorder - not available in my country.
EdXposed with gravitybox - for little customizing
Youtube Vanced
i also root because i had oneplus 5 before which was not rooted and one day i messed up and couldnt get it to work again. i really tried everything - if i was rooted i probably could have fixed my op5.
How do you install new updates then?
Once the updates are out you can install them directly with your phone as you have been doing with any other phone.
The only thing is that after every update you have to root again your phone as the update 'delete' the root.
Nothing major, don't worry. Trust me, us, once you root you won't be able to have your phone unrooted anymore ?
If you are in doubt I suggest you to root it once and then, after a new update you can decide if root it again or not ?
If ur not willing to walk the mile of getting knowledge, dont root
You can use it to teleport to another dimension.
Jk jokes aside you have full control of your system and can do all kinds of modification which how you modify will make it awesome or perform worse.
@bibop80 @chintu1234 @whizeguy
I have rooted my phones for years when I used Samsung devices.
Samsung had issues with battery and performance so that time I had rooted my device.
But since I am using op6 I am so satisfied with the performance and battery, that's why I never rooted my device.
Now I am bored and want to try few mods, so I will root my phone.
I have never used magisk root method, and as I said it's been almost 2 years I rooted device, so I'll be happy if someone can guide me in detail and best root method, I am currently on latest fw android 10.
Thanks in advance!
I do agree with you about Samsung, that is why I passed to oneplus few years ago, the only thing I do miss is the camera quality.
A part of that, you'll be happy to have your phone rooted (Magisk is amazing!)
I suggest you the section of this forum GUIDES, NEWS AND DISCUSSION; once there you'll find the guide titled "OnePlus 6: Unlock Bootloader | Flash TWRP | Root | Nandroid & EFS Backup !!"
It looks more difficult than with Samsung but it isn't at all!
Good luck man and welcome to the Dark side
bebop80 said:
I do agree with you about Samsung, that is why I passed to oneplus few years ago, the only thing I do miss is the camera quality.
A part of that, you'll be happy to have your phone rooted (Magisk is amazing!)
I suggest you the section of this forum GUIDES, NEWS AND DISCUSSION; once there you'll find the guide titled "OnePlus 6: Unlock Bootloader | Flash TWRP | Root | Nandroid & EFS Backup !!"
It looks more difficult than with Samsung but it isn't at all!
Good luck man and welcome to the Dark side
Click to expand...
Click to collapse
Thanks for the info, I checked the forum.
Kindly help me to understand few things -
Do I need to install Twrp tp install Magisk?
Will I lose any apps like snapchat?
You can root your phone also without installing the twrp (if you are not intended to deep mod your phone). I'd suggest anyway to install the twrp.
Yes, magisk is needed it can be compared as the supersu but with extended feautures.
If I don't mistake (I did unlock my bootloader on my 1st day I owned the oneplus) all data will be wiped and yes... You might loose your data.
If you can make a backup of your photos, videos and any extra file on a PC and after the unlock and root procedure you can restore them.
All other app can just be downloaded again.... ???
for people mentioning about adfree & background youtube, this can be done in a virgin phone also. just install the vanced apk.
JerryGoyal said:
for people mentioning about adfree & background youtube, this can be done in a virgin phone also. just install the vanced apk.
Click to expand...
Click to collapse
I am already using YouTube vanced, it's great.
bebop80 said:
You can root your phone also without installing the twrp (if you are not intended to deep mod your phone). I'd suggest anyway to install the twrp.
Yes, magisk is needed it can be compared as the supersu but with extended feautures.
If I don't mistake (I did unlock my bootloader on my 1st day I owned the oneplus) all data will be wiped and yes... You might loose your data.
If you can make a backup of your photos, videos and any extra file on a PC and after the unlock and root procedure you can restore them.
All other app can just be downloaded again.... ???
Click to expand...
Click to collapse
I guess I'll be doing this on next weekend. I'll post query if I have any doubts. Thanks!
I find that making phone calls with this device seem to be the thing that most people do
bebop80 said:
You can root your phone also without installing the twrp (if you are not intended to deep mod your phone). I'd suggest anyway to install the twrp.
Yes, magisk is needed it can be compared as the supersu but with extended feautures.
If I don't mistake (I did unlock my bootloader on my 1st day I owned the oneplus) all data will be wiped and yes... You might loose your data.
If you can make a backup of your photos, videos and any extra file on a PC and after the unlock and root procedure you can restore them.
All other app can just be downloaded again.... ???
Click to expand...
Click to collapse
I am unable to flash twrp from adb,i ve unlocked the bootloader.any help?
nvrmndryo said:
I am unable to flash twrp from adb,i ve unlocked the bootloader.any help?
Click to expand...
Click to collapse
Follow this guide
h***s://www.xda-developers.com/how-to-install-twrp/
Double check all the adb instructions before confirming them and check that you have all the right files necessary for the operation. (start your pc terminal as administrator)
bebop80 said:
Follow this guide
h***s://www.xda-developers.com/how-to-install-twrp/
Double check all the adb instructions before confirming them and check that you have all the right files necessary for the operation. (start your pc terminal as administrator)
Click to expand...
Click to collapse
Thanks. successfully rooted my phone.

Just bought a P3A, do I update prior to rooting

I will take delivery of a new Pixel 3a later this week. I will thoroughly read through “How to root the Pixel 3a with or without twrp & take OTA updates once rooted” and “How to Root Your Pixel 3a and Install Magisk (on Pie & Q) with or without TWRP”. But before unlocking bootloader and rooting should I accept all updates first during the initial setup?
MrTooPhone said:
I will take delivery of a new Pixel 3a later this week. I will thoroughly read through “How to root the Pixel 3a with or without twrp & take OTA updates once rooted” and “How to Root Your Pixel 3a and Install Magisk (on Pie & Q) with or without TWRP”. But before unlocking bootloader and rooting should I accept all updates first during the initial setup?
Click to expand...
Click to collapse
Yes
bejunk said:
Yes
Click to expand...
Click to collapse
Thanks. The little reading I have done so far, it sounds like you can not flash or boot TWRP in Android 10. Won't all the updates take me to 10? I will want to back up my ROMs.
MrTooPhone said:
Thanks. The little reading I have done so far, it sounds like you can not flash or boot TWRP in Android 10. Won't all the updates take me to 10? I will want to back up my ROMs.
Click to expand...
Click to collapse
Oh, i forgot as i dont use TWRP anymore.
Yes TWRP only works on Android 9.
However you can't install it like in the past time. You can only boot it via fastboot. You need to do this everytime you want to use TWRP. However when i tried it in past times it did not work well afaik, a full backup did not work at all.
So yeah try it with Android 9 first.
But with all the google backups nowadays i dont have the need for a nandroid (twrp backup)...
Especially as you can just reflash the stock image with deleting /data.
Here is the main thread, i think it will be more helpfull than i am https://forum.xda-developers.com/pixel-3a/development/twrp-3-3-1-pixel-3a-t3943413
The very first thing to do is minimal setup so you can enable developer settings and allow bootloader unlocking. That's a sticky setting, so then you can update, factory reset, etc. before actually unlocking the bootloader and rooting. Especially important if you're US/Verizon (don't put your SIM in until bootloader unlocking is enabled).
mike.s said:
The very first thing to do is minimal setup so you can enable developer settings and allow bootloader unlocking. That's a sticky setting, so then you can update, factory reset, etc. before actually unlocking the bootloader and rooting. Especially important if you're US/Verizon (don't put your SIM in until bootloader unlocking is enabled).
Click to expand...
Click to collapse
Thanks. So I read the two rooting threads I referenced above. I have always used TWRP in the past, but seeing it not supported in Android 10, I am considering skipping that. Do you think TWRP will support Android 10 in the future? I am a little nervous making changes without a backup. My plan would be to stick with a rooted stock at first than consider migrating to a custom ROM. Any recommendations are appreciated. Phone will be delivered tomorrow.
bejunk said:
But with all the google backups nowadays i dont have the need for a nandroid (twrp backup)...
Click to expand...
Click to collapse
I am not sure what you mean by "google backups nowadays". Is it the availability of stock ROMs?
MrTooPhone said:
I am not sure what you mean by "google backups nowadays". Is it the availability of stock ROMs?
Click to expand...
Click to collapse
No , I think most people use a TWRP backup because it restores you to a specifiic point with all your apps, user settings and your data in those apps.
Thats why i used it in the past times. Setiing up a phone in the past could be really time consuming and frustrating.
But nowadays, if you use the google backup (in Settings > System > Backup) (and the whatsapp one for messages - thtas the only messenger i use, but every other popular messager has a backup feature now) setting up the phone takes maybe 10 mins when i flash the factory image, it even gets my homescreen layout and my wallpaper back, also my settings. Apps which support that also keep their settings.
In the past i allways had a custom rom, because stock rom sucked. But with the Pixel theres no reason for me to use a custom rom anymore.
About root, i rooted my phone since i first used android, ca. 2010. But now I really dont need it anymore, so i just keep things stock.
---------- Post added at 16:03 ---------- Previous post was at 15:50 ----------
MrTooPhone said:
Thanks. So I read the two rooting threads I referenced above. I have always used TWRP in the past, but seeing it not supported in Android 10, I am considering skipping that. Do you think TWRP will support Android 10 in the future? I am a little nervous making changes without a backup. My plan would be to stick with a rooted stock at first than consider migrating to a custom ROM. Any recommendations are appreciated. Phone will be delivered tomorrow.
Click to expand...
Click to collapse
I dont think TWRP will be supported in the futur on A10. Google locked up /system and some other partitions the TWRP team needs to find new solutions but there id not much hope.
Did you buy your phone unlocked? If yes, the worst part you should be worried about is losing you app data from some apps. You cant really brick your phone. In the worst case you just need to flash a factory image.
You should know that rooting your phone will probably break google pay and banking apps. May i ask what did you want use root for?
I dunno, I really like Lineage OS, but it just feels like a downgraded stock rom.. (I used it before all the time on all phones before getting a pixel).
Also, for every update (monthly) you need to patch your boot.img, flash it, and the apply the update. Its some work which i dont think is worth it anymore.
bejunk said:
May i ask what did you want use root for?
Click to expand...
Click to collapse
Thanks for the detailed reply. I am coming from a MotoG3 (rooted stock), a 2015 era phone. So a lot has changed. I really have not seen a mid range phone I really liked, so I jumped on the P3a when I heard the news they were being discontinued.
I use root mainly for Adfree, SD-Maid, and Titanium Backup. I used to use Cerberus until the developer reneged on a lifetime subscription. I don't mess with the system apps much, but I do keep a few apps frozen except for the times when I seldom need them.
Magisk is the best way to root your phone as it still passes the SafetyNet check and google pay and banking apps continue to work. There is an excellent thread here on how to do it.
[Guide] How to root the Pixel 3a with or without twrp & take OTA updates once rooted
Every month, I "uninstall" magisk (which really just restores the original boot files) and sideload the latest update, then I install the magisk-patched boot.img and my phone is rooted again.
To be honest, I don't miss twrp at all. adb and fastboot are all that's needed. The backup in android 10 is perfectly sufficient.
This phone is practically impossible to brick. I love my Pixel 3a, except for the one problem I had when the bottom speaker died and I had to have it repaired under warranty at the local ubreakifix in less than an hour.
MrTooPhone said:
Thanks for the detailed reply. I am coming from a MotoG3 (rooted stock), a 2015 era phone. So a lot has changed. I really have not seen a mid range phone I really liked, so I jumped on the P3a when I heard the news they were being discontinued.
I use root mainly for Adfree, SD-Maid, and Titanium Backup. I used to use Cerberus until the developer reneged on a lifetime subscription. I don't mess with the system apps much, but I do keep a few apps frozen except for the times when I seldom need them.
Click to expand...
Click to collapse
Yeah, I had that phone too It was pretty good for its time. I even replaced the screen once, but its really complicated on that phone... To your needs:
Adfree: you can setup a custom DNS server (i think it was adguards one) in the settings menu which will block all ads, so no real need anymore for adaway or root for this. Just google a bit.
Titanium backup: I does not work so well is what i heard and like said nowadays most apps backup over Google backup. With Android11 it will get even harder as /data partition is even more protected now. Not really worth it imho.
Froze system apps: Pixel Android is really barebones. The few apps which i dont need (like Google Music/Video PixelBuds app etc) you can just disable them in the settings. This will freeze them, its like uninstalling them, they wont show up at all.
SD Maid is great but only rooting it for using it, is not worth it. You can clear the cache of the apps which hoard a lot of data by yourself. Also, when you uninatll an app, it asks you if you want to delete your userdata as well. The phone takes care of the rest.
Cerberus: If you keep your bootloader locked, when your phone gets stolen, nobody can access your phone. Even if they reflash it, on first boot it will ask to login to the gmail last time set up. Theres no workaroud. Google aslo has a find my device thingy, wher you can track or delete your device remotly.
I would suggest to use your phone unrooted for some time, and if you really need to root it for something, you can still do it.
Welcome to team Pixel, mate!
(sorry my grammer im to lazy to double check it...)
@bejunk Just a not to say thanks again. I took your advice and did not root. However, I did flash with GrapheneOS and then re-locked the bootloader. Time will tell if I like it.

Out of warranty thinking of using a Custom ROM but...

Hi Folks,
I hope you guys can shed some light into this, sorry if this is long and if this has been asked I'm sorry but I could not find the answers I was looking for, as some results they sound almost the same and some had not specified enough. So I hope the clever people here can explain a few things before I go ahead.
Background on my Phone (don't know if its relevant or not)
I own an Exynos SM-G970F, on One UI 3.1, June 2021 Update, this was purchased in Australia. Now that my phone is out of warranty I was thinking of installing a custom ROM. The main motivation was to reduce CPU usage and improve battery life.
I have installed a custom ROM and rooted my tablet for practice and it was easy to follow. I gotta say it was phenomenal how it brought back ancient hardware to buttery smooth performance of newer android versions. I wanted this same experience on my daily driver phone and there are some security based questions I would like to know.
Questions
1. First off unlocking the bootloader, I have read that it reduces your security of the phone as this allows hackers to gain access to your phone unlike a locked bootloader. As far as I understand the bootloader is to check if the system partition is a Samsung ROM. So in an unlocked state it will still load the kernel and run the system regardless if the ROM is Samsung or not, am I correct in this?
1a. If that's the case and if I installed the custom ROM and then locked the bootloader I would brick my phone right? as the bootloader is looking for a Samsung ROM but since it can't recognize the ROM it will boot loop.
1b. So in this case how would an unlocked bootloader make it vulnerable apart from accessing the OS? I'm thinking in a real word scenario if I were to lose my phone and someone found it, they could have means of access from an unlocked bootloader? but then again they could have access through custom recovery?
1c. Would it be necessary to lock a bootloader once you install a custom ROM? Do some custom ROM support signing bootloaders?
2. SafetyNet, as far as I understand this is a Google thing? like the app from Play store will check your system for any tampered software before functioning or at least warning the consequences of using the app in a custom ROM, is this right?
2a. So this could lead to some banking apps not working as it requires a SafetyNet pass on your device. But this only happens if you end up rooting your device? I understand Magisk is systemless root so the SafetyNet should pass in theory?
Primarily I'm concerned of the security and privacy of the phone but nothing is perfect, so there has to be some give and take with privacy and security? Though I will lose some privacy as I will install OpenGApps for some applications to work. So security would be the most important thing. What would be some best practices for a daily driver phone on custom ROM?
I imagine that hackers are not interested attacking an individual as this takes a lot of time and energy, unless they are bored or something like that.
Thanks for taking the time to read all this and if you can shed more information that would be great! I would like to learn more before giving the green light for custom ROM on my Samsung S10e.
With the caveat that I'm really bad at Samsung, I'll try to give a couple of answers. Sounds like you have the gist of it though...
Unlocking the bootloader is necessary to install anything custom, yes, and it does reduce the security of the device but mainly if someone has physical access to it. Keeping the device encrypted can help protecting your data though. There are some devices that allow locking the bootloader with custom firmware installed, but those are few. General rule: don't even try. I've seen some talk from people at Google about letting custom ROMs be certified, so that you could lock the bootloader with them, but currently there's nothing like that (that I know of). Once in a while I see people talking about trying to sign their images to lock the bootloader, but IMHBCO it's not worth the effort (if it's possible). If you're going custom, keep the bootloader unlocked.
About SafetyNet, it's an API provided with Google's play services and can be used by apps to check if a device's security has been compromised. Far from all bank apps will be using this and many instead have their own ways of detecting a "tampered" device (more on that below). SafetyNet will trigger from a number of things:
Unlocked bootloader
Custom ROM
Root
Etc...
So, as you see it's not only rooting that will cause you problems. There are ways around it though, mainly with the help of Magisk.
When it comes to what bank apps will detect, that could include a custom ROM, root apps, files on your device, Magisk, etc. They're often much more picky than SafetyNet even...
If you need help with getting SafetyNet and banking apps working on a custom ROM, with Magisk, I've got a few resources and tips collected here:
https://www.didgeridoohan.com/magisk/HomePage
Regarding security and custom ROMs it's pretty much the same as on a stock device. Don't install weird apps from outside the Play Store, don't click links in emails, etc. On to of that, another thing to look out for is SELinux. Don't use a ROM that has it disabled. It's quite important for the security of the OS... And if you do root, be careful with what apps you give root access, since an app with root access can do whatever it wants.
No idea if this cleared anything up or just created more questions. If there are Samsung specific stuff I've gotten wrong or missed I hope that someone that actually knows what they're talking about shows up...
Didgeridoohan said:
With the caveat that I'm really bad at Samsung, I'll try to give a couple of answers. Sounds like you have the gist of it though...
Unlocking the bootloader is necessary to install anything custom, yes, and it does reduce the security of the device but mainly if someone has physical access to it. Keeping the device encrypted can help protecting your data though. There are some devices that allow locking the bootloader with custom firmware installed, but those are few. General rule: don't even try. I've seen some talk from people at Google about letting custom ROMs be certified, so that you could lock the bootloader with them, but currently there's nothing like that (that I know of). Once in a while I see people talking about trying to sign their images to lock the bootloader, but IMHBCO it's not worth the effort (if it's possible). If you're going custom, keep the bootloader unlocked.
About SafetyNet, it's an API provided with Google's play services and can be used by apps to check if a device's security has been compromised. Far from all bank apps will be using this and many instead have their own ways of detecting a "tampered" device (more on that below). SafetyNet will trigger from a number of things:
Unlocked bootloader
Custom ROM
Root
Etc...
So, as you see it's not only rooting that will cause you problems. There are ways around it though, mainly with the help of Magisk.
When it comes to what bank apps will detect, that could include a custom ROM, root apps, files on your device, Magisk, etc. They're often much more picky than SafetyNet even...
If you need help with getting SafetyNet and banking apps working on a custom ROM, with Magisk, I've got a few resources and tips collected here:
https://www.didgeridoohan.com/magisk/HomePage
Regarding security and custom ROMs it's pretty much the same as on a stock device. Don't install weird apps from outside the Play Store, don't click links in emails, etc. On to of that, another thing to look out for is SELinux. Don't use a ROM that has it disabled. It's quite important for the security of the OS... And if you do root, be careful with what apps you give root access, since an app with root access can do whatever it wants.
No idea if this cleared anything up or just created more questions. If there are Samsung specific stuff I've gotten wrong or missed I hope that someone that actually knows what they're talking about shows up...
Click to expand...
Click to collapse
Hi Didgeridoohan,
Thank you for taking the time to comb through my queries and I believe you have answered what I was looking for. So it has dispelled any myths and misconceptions of custom roms.
Personally I use the phone most and my significant other uses my phone for some games. So physical access is not likely to fall in the hands of someone else unless I lost it. Encrypting the phone is a good safety measure, I assume this is something that can be done in the settings of the OS?
With banking I guess I will have to install and see if it works out, otherwise I don't mind going to a phone web browser and do it that way.
I appreciate your link for further info of Magisk, I will be reading through the page to get better insight.
Regarding SELinux, I had seen this on my phone though it says SE for Android Status and says 'Enforcing' and on the Custom ROM on my tablet in the settings it also says 'Enforcing'. So I can assume that its ensuring the security of the OS.
I didn't have the intention of rooting as I thought I can root at any point in time but if its good practice to do it when flashing the custom ROM please let me know.
I had planned on installing TWRP and use either Lineage or crDroid (kinda leaning to this one). They both are supported on their website so I don't think I will run into issues.
Once again thanks for your help and advice on the custom ROM, I think my questions were broad and it may not be Samsung specific as there are features I know I will lose but have never used when I had the original ROM.
dude777 said:
Encrypting the phone is a good safety measure, I assume this is something that can be done in the settings of the OS?
Click to expand...
Click to collapse
Yes. Just make sure that any ROM you choose is compatible with encryption. And remember that if you ever want to remove the encryption you'll have to wipe the device.
Regarding SELinux, I had seen this on my phone though it says SE for Android Status and says 'Enforcing' and on the Custom ROM on my tablet in the settings it also says 'Enforcing'. So I can assume that its ensuring the security of the OS.
Click to expand...
Click to collapse
Correct. That's the way it should be if you want to keep some security on your device.
I didn't have the intention of rooting as I thought I can root at any point in time but if its good practice to do it when flashing the custom ROM please let me know.
Click to expand...
Click to collapse
You can wait with rooting. If you don't have any need for it, why bother? I use Magisk to hide the fact that I have an unlocked bootloader (and to hide Magisk from some apps), to use a custom hosts file (for adblocking) and for app backups (I use Swift Backup, works great).
Once again thanks for your help and advice on the custom ROM, I think my questions were broad and it may not be Samsung specific as there are features I know I will lose but have never used when I had the original ROM.
Click to expand...
Click to collapse
There are some things you'll lose when unlocking the bootloader on a Samsung, due to the tripped Knox fuse. I can't say much about that though, since I don't do Samsung...
Have fun!
Thanks Didgeridoohan,
This has given me some confidence in going forward with custom ROM. I will make some backups and take measures and if it doesn't work out I can go back but I probably wont .
I've been running LineageOS on my Exynos S10e for a few days now and it's great, better battery life than on Samsung's firmware too from what I can see.
Settings say encryption is enabled. I'm assuming on /data only, I'll have to poke around as I've been away from Android for a while and I haven't been keeping up with what's going on.
I had to use the Magisk props module (selected the same phone model) to pass SafetyNet and enable Google Pay. Banking apps here in Australia don't seem to care, at least CommBank, Bendigo, AMP by I did select them in MagiskHide just in case.
If you decide to go for it, remove all your accounts before flashing the LineageOS recovery. I didn't and wasn't able to flash recovery until I re-added and removed them (Factory Reset Protection kicked in apparently). Smooth ride after I did this.
If you don't like the LOS gestures use Fluid (FNG), I love how customizable it is. You can hide the navigation bar in Termux by running:
su
props qemu.hw.mainkeys 1
Good luck and feel free to ask me questions if you have any!

Categories

Resources