Hi Folks,
I hope you guys can shed some light into this, sorry if this is long and if this has been asked I'm sorry but I could not find the answers I was looking for, as some results they sound almost the same and some had not specified enough. So I hope the clever people here can explain a few things before I go ahead.
Background on my Phone (don't know if its relevant or not)
I own an Exynos SM-G970F, on One UI 3.1, June 2021 Update, this was purchased in Australia. Now that my phone is out of warranty I was thinking of installing a custom ROM. The main motivation was to reduce CPU usage and improve battery life.
I have installed a custom ROM and rooted my tablet for practice and it was easy to follow. I gotta say it was phenomenal how it brought back ancient hardware to buttery smooth performance of newer android versions. I wanted this same experience on my daily driver phone and there are some security based questions I would like to know.
Questions
1. First off unlocking the bootloader, I have read that it reduces your security of the phone as this allows hackers to gain access to your phone unlike a locked bootloader. As far as I understand the bootloader is to check if the system partition is a Samsung ROM. So in an unlocked state it will still load the kernel and run the system regardless if the ROM is Samsung or not, am I correct in this?
1a. If that's the case and if I installed the custom ROM and then locked the bootloader I would brick my phone right? as the bootloader is looking for a Samsung ROM but since it can't recognize the ROM it will boot loop.
1b. So in this case how would an unlocked bootloader make it vulnerable apart from accessing the OS? I'm thinking in a real word scenario if I were to lose my phone and someone found it, they could have means of access from an unlocked bootloader? but then again they could have access through custom recovery?
1c. Would it be necessary to lock a bootloader once you install a custom ROM? Do some custom ROM support signing bootloaders?
2. SafetyNet, as far as I understand this is a Google thing? like the app from Play store will check your system for any tampered software before functioning or at least warning the consequences of using the app in a custom ROM, is this right?
2a. So this could lead to some banking apps not working as it requires a SafetyNet pass on your device. But this only happens if you end up rooting your device? I understand Magisk is systemless root so the SafetyNet should pass in theory?
Primarily I'm concerned of the security and privacy of the phone but nothing is perfect, so there has to be some give and take with privacy and security? Though I will lose some privacy as I will install OpenGApps for some applications to work. So security would be the most important thing. What would be some best practices for a daily driver phone on custom ROM?
I imagine that hackers are not interested attacking an individual as this takes a lot of time and energy, unless they are bored or something like that.
Thanks for taking the time to read all this and if you can shed more information that would be great! I would like to learn more before giving the green light for custom ROM on my Samsung S10e.
With the caveat that I'm really bad at Samsung, I'll try to give a couple of answers. Sounds like you have the gist of it though...
Unlocking the bootloader is necessary to install anything custom, yes, and it does reduce the security of the device but mainly if someone has physical access to it. Keeping the device encrypted can help protecting your data though. There are some devices that allow locking the bootloader with custom firmware installed, but those are few. General rule: don't even try. I've seen some talk from people at Google about letting custom ROMs be certified, so that you could lock the bootloader with them, but currently there's nothing like that (that I know of). Once in a while I see people talking about trying to sign their images to lock the bootloader, but IMHBCO it's not worth the effort (if it's possible). If you're going custom, keep the bootloader unlocked.
About SafetyNet, it's an API provided with Google's play services and can be used by apps to check if a device's security has been compromised. Far from all bank apps will be using this and many instead have their own ways of detecting a "tampered" device (more on that below). SafetyNet will trigger from a number of things:
Unlocked bootloader
Custom ROM
Root
Etc...
So, as you see it's not only rooting that will cause you problems. There are ways around it though, mainly with the help of Magisk.
When it comes to what bank apps will detect, that could include a custom ROM, root apps, files on your device, Magisk, etc. They're often much more picky than SafetyNet even...
If you need help with getting SafetyNet and banking apps working on a custom ROM, with Magisk, I've got a few resources and tips collected here:
https://www.didgeridoohan.com/magisk/HomePage
Regarding security and custom ROMs it's pretty much the same as on a stock device. Don't install weird apps from outside the Play Store, don't click links in emails, etc. On to of that, another thing to look out for is SELinux. Don't use a ROM that has it disabled. It's quite important for the security of the OS... And if you do root, be careful with what apps you give root access, since an app with root access can do whatever it wants.
No idea if this cleared anything up or just created more questions. If there are Samsung specific stuff I've gotten wrong or missed I hope that someone that actually knows what they're talking about shows up...
Didgeridoohan said:
With the caveat that I'm really bad at Samsung, I'll try to give a couple of answers. Sounds like you have the gist of it though...
Unlocking the bootloader is necessary to install anything custom, yes, and it does reduce the security of the device but mainly if someone has physical access to it. Keeping the device encrypted can help protecting your data though. There are some devices that allow locking the bootloader with custom firmware installed, but those are few. General rule: don't even try. I've seen some talk from people at Google about letting custom ROMs be certified, so that you could lock the bootloader with them, but currently there's nothing like that (that I know of). Once in a while I see people talking about trying to sign their images to lock the bootloader, but IMHBCO it's not worth the effort (if it's possible). If you're going custom, keep the bootloader unlocked.
About SafetyNet, it's an API provided with Google's play services and can be used by apps to check if a device's security has been compromised. Far from all bank apps will be using this and many instead have their own ways of detecting a "tampered" device (more on that below). SafetyNet will trigger from a number of things:
Unlocked bootloader
Custom ROM
Root
Etc...
So, as you see it's not only rooting that will cause you problems. There are ways around it though, mainly with the help of Magisk.
When it comes to what bank apps will detect, that could include a custom ROM, root apps, files on your device, Magisk, etc. They're often much more picky than SafetyNet even...
If you need help with getting SafetyNet and banking apps working on a custom ROM, with Magisk, I've got a few resources and tips collected here:
https://www.didgeridoohan.com/magisk/HomePage
Regarding security and custom ROMs it's pretty much the same as on a stock device. Don't install weird apps from outside the Play Store, don't click links in emails, etc. On to of that, another thing to look out for is SELinux. Don't use a ROM that has it disabled. It's quite important for the security of the OS... And if you do root, be careful with what apps you give root access, since an app with root access can do whatever it wants.
No idea if this cleared anything up or just created more questions. If there are Samsung specific stuff I've gotten wrong or missed I hope that someone that actually knows what they're talking about shows up...
Click to expand...
Click to collapse
Hi Didgeridoohan,
Thank you for taking the time to comb through my queries and I believe you have answered what I was looking for. So it has dispelled any myths and misconceptions of custom roms.
Personally I use the phone most and my significant other uses my phone for some games. So physical access is not likely to fall in the hands of someone else unless I lost it. Encrypting the phone is a good safety measure, I assume this is something that can be done in the settings of the OS?
With banking I guess I will have to install and see if it works out, otherwise I don't mind going to a phone web browser and do it that way.
I appreciate your link for further info of Magisk, I will be reading through the page to get better insight.
Regarding SELinux, I had seen this on my phone though it says SE for Android Status and says 'Enforcing' and on the Custom ROM on my tablet in the settings it also says 'Enforcing'. So I can assume that its ensuring the security of the OS.
I didn't have the intention of rooting as I thought I can root at any point in time but if its good practice to do it when flashing the custom ROM please let me know.
I had planned on installing TWRP and use either Lineage or crDroid (kinda leaning to this one). They both are supported on their website so I don't think I will run into issues.
Once again thanks for your help and advice on the custom ROM, I think my questions were broad and it may not be Samsung specific as there are features I know I will lose but have never used when I had the original ROM.
dude777 said:
Encrypting the phone is a good safety measure, I assume this is something that can be done in the settings of the OS?
Click to expand...
Click to collapse
Yes. Just make sure that any ROM you choose is compatible with encryption. And remember that if you ever want to remove the encryption you'll have to wipe the device.
Regarding SELinux, I had seen this on my phone though it says SE for Android Status and says 'Enforcing' and on the Custom ROM on my tablet in the settings it also says 'Enforcing'. So I can assume that its ensuring the security of the OS.
Click to expand...
Click to collapse
Correct. That's the way it should be if you want to keep some security on your device.
I didn't have the intention of rooting as I thought I can root at any point in time but if its good practice to do it when flashing the custom ROM please let me know.
Click to expand...
Click to collapse
You can wait with rooting. If you don't have any need for it, why bother? I use Magisk to hide the fact that I have an unlocked bootloader (and to hide Magisk from some apps), to use a custom hosts file (for adblocking) and for app backups (I use Swift Backup, works great).
Once again thanks for your help and advice on the custom ROM, I think my questions were broad and it may not be Samsung specific as there are features I know I will lose but have never used when I had the original ROM.
Click to expand...
Click to collapse
There are some things you'll lose when unlocking the bootloader on a Samsung, due to the tripped Knox fuse. I can't say much about that though, since I don't do Samsung...
Have fun!
Thanks Didgeridoohan,
This has given me some confidence in going forward with custom ROM. I will make some backups and take measures and if it doesn't work out I can go back but I probably wont .
I've been running LineageOS on my Exynos S10e for a few days now and it's great, better battery life than on Samsung's firmware too from what I can see.
Settings say encryption is enabled. I'm assuming on /data only, I'll have to poke around as I've been away from Android for a while and I haven't been keeping up with what's going on.
I had to use the Magisk props module (selected the same phone model) to pass SafetyNet and enable Google Pay. Banking apps here in Australia don't seem to care, at least CommBank, Bendigo, AMP by I did select them in MagiskHide just in case.
If you decide to go for it, remove all your accounts before flashing the LineageOS recovery. I didn't and wasn't able to flash recovery until I re-added and removed them (Factory Reset Protection kicked in apparently). Smooth ride after I did this.
If you don't like the LOS gestures use Fluid (FNG), I love how customizable it is. You can hide the navigation bar in Termux by running:
su
props qemu.hw.mainkeys 1
Good luck and feel free to ask me questions if you have any!
Related
Hello!
I have some basic questions about the security of rooted android devices. I'm running Cyanogenmod 11 actually on my SGS3. Of course I rooted it to install custom Recovery and ROM. So is there any possibility for an App to get Root Access without recognition?
I dont need the Root access anymore, I only wanted to install Cyanogenmod and thats it. What to do to fully unroot Cyanogen?
Another question:
If i have enabled "only install from trusted sources" am I safe? Or could there be sort of drive-by-downloads for example on this site sometimes i get the pop-up "your phone has (13) viruses, click ok ...".
Yeah thats it, I'm a little bit paranoid especially according to my passwords, are they safe!?
Thanks a lot and Greets from Germany!
Can anyone help me?
RedMr said:
Hello!
I have some basic questions about the security of rooted android devices. I'm running Cyanogenmod 11 actually on my SGS3. Of course I rooted it to install custom Recovery and ROM. So is there any possibility for an App to get Root Access without recognition?
I dont need the Root access anymore, I only wanted to install Cyanogenmod and thats it. What to do to fully unroot Cyanogen?
Another question:
If i have enabled "only install from trusted sources" am I safe? Or could there be sort of drive-by-downloads for example on this site sometimes i get the pop-up "your phone has (13) viruses, click ok ...".
Yeah thats it, I'm a little bit paranoid especially according to my passwords, are they safe!?
Thanks a lot and Greets from Germany!
Click to expand...
Click to collapse
First, how do you define 'safe'? Nothing is ever really 'safe'.
I'm not sure if it is possible for an app to get root permissions without having the device 'rooted' first.
If you see your device restart(ed), it could have been done by some exploit in an app. But you have to have downloaded and run that app first. But don't rely on my answer on this one, my knowledge of this is not enough to give you an proper satisfying answer.
To unroot your phone just bring the phone back to factory state. This will reset everything on your phone back to normal.
If you want to be really sure, flash the original rom with KIES, which will restore your phone back to it was when you bought it.
Then put some recovery on it like TWRP or CWM and install CyanogenMod with it.
Maybe you could even use the stock Samsung recovery to install CyanogenMod, but I've never tried this so I am not sure this will work.
For the 2nd question:
The popups you are referring to are probably just advertisements. The same crappy things you get on a pc without an adblocker.
But for an adblocker to work, you probably need root.
From my perspective, there is no really being 'safe' without taking the necessary security precautions, but in most cases they require root access to work properly.
About your passwords:
If you are really paranoid about them being stolen from your phone, don't store them, period.
I would suggest AFWall+, which is a firewall based on IPTables (which are fully configurable to your own liking) and don't give any apps internet that don't need it.
Hope I could be of some assistance.
Just got this device so I'm extremely new to this, and while I'm aware of the rooting process and etc, I was wondering if my model can support flashing full on AOSP roms like Lineage or Slim?
I'm not 100% sure, seeing as how there's an entire Sprint section for roms, however I've seen 2PZC5 users report here:
https://forum.xda-developers.com/u11/development/rom-slim7-t3656985
using the rom just fine, so I'm kind of confused.
Any clarification would be appreciated!
No signal on sprint/Verizon/dualsim and inconsistent on usa wwe.
shivadow said:
No signal on sprint/Verizon/dualsim and inconsistent on usa wwe.
Click to expand...
Click to collapse
So I should avoid AOSP roms and stick to stock roms/sprint roms?
For now, yes.
shivadow said:
For now, yes.
Click to expand...
Click to collapse
Alright, thanks for clarifying.
A few more thing I'd like to clarify:
I've been looking into the open nature of this device, and I was wondering a few things:
I've looked into S-OFF, does it at all heavily affect casual use of the device (as in ROM flashing, rooting, etc?) or does it only affect developers?
If S-OFF is important, in the future will it be mandatory to get that $25 tool in order to achieve utilizing anything on the device?
You mentioned "For now", does that mean to suggest that the Sprint variant/sprint modem/network will eventually be universally compatible with every other rom for this device or is it dependent on what sprint/HTC releases for that specific variant?
S-on is a security flag to lock the system partition from any permanent changes. So if you were to copy a file to the root of the phone it might take but after a reboot the change will be gone as if it were never done. To prevent the changes from resetting you need s-off to remove the security flag so the system partition becomes writable and changes are kept.
S-off is not developer orientated as developers develop on pc's and laptops then port it to the needed format. S-off is more about circumventing security that the manufacturer put there to stop you bricking it from doing silly things to it like flashing untested firmware and using said firmware to facilitate theft. It's long winded and quite political.
So to cut a long story short, s-off is needed if you want to change any part of the firmware that is loaded onto the device permanently.
As my own personal opinion, should you wish to mess with firmwares, even though s-off is not absolutely necessary to flash custom roms, s-off is essential as it opens up more options to a recoverable device BUT it is a double edged sword. You can also permanently brick your phone should you not know what you're messing with.
As for AOSP, it is a new concept for the U11 so it will have issues. The issues will be ironed out over time with the most critical issues being addressed first. You might find that in a week it is fully functional as a daily rom but in turn you might not, it may take weeks. But it will be done!. It depends on how important the devs see it.
The modem etc is the firmware, not the rom. If you change rom it wont change firmware, in fact the rom has to be compatible with the firmware it will go on to.
Just keep your eye on the progress and see if it changes. For now the rom runs but no cell signal to sprint or verizon with choppy signal on the unlocked us variant.
Hi guys, I need advice about rooting. I own this fantastic phone from its release, I've never used a cell phone like this, I'm so satisfied, the oxygen os is phenomenal.
Returning to the question, its worth rooting this phone? I personally all the cell phones I had before, I have always rooted them, but with this I am a little hesitant. I had thought of rooting it to have the aux cameras on Gcam that i use alots and for playing PoGo doing spoof gps. My real question is:What would I lose by unlocking the bootloader, flashing the twrp and installing magisk? If im not wrong, only Netflix HD right?
Do you advise me to do it?
Edit: Outside of the above reasons, I don't need to root my 7 pro. If I decided to do it, would I still receive updates via OTA?
Thanks in advance
You do not need to do Ask me a comment because the rom of op 7 Pro He is already good, but if you like to play a game or want to test a custom ROM, you must root it.
riioKen said:
Hi guys, I need advice about rooting. I own this fantastic phone from its release, I've never used a cell phone like this, I'm so satisfied, the oxygen os is phenomenal.
Returning to the question, its worth rooting this phone? I personally all the cell phones I had before, I have always rooted them, but with this I am a little hesitant. I had thought of rooting it to have the aux cameras on Gcam that i use alots and for playing PoGo doing spoof gps. My real question is:What would I lose by unlocking the bootloader, flashing the twrp and installing magisk? If im not wrong, only Netflix HD right?
Do you advise me to do it?
Edit: Outside of the above reasons, I don't need to root my 7 pro. If I decided to do it, would I still receive updates via OTA?
Thanks in advance
Click to expand...
Click to collapse
Your data would be wiped unlocking the bootloader, as I'm sure you know. Your are correct about Netflix, but there are a million free streaming apps to choose from. Magisk has a repo of modules that you could use and there's a few custom ROMs that are magisk versions. Magisk can hide from apps if need be. You can make your device faster and more battery effecient with custom kernels and it wouldn't affect OTAs aside from downloading the full zip rather than an incremental version. There are plenty of instructions on xda for updating with twrp and magisk to keep root. I have been rooted with my OP7Pro since the first hour I had the device. You also have Swift backup for apps, messages and call logs, so you could restore them to a new device as well if you root it also. You can block ads better with root, use viper4android for a superior sound experience and create a nandroid backup to restore it to a previous state if something should go wrong.
I will take delivery of a new Pixel 3a later this week. I will thoroughly read through “How to root the Pixel 3a with or without twrp & take OTA updates once rooted” and “How to Root Your Pixel 3a and Install Magisk (on Pie & Q) with or without TWRP”. But before unlocking bootloader and rooting should I accept all updates first during the initial setup?
MrTooPhone said:
I will take delivery of a new Pixel 3a later this week. I will thoroughly read through “How to root the Pixel 3a with or without twrp & take OTA updates once rooted” and “How to Root Your Pixel 3a and Install Magisk (on Pie & Q) with or without TWRP”. But before unlocking bootloader and rooting should I accept all updates first during the initial setup?
Click to expand...
Click to collapse
Yes
bejunk said:
Yes
Click to expand...
Click to collapse
Thanks. The little reading I have done so far, it sounds like you can not flash or boot TWRP in Android 10. Won't all the updates take me to 10? I will want to back up my ROMs.
MrTooPhone said:
Thanks. The little reading I have done so far, it sounds like you can not flash or boot TWRP in Android 10. Won't all the updates take me to 10? I will want to back up my ROMs.
Click to expand...
Click to collapse
Oh, i forgot as i dont use TWRP anymore.
Yes TWRP only works on Android 9.
However you can't install it like in the past time. You can only boot it via fastboot. You need to do this everytime you want to use TWRP. However when i tried it in past times it did not work well afaik, a full backup did not work at all.
So yeah try it with Android 9 first.
But with all the google backups nowadays i dont have the need for a nandroid (twrp backup)...
Especially as you can just reflash the stock image with deleting /data.
Here is the main thread, i think it will be more helpfull than i am https://forum.xda-developers.com/pixel-3a/development/twrp-3-3-1-pixel-3a-t3943413
The very first thing to do is minimal setup so you can enable developer settings and allow bootloader unlocking. That's a sticky setting, so then you can update, factory reset, etc. before actually unlocking the bootloader and rooting. Especially important if you're US/Verizon (don't put your SIM in until bootloader unlocking is enabled).
mike.s said:
The very first thing to do is minimal setup so you can enable developer settings and allow bootloader unlocking. That's a sticky setting, so then you can update, factory reset, etc. before actually unlocking the bootloader and rooting. Especially important if you're US/Verizon (don't put your SIM in until bootloader unlocking is enabled).
Click to expand...
Click to collapse
Thanks. So I read the two rooting threads I referenced above. I have always used TWRP in the past, but seeing it not supported in Android 10, I am considering skipping that. Do you think TWRP will support Android 10 in the future? I am a little nervous making changes without a backup. My plan would be to stick with a rooted stock at first than consider migrating to a custom ROM. Any recommendations are appreciated. Phone will be delivered tomorrow.
bejunk said:
But with all the google backups nowadays i dont have the need for a nandroid (twrp backup)...
Click to expand...
Click to collapse
I am not sure what you mean by "google backups nowadays". Is it the availability of stock ROMs?
MrTooPhone said:
I am not sure what you mean by "google backups nowadays". Is it the availability of stock ROMs?
Click to expand...
Click to collapse
No , I think most people use a TWRP backup because it restores you to a specifiic point with all your apps, user settings and your data in those apps.
Thats why i used it in the past times. Setiing up a phone in the past could be really time consuming and frustrating.
But nowadays, if you use the google backup (in Settings > System > Backup) (and the whatsapp one for messages - thtas the only messenger i use, but every other popular messager has a backup feature now) setting up the phone takes maybe 10 mins when i flash the factory image, it even gets my homescreen layout and my wallpaper back, also my settings. Apps which support that also keep their settings.
In the past i allways had a custom rom, because stock rom sucked. But with the Pixel theres no reason for me to use a custom rom anymore.
About root, i rooted my phone since i first used android, ca. 2010. But now I really dont need it anymore, so i just keep things stock.
---------- Post added at 16:03 ---------- Previous post was at 15:50 ----------
MrTooPhone said:
Thanks. So I read the two rooting threads I referenced above. I have always used TWRP in the past, but seeing it not supported in Android 10, I am considering skipping that. Do you think TWRP will support Android 10 in the future? I am a little nervous making changes without a backup. My plan would be to stick with a rooted stock at first than consider migrating to a custom ROM. Any recommendations are appreciated. Phone will be delivered tomorrow.
Click to expand...
Click to collapse
I dont think TWRP will be supported in the futur on A10. Google locked up /system and some other partitions the TWRP team needs to find new solutions but there id not much hope.
Did you buy your phone unlocked? If yes, the worst part you should be worried about is losing you app data from some apps. You cant really brick your phone. In the worst case you just need to flash a factory image.
You should know that rooting your phone will probably break google pay and banking apps. May i ask what did you want use root for?
I dunno, I really like Lineage OS, but it just feels like a downgraded stock rom.. (I used it before all the time on all phones before getting a pixel).
Also, for every update (monthly) you need to patch your boot.img, flash it, and the apply the update. Its some work which i dont think is worth it anymore.
bejunk said:
May i ask what did you want use root for?
Click to expand...
Click to collapse
Thanks for the detailed reply. I am coming from a MotoG3 (rooted stock), a 2015 era phone. So a lot has changed. I really have not seen a mid range phone I really liked, so I jumped on the P3a when I heard the news they were being discontinued.
I use root mainly for Adfree, SD-Maid, and Titanium Backup. I used to use Cerberus until the developer reneged on a lifetime subscription. I don't mess with the system apps much, but I do keep a few apps frozen except for the times when I seldom need them.
Magisk is the best way to root your phone as it still passes the SafetyNet check and google pay and banking apps continue to work. There is an excellent thread here on how to do it.
[Guide] How to root the Pixel 3a with or without twrp & take OTA updates once rooted
Every month, I "uninstall" magisk (which really just restores the original boot files) and sideload the latest update, then I install the magisk-patched boot.img and my phone is rooted again.
To be honest, I don't miss twrp at all. adb and fastboot are all that's needed. The backup in android 10 is perfectly sufficient.
This phone is practically impossible to brick. I love my Pixel 3a, except for the one problem I had when the bottom speaker died and I had to have it repaired under warranty at the local ubreakifix in less than an hour.
MrTooPhone said:
Thanks for the detailed reply. I am coming from a MotoG3 (rooted stock), a 2015 era phone. So a lot has changed. I really have not seen a mid range phone I really liked, so I jumped on the P3a when I heard the news they were being discontinued.
I use root mainly for Adfree, SD-Maid, and Titanium Backup. I used to use Cerberus until the developer reneged on a lifetime subscription. I don't mess with the system apps much, but I do keep a few apps frozen except for the times when I seldom need them.
Click to expand...
Click to collapse
Yeah, I had that phone too It was pretty good for its time. I even replaced the screen once, but its really complicated on that phone... To your needs:
Adfree: you can setup a custom DNS server (i think it was adguards one) in the settings menu which will block all ads, so no real need anymore for adaway or root for this. Just google a bit.
Titanium backup: I does not work so well is what i heard and like said nowadays most apps backup over Google backup. With Android11 it will get even harder as /data partition is even more protected now. Not really worth it imho.
Froze system apps: Pixel Android is really barebones. The few apps which i dont need (like Google Music/Video PixelBuds app etc) you can just disable them in the settings. This will freeze them, its like uninstalling them, they wont show up at all.
SD Maid is great but only rooting it for using it, is not worth it. You can clear the cache of the apps which hoard a lot of data by yourself. Also, when you uninatll an app, it asks you if you want to delete your userdata as well. The phone takes care of the rest.
Cerberus: If you keep your bootloader locked, when your phone gets stolen, nobody can access your phone. Even if they reflash it, on first boot it will ask to login to the gmail last time set up. Theres no workaroud. Google aslo has a find my device thingy, wher you can track or delete your device remotly.
I would suggest to use your phone unrooted for some time, and if you really need to root it for something, you can still do it.
Welcome to team Pixel, mate!
(sorry my grammer im to lazy to double check it...)
@bejunk Just a not to say thanks again. I took your advice and did not root. However, I did flash with GrapheneOS and then re-locked the bootloader. Time will tell if I like it.
Need to remove the "security policy prevents..." problem. Rooting?
What? I assume you're device has some sort of company restrictions on it, in which case you shouldn't be messing with it unless you want to get in trouble.
On the other hand, if you bought this phone, or it is officially owned by you now, then the best way to workaround this issue is to unlock the bootloader and flash twrp using Odin on a windows PC. After flashing it, you can try installing magisk using twrp (to root it), though i doubt that rooting will let you workaround the issues. In my opinion, you should find an android 9 or 10 custom ROM which is stable, and flash it to your device. You'll get better battery life, speed, a new and updated look and newer security patches.
If you're looking into doing any of the above, you can find many tutorials online, and its not that hard. Once you install TWRP, the rest is pretty straightforward as it provides a touchscreen GUI and easy flashign support.
I know this answer is a bit late, but if you still have the phone and are looking for a solution then I hope it helps