Are there security risks of rooting one Plus in 2021¿ - General Questions and Answers

I am just worried and want to know after rooting any of my devices, leads to risks in making any types of payments. Be it NFC or via any banking apps.
Also, not only payments, but any user data and access to system files related to security.
Does the above still applies after an un-root is done?

Robo Lord said:
I am just worried and want to know after rooting any of my devices, leads to risks in making any types of payments. Be it NFC or via any banking apps.
Also, not only payments, but any user data and access to system files related to security.
Does the above still applies after an un-root is done?
Click to expand...
Click to collapse
Rooting (Android) - Wikipedia
en.m.wikipedia.org
To sum up. Depends how much security you remove and how you allow the root software that gets installed, admin privileges. Just don't have the prompt on auto, so then you can allow app privileges manually.

Related

[Q] security of rooting apps and custom roms

Hello,
I think about rooting my device.
However I also think about how secure the custom roms builds or rooting apps are.
E.g.
In the modaco forum there is a tool called Superboot r2 to root the motorola moto g device.
How can I know/trust that this tool doesn't contain any spyware/malware or other malicous code?
How do you guys look at the security of custom roms and other apps which root your device?
Customizing and rooting one's phone can be done very securely. Even more now than a few years ago. I would be wary about apps that can root your phone with a buttoon press. Unless, of course, there is a really long thread about it on xda. The same with apps not from the Google store. You should run a virus scan on any apks you get in general. They can contain malicious code that can mess up your device and steal your information.
Once you root your device, it's a good idea to look into the XPrivacy app. You can use it to control the individual permissions of all of your installed app. There are a lot of other security measure you can take too. Do research on what would be relevant to your device.
kbntk said:
Hello,
I think about rooting my device.
However I also think about how secure the custom roms builds or rooting apps are.
E.g.
In the modaco forum there is a tool called Superboot r2 to root the motorola moto g device.
How can I know/trust that this tool doesn't contain any spyware/malware or other malicous code?
How do you guys look at the security of custom roms and other apps which root your device?
Click to expand...
Click to collapse
Rooting a device greatly decreased the overall security of the device. You are breaking the basic security design of Android, you are incorporating new code (mods etc) from developers who may not be properly trained, many who jsut copy past code from elsewhere without understanding what exactly is going on. Potentially (almost certainly with most custom roms) introducing new vulnerabilities.
Elzbach said:
Customizing and rooting one's phone can be done very securely. Even more now than a few years ago. I would be wary about apps that can root your phone with a buttoon press. Unless, of course, there is a really long thread about it on xda. The same with apps not from the Google store. You should run a virus scan on any apks you get in general. They can contain malicious code that can mess up your device and steal your information.
Once you root your device, it's a good idea to look into the XPrivacy app. You can use it to control the individual permissions of all of your installed app. There are a lot of other security measure you can take too. Do research on what would be relevant to your device.
Click to expand...
Click to collapse
I'm going to have to flat out disagree. Once you have rooted your device, security has greatly been decreased. What would be a minor vulnerability in a normal app, can become a huge vulnerability in an application that has been granted permission to use root. Same goes for the Superuser control application.
Thank you for your replies guys.
jcase said:
Rooting a device greatly decreased the overall security of the device. You are breaking the basic security design of Android, you are incorporating new code (mods etc) from developers who may not be properly trained, many who jsut copy past code from elsewhere without understanding what exactly is going on. Potentially (almost certainly with most custom roms) introducing new vulnerabilities.
I'm going to have to flat out disagree. Once you have rooted your device, security has greatly been decreased. What would be a minor vulnerability in a normal app, can become a huge vulnerability in an application that has been granted permission to use root. Same goes for the Superuser control application.
Click to expand...
Click to collapse
I agree rooding the device decreases the overall secruity of the device.
On the other hand, rooting the device gives access to the apps that give you control over the system and data on it. For example as Elzbach wrote, with the app XPrivacy I can control what apps have access to my personal information.
Now - without root - when I instal a new keyboard or launcher with widgets, I'm warned that these apps can have access to my personal information and can use them malicously. For me that means, that even without root using normal apps I can get big security risk when using some apps from play store.
Do you build the custom android version by yourself from the source or use builds provided on this forum or modaco or use another way?
kbntk said:
Thank you for your replies guys.
I agree rooding the device decreases the overall secruity of the device.
On the other hand, rooting the device gives access to the apps that give you control over the system and data on it. For example as Elzbach wrote, with the app XPrivacy I can control what apps have access to my personal information.
Now - without root - when I instal a new keyboard or launcher with widgets, I'm warned that these apps can have access to my personal information and can use them malicously. For me that means, that even without root using normal apps I can get big security risk when using some apps from play store.
Do you build the custom android version by yourself from the source or use builds provided on this forum or modaco or use another way?
Click to expand...
Click to collapse
XPrivacy, and apps like them introduce additional security concerns of their own. Android is not designed to work the way they force it too, introducing many new unknowns.
New keyboard, launchers introduce an infinitely smaller risk than any root app, and unlike with root apps you are warned and privileges are handled by an established well tested permission system. Comparing the two is completely silly.
Any developer, in a matter of minutes, put together a root app requesting 0 permissions, that can gain permissions or otherwise use APIs requiring permissions at runtime without declaring them, and disable or work around any "security" any XPrivacy type app claims to provide. Once rooted, apps like XPrivacy provide a complete false sense of security. Given you need root to use them... they provide no real security at all.
A completely valid scenario (one we have seen in the wild): An app with 0 permissions, but the ability to use su could download and dynamically execute new code to perform the malicious activities. IE Google bouncer, and any anti virus software would be @#[email protected] out of luck on that one. All because a user decided to completely break the basic security model, by installing su.
The only customized version of Android I use, is a customized emulator I use for analysis, and that only used when I suspect something could damage an actual test device.
I do not mess with customized versions of Android on real hardware, I only build when testing patches I plan to push to the AOSP gerrit for review.
jcase said:
Rooting a device greatly decreased the overall security of the device. You are breaking the basic security design of Android, you are incorporating new code (mods etc) from developers who may not be properly trained, many who jsut copy past code from elsewhere without understanding what exactly is going on. Potentially (almost certainly with most custom roms) introducing new vulnerabilities.
I'm going to have to flat out disagree. Once you have rooted your device, security has greatly been decreased. What would be a minor vulnerability in a normal app, can become a huge vulnerability in an application that has been granted permission to use root. Same goes for the Superuser control application.
Click to expand...
Click to collapse
jcase said:
XPrivacy, and apps like them introduce additional security concerns of their own. Android is not designed to work the way they force it too, introducing many new unknowns.
New keyboard, launchers introduce an infinitely smaller risk than any root app, and unlike with root apps you are warned and privileges are handled by an established well tested permission system. Comparing the two is completely silly.
Any developer, in a matter of minutes, put together a root app requesting 0 permissions, that can gain permissions or otherwise use APIs requiring permissions at runtime without declaring them, and disable or work around any "security" any XPrivacy type app claims to provide. Once rooted, apps like XPrivacy provide a complete false sense of security. Given you need root to use them... they provide no real security at all.
A completely valid scenario (one we have seen in the wild): An app with 0 permissions, but the ability to use su could download and dynamically execute new code to perform the malicious activities. IE Google bouncer, and any anti virus software would be @#[email protected] out of luck on that one. All because a user decided to completely break the basic security model, by installing su.
The only customized version of Android I use, is a customized emulator I use for analysis, and that only used when I suspect something could damage an actual test device.
I do not mess with customized versions of Android on real hardware, I only build when testing patches I plan to push to the AOSP gerrit for review.
Click to expand...
Click to collapse
Well I stand corrected.
Apologize if I'm resurrecting an oldie but this is a topic I've been contemplating for a while now. I used to root, looking back to my old OG Droid days. But I find newer devices sufficient as to not root anymore (mostly). I'm currently debating rooting a Samsung Tab S 8.4 to remove Touchwiz and hopefully speed some things up and maybe further control the CPU.
If the user is rooted and they only install apps from the marketplace that are known to be safe (I assume)- i.e.- not downloaded from some misc internet site and from "non-trusted sources," would this still be able to happen?
- "Any developer, in a matter of minutes, put together a root app requesting 0 permissions, that can gain permissions or otherwise use APIs requiring permissions at runtime without declaring them, and disable or work around any "security" any XPrivacy type app claims to provide. Once rooted, apps like XPrivacy provide a complete false sense of security. Given you need root to use them... they provide no real security at all."
I guess I'm just not sure how google approved apps, or if they even do. And what's the process of showing app permissions in the Play Store these days, since permissions are front and center when you download an app. Do dev's just flag permissions on their own will or is it built into the Android code? I would ASSUME the android code when posting to Play Store decides permissions for the dev. I would be horrified if Android relied on good will for people to post permissions solely from the dev's input.
I could be completely wrong
But as I understand dev a pick the permissions they need for the app to work correctly. They declare the permissions they need to the Android system. And then they can only use those permissions and no others. However they don't need to use all of the permissions but they can if they want to.
Btw apps from google play are in no way safe.it has no bearing if you do or don't have apps from unknown sources on your device. fact is google in no way checks the source code of apps on the play store.now maybe the run a virus checks but honestly that means nothing as moron could code in malicious code that would not trigger a scanner (and Trojans are far more prevalent for Android than viruses). If the source code is not available then no one knows what an app could be doing.
90% of my apps come from fdroid, who builds everything from source.
In the discussion above I should also note (but could be wrong about this completely) that system apps (the ones that come with your phone) all have root(administrator) permissions by virtue of being system components.
So rooting may decrease your security but personally I think factory roms are far too unsecure to start with and will never have a device that is not rooted. The benefits far out weight the risks for the careful user. Until such time as the source code is released.
Unless you trust google, face book, Samsung, Twitter, and a host of other baked in developers who get to put apps on your phone at the factory.
Or Apple who has their own way of making money off your every move, or microsoft with win 10 that also sells your habits.
jcase said:
Rooting a device greatly decreased the overall security of the device. You are breaking the basic security design of Android, you are incorporating new code (mods etc) from developers who may not be properly trained, many who jsut copy past code from elsewhere without understanding what exactly is going on. Potentially (almost certainly with most custom roms) introducing new vulnerabilities.
I'm going to have to flat out disagree. Once you have rooted your device, security has greatly been decreased. What would be a minor vulnerability in a normal app, can become a huge vulnerability in an application that has been granted permission to use root. Same goes for the Superuser control application.
Click to expand...
Click to collapse
This alone is enough for me to stay away from root and its capability to make things worse in my end. Thank you for the professional input on this.
Without root you can't add any security to Android. Which has very little security to start with. Permissions are vague and can't be denied on a per app basis short of not installing the app.
System apps have no way of being removed without root unless you do it before flashing, and without root you can't do a complete backup of your system.
Even if you don't root a device yourself Trojans can gain root with many of the same exploits, root themselves and cause whatever havoc they desire.
An app only gets root if you allow it even after rooting your device. It will pop up and ask you if you want to allow or deny or always allow or deny. a Trojan that can create root will do can do it regardless if you root your device yourself, I have no idea if such a Trojan tried to get root if supersu, or superuser will pop up and ask.
A firewall requires root and that alone is worth rooting for me.
But then I have very few apps that I allow online.
Can root cause serious damage to your device? Yes
Can you administrator your device without root? No
Every Linux has root capabilities,
if you own it you should be able to administer it to the best of your abilities and to do that you need root.
Custom Roms are updated far more often that oem roms and as such generally have the newest fixes and updates for security.come that to factory roms that may update once or twice in their expected lifetime, regardless of how many security holes are found in the rom.older devices(read older as a synonym for 2 years old) may never get another update and the only way to protect yourself with out a custom Rom is to buy a new device.
For example Android 5.01 has a major memory leak.and even with that and other bugs and security issues Samsung had not updated the north American galaxy s5 (just over a year old,) above 5.01 yet and may not until marshmallow comes out (Which will mean almost a year after the security and memory leak were found). And until then you walk around using a device with major security issues and a major memory leak.
XPrivacy is not about Security. "Security" is never linked to Xprivacy on Github. "XPrivacy can prevent applications from leaking privacy-sensitive data". Saying the opposite is a lie.
Whether you have root access or not you can almost do nothing against serious attacks BUT having root access allows you to control some things like Internet connection, restricted access,...
Finally do not confuse Custom ROMs and Root. You can run a custom rom without root and vice versa. As explained above custom ROMs are more updated so you can enjoy more patches and new security features like SElinux.
Kayak83 said:
Apologize if I'm resurrecting an oldie but this is a topic I've been contemplating for a while now. I used to root, looking back to my old OG Droid days. But I find newer devices sufficient as to not root anymore (mostly). I'm currently debating rooting a Samsung Tab S 8.4 to remove Touchwiz and hopefully speed some things up and maybe further control the CPU.
If the user is rooted and they only install apps from the marketplace that are known to be safe (I assume)- i.e.- not downloaded from some misc internet site and from "non-trusted sources," would this still be able to happen?
- "Any developer, in a matter of minutes, put together a root app requesting 0 permissions, that can gain permissions or otherwise use APIs requiring permissions at runtime without declaring them, and disable or work around any "security" any XPrivacy type app claims to provide. Once rooted, apps like XPrivacy provide a complete false sense of security. Given you need root to use them... they provide no real security at all."
I guess I'm just not sure how google approved apps, or if they even do. And what's the process of showing app permissions in the Play Store these days, since permissions are front and center when you download an app. Do dev's just flag permissions on their own will or is it built into the Android code? I would ASSUME the android code when posting to Play Store decides permissions for the dev. I would be horrified if Android relied on good will for people to post permissions solely from the dev's input.
Click to expand...
Click to collapse
Go to F-Droid or fossdroid instead of Google Play to avoid crappy apps and unwanted connections. Apps on F-Droid are safer. Google has an automatic system to scan apks when they are uploaded but it doesn't detect everything... Be sure that if you didn't update the version number of your apk you will be blocked though lol
Permissions are stored in the AndroidManifest.xml. If the developer doesn't want to state the permissions he needs then nothing will be shown into the Manifest. That's why it's important to use 3rd party apps to control what apps really do.
Would never use my phone without a firewall installed. I want to have control over what apps can access the net and which cannot.
So rooting is a must for me.
Have no gapps installed and privacy is important to me.
Semseddin said:
This alone is enough for me to stay away from root and its capability to make things worse in my end. Thank you for the professional input on this.
Click to expand...
Click to collapse
And you'll be 100% wrong. You are getting a bad advice from someone who sounds like he works for Google. He is wrong and he knows it...
Your system apps have root whether you like it or not. So, they can do whatever Google wants them to do. And they can do it silently. So, the question is are you going to have control over your device or google? Without root you can't; with root you can if you know what you are doing. Your main security threat comes from Gapps and the infamous google services framework, which spies on you and regularly transmits home (google servers) your every activity. That has to go and for that you need root. Custom rom vs stock. Custom roms don't have Gapps and gsf, so that puts them on pedestal, as compared to stock. Stock rom is android plus manufacturer's bloat which also spies on you and wastes battery. Custom roms don't have gapps and they are open source (like Linux). Have you ever heard about viruses on Linux? Maybe 2 or 3, but thousands in other OSs. As another user noted, linux (on which android is based) has root. So is any major OS. Root is just a key to control your device. It can be set up to restrict everything, even system apps, so the point that having root reduces security is invalid except for one situation, when you don't know what you are doing. Do you want incompetent and malicious evil Google to own your phone? If you do, stay away from root.
optimumpro said:
And you'll be 100% wrong. You are getting a bad advice from someone who sounds like he works for Google. He is wrong and he probably knows it...
Your system apps have root whether you like it or not. So, they can do whatever Google wants them to do with your device. And they can do it silently. So, the question is are you going to have control over your device or google? Without root you can't; with root you can if you know what you are doing. Your main security threat comes from Gapps and the infamous google services framework, which spies on you and regularly tramsmits home (google servers) your every activity. That has to go and for that you need root. Custom rom vs stock. Custom roms don't have Gapps and gsf, so that puts them on pedestal, as compared to stock. Stock rom is android plus manufacturer's bloat which also spies on you and wastes battery. Custom roms don't have gapps and they are open source (like Linux). Have you ever heard about viruses on Linux? Maybe 2 or 3, but thousands in other OSs. As another user noted, linux (on which android is based) has root. So is any major OS. Root is just a key to control your device. It can be set up to restrict everything, even system apps, so the point that having root reduces security is invalid except for one situation, when you don't know what you are doing. Do you want incompetent and malicious evil Google to own your phone? If you do, stay away from root.
Click to expand...
Click to collapse
Thank you for your detailed answer but if i am not mistaken, are you suggesting that a custom rom made by a 3rd party hobbiest developer is more secure than oem's firmware ? If so, i will continue to be mistaken.
Semseddin said:
Thank you for your detailed answer but if i am not mistaken, are you suggesting that a custom rom made by a 3rd party hobbiest developer is more secure than oem's firmware ? If so, i will continue to be mistaken.
Click to expand...
Click to collapse
Most of the time the answer is yes. Also, you could be a developer yourself meaning you can compile your rom from sources with your own modifications. OEMs have user's security on the back burner. Their goal is to monetize the user and in case of mobile devices, there is no way to monetize the user without compromising security. The beauty of a published source code is that anyone could examine it and they do (even if it is not you yourself). Look at businesses: the majority of them use neither windows nor apple. They use Linux, because linux does not monetize the user and it is open sources and by the way, it is maintained by "hobbiest" developers. And naturally, because of this Linux has a vastly superior security and virtually no viruses.
Google is malicious and incompetent, but luckily, Android is based on linux and most of the code there is from linux.
This is of course a separate from root issue, which remains simply an issue of control: whether you want to be in control of your device or not. You can't name any OS that does not provide root to the user out of the box... Just because some (or most) smart phone dumb users don't know what they are doing does not mean that everyone should be denied root on their devices... And by the way, most Google engineers also don't know what they are doing and had it not been for Linux and the community at large, google wouldn't be able to produce anything that moves...

security concerns migrating from iOs to Android

As title suggests, coming from a so called "clean" iOS environment to Android, my main concern how susceptible is my data to being stolen. I have no (current) plans to root my next phone and will be used mainly from business, but from what I have read in the past even google play store apps have been to known to have malicious content. Am I worrying too much ? I do carry sensitive work data on my iPhone.
applefag said:
As title suggests, coming from a so called "clean" iOS environment to Android, my main concern how susceptible is my data to being stolen. I have no (current) plans to root my next phone and will be used mainly from business, but from what I have read in the past even google play store apps have been to known to have malicious content. Am I worrying too much ? I do carry sensitive work data on my iPhone.
Click to expand...
Click to collapse
As long as the apps you install are from known sources (i.e. Play Store) you don't need to worry. Also every time you download an app check the permissions. If you think that the app shouldn't have those permissions then don't download it. Finally for safety reasons never install any apps from unknown sources (i.e. outside of Play Store) unless you trust the developer.
If you still find yourself worrying read this.
applefag said:
Am I worrying too much ?
Click to expand...
Click to collapse
Yep
I think you won't install any app outside Google Play so install apps that you know and you won't need to worry. FYI http://en.wikipedia.org/wiki/Security-Enhanced_Linux
kalpetros said:
Also every time you download an app check the permissions. If you think that the app shouldn't have those permissions then don't download it.
Click to expand...
Click to collapse
Well only if you are sure. Sometimes apps need permissions that aren't justified for some people.
for the open nature of the android ecosystem, it is somewhat normal that you will have to be careful though there are several different techniques, i use this the most.
Root your phone, install xposed framework and install xprivacy. here is a review of what it does http://www.xda-developers.com/android/manage-individual-app-permissions-with-xprivacy/ . I know the installation pprocess may seem daunting, but it is easier than you think this module wil allow you to block apps of certain permission. IE. you can block location service for all the apps on your phone so that no app can get your location. There are bunch of other permissions that you can block like access to contact, gallery etc
My question to others is : Is antivirus application on android worth it? I mean can it protect me from real time attaks and malwares??
SaffatBokul said:
My question to others is : Is antivirus application on android worth it? I mean can it protect me from real time attaks and malwares??
Click to expand...
Click to collapse
Not useful IMO. FYI I remember this article.
User sensibility is your best defense. Don't install apps not from the market. Only install apps with a lot of positive comments.
I would advise again rooting your phone. It's true that there are ways to block apps from accessing your private data on a rooted phone, but the additional vulnerability from unlocking your bootloader and rooting is not worth it. Just stick to apps from major developers.
snapper.fishes said:
User sensibility is your best defense. Don't install apps not from the market. Only install apps with a lot of positive comments.
I would advise again rooting your phone. It's true that there are ways to block apps from accessing your private data on a rooted phone, but the additional vulnerability from unlocking your bootloader and rooting is not worth it. Just stick to apps from major developers.
Click to expand...
Click to collapse
I agree, rooting your phone comprimises your security even if you do it to install security apps.
Primokorn said:
Yep
I think you won't install any app outside Google Play so install apps that you know and you won't need to worry.
Click to expand...
Click to collapse
Unfortunately, new apps in Google Play are rarely verified by Google staff, so there is still always a possibility of trojan or other malware.

Axis Bank app not working after root

Hi devs,
Since I have rooted my device with magisk my axis Bank app says we don't support rooted phone and it doesn't open. Is there a work around for it.
gunmanrishi said:
Hi devs,
Since I have rooted my device with magisk my axis Bank app says we don't support rooted phone and it doesn't open. Is there a work around for it.
Click to expand...
Click to collapse
Did you root with Magisk? If so, use Magisk Hide feature and check the Axis Bank app. It should start working again.
gunmanrishi said:
Hi devs,
Since I have rooted my device with magisk my axis Bank app says we don't support rooted phone and it doesn't open. Is there a work around for it.
Click to expand...
Click to collapse
AFAIK In android each app is installed as different user(from Linux system point of view).
Each user(app) has and runs in its own space. And can not access any other user's data.
Root is the user(app) which can access any user's data.
So any app having root access can access any other app's data which can compromise the security mechanisms used by banking applications. So banking apps refuse to start on rooted phone.
I would advice not to use banking apps on rooted phone.
sandrocks said:
AFAIK In android each app is installed as different user(from Linux system point of view).
Each user(app) has and runs in its own space. And can not access any other user's data.
Root is the user(app) which can access any user's data.
So any app having root access can access any other app's data which can compromise the security mechanisms used by banking applications. So banking apps refuse to start on rooted phone.
I would advice not to use banking apps on rooted phone.
Click to expand...
Click to collapse
If banking app builds its security on this fact, then I wouldn't use it at all. Many banking apps run completely fine with enabled root, some are just more cautious (or paranoid). Just think about security on a Windows PC (admin account, unsecure browser, internet banking in flash ..) - you have no restriction from bank, why should you accept it on a phone?
_mysiak_ said:
If banking app builds its security on this fact, then I wouldn't use it at all. Many banking apps run completely fine with enabled root, some are just more cautious (or paranoid). Just think about security on a Windows PC (admin account, unsecure browser, internet banking in flash ..) - you have no restriction from bank, why should you accept it on a phone?
Click to expand...
Click to collapse
I don't have any experience on windows 8 and 10, and do not know about any banking app for windows 7.
If we are running something as Admin and are able to access app's data(not common data folders like program files or login user data) we are screwed up. In that case most of the DRM protected contents also shall not work. I am not sure pre-installed DRM keys also work as usual after rooting your android phone.
Again every OS architecture is different and I am talking about android which uses Linux kernel.
Root access is not something about tuning your OS or phone, It comes with much more responsibility.
Root access to one wrong app can screw up many things. Off course you know all this jargon since you are senior member on this forum and I don't need to tell you this.
In Windows all apps can read other apps data, under the current user. They don't need admin access for that. Yet nothing is compromised I guess that Windows/Linux/Android banking apps use good cryptography and preventive measures, so even if someone gets access to the data, be it settings or network packets, you are safe. I am absolutely confident in using banking apps with root, however not so much with apps requesting accessibility permissions or Xposed modules. Those two can IMHO potentially do much more harm.
Long story short, use your brain, don't install everything you find on the Internet, don't allow all permissions without thinking and don't use shady public Wifi hotspots.

Root level questions

When u Jailbreak an iPhone and get root level access, these is a root level password such as 'alpine' for the apple, is there a default root level password for Android, if so can i change the root password so that my phone can be secure?
Being that the Android operating systems is open source, does that make it more vulnerable especially being that it is rooted?
Is there way to make your phone more secure after root, such as a application or something i can do?
Is it possible to tether over VPN connection natively, not through a application, or is there a application i can install that add a option to the phone to tether over VPN?
I am not aware of a special password after rooting. Most people use Magisk root manager now, which I have never used. I have not rooted since the SuperSU days and I don't recall if it had an option to grant root access with a password or not. Magisk might.
Your phone still has a password to access it (or the fingerprint sensor). Root permissions are granted on a per app basis and you get a popup prompt every time an app requests it. You should only grant access to apps that you trust. If you grant root access to an untrusted or malicious app it can compromise your phone and do things without your knowledge because it has root level permissions (install other apps, change settings, etc).
I am unsure on the VPN question. You can setup your phone to use a VPN so I assume it would use that connection when another device is tethered to it, but I have never tried it so I am not sure.
You can set up Magisk to use a fingerprint confirmation.
Dasin said:
When u Jailbreak an iPhone and get root level access, these is a root level password such as 'alpine' for the apple, is there a default root level password for Android, if so can i change the root password so that my phone can be secure?
Being that the Android operating systems is open source, does that make it more vulnerable especially being that it is rooted?
Is there way to make your phone more secure after root, such as a application or something i can do?
Is it possible to tether over VPN connection natively, not through a application, or is there a application i can install that add a option to the phone to tether over VPN?
Click to expand...
Click to collapse
Short answer, no, rooting on Android does not work the same way as jailbreak for iPhones. As people have alluded to, magisk is used to gain root access to the device without tripping Google's safety net protocol. In the magisk app, you must manually allow any application that wants root access (similar to the prompt you get on Windows before installing a program or changing system settings).
There is also another level of security where an app can only gain root access when you use your finger print. Or you can allow root access on a per use basis, requiring manual permission each time root is required.
Thank you call for the information, i plan on getting the Pixel 3XL, im sick of waiting on the Jailbreak community to get a stable Jailbreak out for IOS, every jailbreak since IOS 9 has been unstable and im just sick of it, so im going over to android, thats the first smart phone i ever had, so im going back to it.
Is there a application i can install once rooted that i can tether over VPN, like a native option through the settings, and not through a application.
Is there a application i can get that gives me the ability to run apps in the background indefinitely, not like how the battery save keeps apps from sleeping, a true way to keep application active in the background.
Dasin said:
Thank you call for the information, i plan on getting the Pixel 3XL, im sick of waiting on the Jailbreak community to get a stable Jailbreak out for IOS, every jailbreak since IOS 9 has been unstable and im just sick of it, so im going over to android, thats the first smart phone i ever had, so im going back to it.
Is there a application i can install once rooted that i can tether over VPN, like a native option through the settings, and not through a application.
Is there a application i can get that gives me the ability to run apps in the background indefinitely, not like how the battery save keeps apps from sleeping, a true way to keep application active in the background.
Click to expand...
Click to collapse
The battery optimizer menu let's you select which apps are ignored so they can keep running in the background. Honestly, even with it enabled, I've found most apps still do what they want.
I do not think it is currently possible to tether over a VPN natively (if you don't believe me, compare the results of ifconfig.co from your phone and a tethered device while a VPN is activated); that is certainly something you'd need an app for.
korockinout13 said:
I do not think it is currently possible to tether over a VPN natively (if you don't believe me, compare the results of ifconfig.co from your phone and a tethered device while a VPN is activated); that is certainly something you'd need an app for.
Click to expand...
Click to collapse
Is it possible to get a app developer to make an app that can put a option like that in the settings on the Pixel, like a app developer that can make it natives on the operating system.
So pretty much when u root your phone, its just giving (You) the user access root access to the device. If im not mistaken, and please correct me if im wrong.
Non Rooted phones are safer because (You) the user cant give apps root level access ( Giving the OS to determine what is safe and needed to give root level access)
Rooted phones are not that safe because, and not limited too. (You) the user, can give any app root level access, in that, u may give a app root level access that may mess up your phone.
Is that the basis of the security of rooted vs non rooted?
The bootloader being unlocked, how does that make your phone less secure VS its being locked
Dasin said:
So pretty much when u root your phone, its just giving (You) the user access root access to the device. If im not mistaken, and please correct me if im wrong.
Non Rooted phones are safer because (You) the user cant give apps root level access ( Giving the OS to determine what is safe and needed to give root level access)
Rooted phones are not that safe because, and not limited too. (You) the user, can give any app root level access, in that, u may give a app root level access that may mess up your phone.
Is that the basis of the security of rooted vs non rooted?
The bootloader being unlocked, how does that make your phone less secure VS its being locked
Click to expand...
Click to collapse
http://www.differencebetween.net/ob...ce-between-rooted-vs-unrooted-android-phones/
---------- Post added at 08:28 PM ---------- Previous post was at 08:13 PM ----------
Badger50 said:
http://www.differencebetween.net/ob...ce-between-rooted-vs-unrooted-android-phones/
Click to expand...
Click to collapse
http://www.differencebetween.info/difference-between-rooted-and-unrooted-android-phones
https://www.extremetech.com/computi...tloader-and-why-does-verizon-want-them-locked
Thanks so much for your help with this.
Badger50 said:
http://www.differencebetween.net/ob...ce-between-rooted-vs-unrooted-android-phones/
---------- Post added at 08:28 PM ---------- Previous post was at 08:13 PM ----------
http://www.differencebetween.info/difference-between-rooted-and-unrooted-android-phones
https://www.extremetech.com/computi...tloader-and-why-does-verizon-want-them-locked
Click to expand...
Click to collapse

Root without unlocking bootloader?

Does this possibility exist? I'd like to be rooted, but with an intact bootloader in terms of Google safetynet, since I always use rooted but stock for my device software, I never bother with custom ROM. So I don't even *need* the unlocked bootloader that standard rooting methods automatically do
I've noticed more apps detecting root via bootloader as I have the soft safetynet pass via magisk working successfully at current. But certain apps, mainly games, some banking, but even down to a product barcode scanner, saying my device is incompatible. But it's not referring to my OS version. The play store allows proper download, but on that first run its no dice at the splash screen. One app or 2 i could make due with but it's several now and likely just going to grow.
The only things I use root for is full removal of bloat system apps I won't use, and disabling certain processes of a couple apps I do use (but I've done that to none of these that arent working, this is not user error here)
My other option I would guess is totally remove all capacity to check for safetynet at the system level, or spoofing a legit boot loader which I'm assuming is impossible if it's not widely shared by now
Any help is much appreciated!!
Rooting a device's Android DOES NOT REQUIRE device's bootloader gets unlocked.
Not worth pursuing at all, especially since you run on signed stock ROMs.
Apps have indeed become smarter in detecting rooted devices but as of now you should still be able to pass Safetynet and hide practically all apps with the latest SafetyNet Fix 2.1 patch (assuming you're rooted with Magisk) in conjunction with Riru, LSPosed and XPrivacyLua. Below is a well written guide on the actions required.
With the above in place + hiding/disabling tracking of your individual apps (required for the toughest apps to pass), you should be able to get around getting detected. And no, you won't lose any noticable performance or battery hits by running this framework on your device.
Finally, some banking (and other) apps have started banning devices that are detected with root once, they use the same technique games use when banning you. They register the unique permanent Android ID (SSAID) assigned to the app. However, with root access you can pypass that too and unblock yourself - You can give the app a new random ID and clear all data offline and re-launch it (there are several root apps that can do this)
[2023 FIX] Fix Magisk CTS Profile False Error - Bypass Safetynet
Magisk CTS Profile False Error is now popping up on almost everyone's device since Google made some changes in March. To Bypass Safetynet...
droidholic.com

Categories

Resources