Exodus, a popular, albeit closed-source, crypto wallet app recently stopped working on my device. After a few days of back-and-forth troubleshooting via support, they somehow realized that my device is both rooted and running a custom, open source, community-supported ROM. They told me this was no longer allowed because it is far less secure than running the proprietary ROM. I countered with both personal testimony (back when I had a Blu phone, and a year later they got kicked off Amazon due to spyware streaming customer data out without consent) and common fact that OEM ROMs are almost always packed full of bloatware and spyware. I countered that installing a reputable open source ROM with only those apps I want and need is better. I argued that root gives me the ability to use AFWall to block outbound access to apps that I don't want having having access to the Internet without my permission. I could have argue that continuing to use a 1-2 year old phone that no longer receives security updates when I could use an open source ROM that does is better. I also provided a few public articles showing how frequently apps from the Play Store and other "OEM" stores are caught abusing their users' trust and performing malicious action. My point was that it's not correct to just automatically assume that having root and using a non-OEM ROM is less secure. That's a falsehood. But that said, I am interested to know what the XDA community thinks about that. And if the XDA community has any facts about custom, open source, community-supported ROMs being more secure than OEM ROMs, I am interested to further arm myself. And of course, I am completely willing to be instructed by the XDA community that indeed Exodus is right and using a custom ROM and having a rooted phone is completely, inherently, automatically more insecure than using an OEM ROM full of bloatware and spyware, not having root so that any rag-tag app can stream data back to home base, and falling behind with security patches because the vendor is either too slow to release or decides my device is no longer worth supporting.
You can't blame them for not troubleshooting unknown firmware. You changed the playing field.
Less mainstream use and support* is one of the disadvantages of custom roms and rooting.
I run stock and use other methods to kill bloatware. Zero brick risk, little down time and they run well.
I'm not saying don't root etc... but you knew the job was dangerous when you took it.
*this can have potentially far reaching and multifaceted implication$
@blackhawk I'm pretty sure it wasn't broken on my phone. One day I opened the app and it said I needed to update to continue using it. So I thought maybe the app just had failed to automatically update from the Play Store. But shortly thereafter I found it wouldn't update. That led to opening support ticket with them which eventually led to them saying it no longer works on rooted devices. Their argument was that they were attempting to protect me. My rebuttal was that I don't want their protection, I want my freedom back. They should focus on making their app as secure as possible and then, if they discover I am running it on a rooted phone, then give me a warning box and force me to accept it but don't just take away my freedom.
The irony of their stance is that they still provide the Linux program. And who doesn't have root access on their Linux computer? Or their Mac or Windows computer, for that matter? I can completely understand if they don't wish to troubleshoot the installation of the Debian package or even the use of the zip on every Linux version out there. I wouldn't either! But that's completely different than saying, "Oh, you have root access to your Linux/Mac/Windows computer? We can't let you use our program anymore." That makes zero sense, and it's the same nonsensical argument they are making for rooted Android phones.
I run stock N10+'s because they're easier to troubleshoot, maintain and it doesn't trip the Knox efuse. I have to add a package disabler and do some optimizing but it's child's play for me to do it at this point.
Unfortunately if you root you're going to have to suck it up and do the work needed to optimize it.
Same thing I do with stock but with more tools at your disposal... after the learning curve.
It's this learning curve, the chance of bricking and the damage that can be inadvertently done to the OS with no access restrictions are some of the downsides. Rooting takes time to learn and perfect. With unlimited power, blah, blah, blah.
I rather just do basic infrequent troubleshooting and have fun... my current load is over 1.5 yo, still fast and stable.
I don't update the firmware because that breaks things. No updates needed once you optimize it and find any needed work arounds... it's good to go. Anything from Pie up is pretty secure; they have some vulnerabilities but in practice this isn't an issue... unless you do something stupid.
Related
I have about two weeks experience with Android OS and as a software developer I will be interested to know the technical details behind the Android OS.
I have already noticed this is possible to upgrade applications ported with the handset's ROM i.e. the Market app. This raised the question to me why can't I uninstall applications from the ROM without rooting or risking my handset's warranty to achieve this?
Is my expectation as a user of computers for 20 years unreasonable to think in 2010 with all software development and technological advances the uninstall feature should have been in Android OS from day one?
This is not exactly like Google is the first company in the world developed an OS to just the lack of experience with what users would want. From what I have seen so far in world of Android is that, the first thing users would want to know how to root their handset to remove packages that they have no use for.
My guess is that Google doesn't want users removing Systems apps. I'm assuming that they think that these applications are core and thus don't want you removing them. Remove the market, no more apps... or way to get it back etc.
Applications installed by you can be uninstalled, I'm just thinking it is the same as in windows, you can't uninstall the task manager etc (Bad example but meh =P)
Very simple - to prevent lay users from removing critical components.
Can you imagine the service costs involved in reparing devices that that have been damaged by people trying to remove bloatware?
They still give you the option to restore.
OK DISREGUARD THIS AS I MISSED THE PART ABOUT NEEDING TO ROOT!
They can be removed but its not recommended to do so without know EXACTLY what your removing and weather is vital to your phones operating system.
BUT in order to do so your phone needs root access, and root explorer installed. There are several forums on just about all android support sites that explain how to root, install the manager, and which apps/files NOT to remove.
J_HaX said:
They can be removed but its not recommended to do so without know EXACTLY what your removing and weather is vital to your phones operating system.
BUT in order to do so your phone needs root access, and root explorer installed. There are several forums on just about all android support sites that explain how to root, install the manager, and which apps/files NOT to remove.
Click to expand...
Click to collapse
Ye u can remove almost every stock app but this may affect the stability of your phone, modifying your phone always comes with the option restoring it back to default. If something goes wrong with moding (something really hard and extraordinary rare ) u can restore it. Browsing through Xda might solve many questions, we all didn't wanted stock rom (not because it was bad, because we can have s omething better. This community has VERY VERY good developers.
Androids own!!!
One thing I still don't get is...
How can Google upgrade Market app without the su privilage but the rest of the world has to root their phones to remove bloatware such as 'amazon mp3'?
@ftgg99: How much bloatware in Windows cost Microsoft or PC manufacturers? None in fact they get paid to include them with your hardware. However, I see an issue with mobile devices. You have already paid for the ROM storage, the bigger ROM size is the more expensive your handset would be, then the manufacturer uses your already paid ROM to make even more money by installing bloatware. I would be a fool to think manufacturers would pass on a percentage of the bloatware earnings by reducing the cost of their products to the consumers in this model.
The way I see it, the burden has been put on the communities such as xda. Users wouldn't ask the manufacturers how to root their handsets and this is left to the dedicated individuals to overcome the mess compnies normally leave us with. I'm not going to say the mess is a cost saving measure by companies.
The thing is that there are a lot more people buy and use phones than computers. After someone buys a smart phone with intention to use for calls, text, web and to use some apps, they realize the possibilities of the smart phone, they start digging in to the files, therefore Google blocked the root folder from modifying, otherwise Google would have to repair warrantied phones that didn't have to end up there just because people didn't know or care what they did. But if you got passed ROOTING, you must know what you are doing and from this point you can modify files and apps, but now ROOTING becomes too easy.
Basically just because too many juveniles got their hands on the equipment.
CSharpHeaven said:
One thing I still don't get is...
How can Google upgrade Market app without the su privilage but the rest of the world has to root their phones to remove bloatware such as 'amazon mp3'?
Click to expand...
Click to collapse
I'm also very interested to read the answer for this one!
CSharpHeaven said:
One thing I still don't get is...
How can Google upgrade Market app without the su privilage but the rest of the world has to root their phones to remove bloatware such as 'amazon mp3'?
Click to expand...
Click to collapse
RAMMANN said:
I'm also very interested to read the answer for this one!
Click to expand...
Click to collapse
The answer, from my point of view, is quite simple: they just upgrade the application on /data/app ON TOP of the /system/app default Market version. So, you can always go back to your "default" version just by "uninstalling updates".
Summary: they do not upgrade the Market form ROM, just install the new version on top.
CSharpHeaven said:
I have about two weeks experience with Android OS and as a software developer I will be interested to know the technical details behind the Android OS.
I have already noticed this is possible to upgrade applications ported with the handset's ROM i.e. the Market app. This raised the question to me why can't I uninstall applications from the ROM without rooting or risking my handset's warranty to achieve this?
Is my expectation as a user of computers for 20 years unreasonable to think in 2010 with all software development and technological advances the uninstall feature should have been in Android OS from day one?
This is not exactly like Google is the first company in the world developed an OS to just the lack of experience with what users would want. From what I have seen so far in world of Android is that, the first thing users would want to know how to root their handset to remove packages that they have no use for.
Click to expand...
Click to collapse
Have you tried to work with iPhone(don't know about iPhone 4)? They build fortress around their system and even the apps you install cannot be uninstalled until you gailbrake it and use 3rd party installer to uninstall. And not talking about the "MONOPLY" they run with AT&T.
I don't want to know how to root, I can find my answer for that on Google, however what I don't get is what it does...
I know it unlocks the device somehow, but can't I simply access everything in the system if I compile android from source and install it on the device?
I have downloaded the android source and I believe I can access every possible thing, so why is rooting needed?
If I install an app as a system app, won't it automatically have the permissions to do what I need it to do?
AFAIK rooting is for the people you'd call the end user/consumer or whatever.
If you have a new phone and want to install one of the many custom ROMs around, you simply need a rooted phone.
A custom ROM is in easy terms a custom made User Interface for the phone.
There is lot more complicated stuff going on under the hood, but in general you change the look and feel of you phone's UI.
The phone has to be rooted, because the manufacturers and net providers around pack a lot of useless crap called "bloatware" (like Samsung Shop and Samsung Play and Samsung Sing and Dance and Music and whatnot) on your phone, which often makes it slower than it can be without it.
But naturally the big corps don't want you to be able to get rid of that **** too easily, which is why you don't have access to the system folders as a normal user.
I guess in your case it's possible that you (if you compiled android from source and installed it on your device) so to say have an already rooted phone, since Android itself is rooted by default. Like I said, the manufacturers are the ones to unroot Android in order to dictate which apps their customers might or might not use.
But I'm a noob and am not sure how you would install Android on your phone if it's new (and unrooted by default?) if you haven't rooted it before?
meh, hope that helped a bit at least...
root- you would love to do it after reading this..
Root? what is it?
it is what i call full access to our phone, flash new roms, have dual boot (example- you can have to os like ics and JB), can access the evasive /data folder which holdes the apk/setups of apps installed from playstore and many other things..
If you are concerned about warranty you can unroot your phone and give in your phone for warranty. i have given my phone for warranty like this.
The most important thing i like about root is that i can fix my phone myself (if it is a software problem). any other question please ask, and i will answer it.
Thanks if helped!
I don't have the time for development anymore. I used to play with stuff like that years ago, but life has taken me away from it. I'd still like to be able to access everything on my phone and play with custom roms, and root lets me do that. The end consumer comment is a good one.
As for to root or not root, I tell most people who ask me to root for them what they use their phone for and explain what they would get out of rooting, and explain the risks involved. Seems that people who understand what rooting does are able to do it themselves, and the ones that ask you to do it for them usually decide against it after hearing "there is a tiny chance that your phone could get bricked" lol
If you just want to play emulators etc, how would you benefit from rooting?
IMO rooting is very useful if you want to keep touching system things in a stock rom, optimizing and debloating it, installing other people ROMs, etc... I believe that if you compile your own flavour of android and find no restriction doing whatever you want, you don't need to.
Android phone without root is nothing
McFex said:
AFAIK rooting is for the people you'd call the end user/consumer or whatever.
Click to expand...
Click to collapse
:good:
McFex said:
But I'm a noob and am not sure how you would install Android on your phone if it's new (and unrooted by default?) if you haven't rooted it before?
Click to expand...
Click to collapse
Some phones can just be flashed (for example via usb) which gives you full control, others can be cracked.
I've been looking at Android m since it came out.
However my oem will not be supporting the majority of my devices
(That's you Samsung 2 year support has me thinking of never buying your product new again).(Not that many others are much better).
So with the bugs that are ever present in custom Android roms and the developer never ending rush to the next update while the last aosp is not retail stable on most devices(come on Google wait two years and get the base or rock solid already before messing yet again with things).(I understand developers want to play with new features and new devices, but so many people have a 2 y old very capable device that just needs security updates). I have been reluctant to update from 4.4 that most of my devices run solid on.
How much more security has Android m brought to the table?
Is the permission manager worth the update from 4.4 or 5.1 ?
With all the new apps supporting permission denial without crashing going benefit the older os with permission blockers or xprivacy running?
Is the permission paranoid user better off waiting until the last minute to update to miss the worst of the bugs left to squash or just jump in now and live with them?
What is your opinion?
Nope, the permission manager isn't worth the update.
System apps crash when you restrict them too much, even if you restrict permissions they don't need to work properly, which wasn't the case in pre Marsh Mellow ROMs.
Oh well, they crash if you restrict them through the built-in permission management system bla bla, but they probably won't if you restrict them with third part apps...
Plus, at least on the phone I'm currently working on (but I guess it must be the same on all Mesh Mallow phones), the permission system became very dishonest, to say the least.
When you install a new app you don't see all the permissions you are about to grant but only the categories (remember the last changes in the play sore?), which tricks you into wrongly believing that the app doesn't have too many perms. Once installed you can't review neither the permissions nor the categories, pfuut, gone with the wind...
All this "security" hype about Ma Shallow isn't really about security but about making you feel that thanks to google and its well known abnegation you are secure and that you don't need anything more to protect you further.
There's nothing worse than a false sense of security...
What else to say?
The auto start manager, well done, except that third part apps offered it since the days of ICS, if not GB, and that a script can take care of that stuff without even installing anything.
All in all if security is your thing don't bother, moreover than xposed doesn't work on some Mesh Hollow ROM, leaving you without any other alternatives but to secure your ROM on your own.
It's of course doable if you know how, but it'll take time and a lot of decompilation/recompilation/testing.
New features?
Boah, 2-3 gimmicks as usual, fancy colors animations widgets I don't know what bling bling yo yo, not worth the money unless you really need a new phone.
Security patches?
Boah again, they made everybody paranoid with stagefright and the like but hey, do you really think you'll get hit?
What are the chances, unless you download cracked apps or are naive enough to let anyone touch your phone without the screenlock on?
I'd say more or less the same than meeting Santa Claus in person, do you believe in Santa?
I personally don't but still, those vulnerabilities are good for business, it makes the Santa crowd buy newer and more "secure" phones, cool...
I would like to setup my phone to be able to browse/use apps as anonymously as possible. I realize that will require Tor/VPNs, and I am working on getting that information elsewhere. Here I am focusing on the phone itself.
It will be a new Samsung on Verizon. I would like to anonymize and secure it as much as possible. For example, I know that Verizon and Google are shipping new phones with spyware and other tagging features. I am not very tech saavy (I cant code), but I am a fast learner.
I will be trying to avoid using Google products at all costs (No Play Store, GMail, etc) - except for Android system updates (I assume this is a necessity?). I am willing to do anything, *except*: Replace the OS - it has to be regular Android (Unless someone can show me an add-on/alternative that wont require constant maintenance/detailed knowledge of how a phone OS works), or compromise the basic software so that it become unstable or wont work with basic apps.
I assume rooting is a must - but I will need some direction as to how this can be done safely, and what I will then need to do to keep the phone updated and stable.
Specifically I am looking for:
- How to remove all native spyware/malware/unnecessary apps (without accidentally deleting something critical).
- Remove any features that could ID my device over the internet
- What kind of software/app I need to set up to protect against future malicious software (some kind of anti-virus/malware scanner?).
- How to most securely encrypt the phone and any data on it (so that if someone was able to get control of it, accessing it's contents without the pass key would be as difficult as possible).
- If necessary, before I web connect it, I could download any apps/programs on another device and trasfer via MicroSD
- Any general tips that might help with this.
Thank you.
EDIT: I was originally planning on getting an S8, but I have read that it might have some issues, so I can get an LG G6 or even Galaxy S7 if it is still preferred for privacy/security.
If you didn't read it, it could be a good start in your search.
https://forum.xda-developers.com/general/security/tuto-how-to-secure-phone-t2960077
VPN!!!!
I think, regular updates with security patches is a must. But if you don't trust your original OS, how can you trust it's updates? I use mokee OS for this reason. And no gapps.
ThirdEchelonSam said:
I would like to setup my phone to be able to browse/use apps as anonymously as possible. I realize that will require Tor/VPNs, and I am working on getting that information elsewhere. Here I am focusing on the phone itself.
It will be a new Samsung on Verizon. I would like to anonymize and secure it as much as possible. For example, I know that Verizon and Google are shipping new phones with spyware and other tagging features. I am not very tech saavy (I cant code), but I am a fast learner.
I will be trying to avoid using Google products at all costs (No Play Store, GMail, etc) - except for Android system updates (I assume this is a necessity?). I am willing to do anything, *except*: Replace the OS - it has to be regular Android (Unless someone can show me an add-on/alternative that wont require constant maintenance/detailed knowledge of how a phone OS works), or compromise the basic software so that it become unstable or wont work with basic apps.
I assume rooting is a must - but I will need some direction as to how this can be done safely, and what I will then need to do to keep the phone updated and stable.
Specifically I am looking for:
- How to remove all native spyware/malware/unnecessary apps (without accidentally deleting something critical).
- Remove any features that could ID my device over the internet
- What kind of software/app I need to set up to protect against future malicious software (some kind of anti-virus/malware scanner?).
- How to most securely encrypt the phone and any data on it (so that if someone was able to get control of it, accessing it's contents without the pass key would be as difficult as possible).
- If necessary, before I web connect it, I could download any apps/programs on another device and trasfer via MicroSD
- Any general tips that might help with this.
Thank you.
EDIT: I was originally planning on getting an S8, but I have read that it might have some issues, so I can get an LG G6 or even Galaxy S7 if it is still preferred for privacy/security.
Click to expand...
Click to collapse
Assuming you are just talking about general privacy and security, then you are in with a chance to minimise data available to Google etc and be largely secure. If you are trying to prevent the likes of the NSA then you have no chance. At the very least your cell provider will know somethings about you (you have to show id in the US don't you?)
Without going to extremes as in the first link below and ending up pretty much with a dumb phone your best bet is to follow something more like this
https://privacytoolsio.github.io/privacytools.io/
As for security you can "harden" your system, there are some good threads etc on this. Or you could just buy a phone that is already hardened see Copperhead OS.
You are your phones best security, but I would say EVERYONE is fallible and could be tricked into opening a malicious email etc under the right circumstances so you should run a good antivirus, it may just save you one day. However they are not even 100% against all known malware let alone future ones or other exploits, it's just another layer of defence. Keeping your phone up dated with monthly security patches is probably your 2nd best defence after you! At some point you are trusting whoever provides your OS, network and any apps installed. Then of course this level of security must extend to all your devices that may link to your phone, no good running a router which doesn't get regular firmware updates, just this week all Linksys ones were found to be vulnerable, before that some Netgear ones, before that ....
Even using TOR does not guarantee anonymity as the NSA, GCHQ etc have been able to identify users in several ways, and no doubt still can, but it is the best way, though can be slow
Use your phones built in encryption, though this only works on a looked phone, anyone can see your data if they lack it up unlocked, or if using remote admin. Using an app to encrypt folders/files can prevent a local person viewing saved files though.
Rooting & removing bloatware would certainly help reduce data "leaks", but it has it's own risks and will void your warranty (though not up to date on S8 & tripping knox etc or on unlocking bootloaders on Verizon phones as I'm not in the US.) If it was me I'd buy an older model that has great support on xda & that you know you can unlock bootloader/root which has a good choice of roms from reputable devs that release monthly security updates quickly & then get a limited set of apps from fdroiod or similar.
whirlpool95 said:
VPN!!!!
Click to expand...
Click to collapse
But be choosy!
https://blog.csiro.au/tinker-torrentor-streamer-spy-vpn-privacy-alert/
(some vpn's are named in the full report, link at bottom of page)
Yea just don't use the internet on your phone, that's my advice .
My phone is 5 years old, and hasn't had any OTA updates in years and its got no warranty. Apparently my older version of Android 8, isn't recognized as much and I'm starting to encounter more and more Play store apps that want a newer version of android and refuse to load. Hence I had to learn how to sideload stuff which is really annoying.
After a quick google search I learned you can root your phone and there is an Android 11 image called Lineage OS 18.1 ... which sounds pretty sweet. BUT after additional searches, I'm reading so many cons about rooting a phone. If bricking it isn't a concern, and I don't have a warrantee to void. What's at risk? I was probably going to buy a new phone anyways but now I'm intregued with this rooting process and wondiering if it might buy me time on a older phone that still works amazingly well. Why replace it if it still works, it just needs new software.
Questions: If I install Lineage OS 18.1 successfully...
Will the Play Store and Apps continue to update, or will I stop receiving notifications regarding available updates? Or am I forever stuck with sideloading?
If I don't install G Apps is this bad? I don't use stock Google Apps, I've opted to use the Microsoft equivalent like Outlook for email and calendar... or do I still need to install Google Apps to gain the ability to layer Microsoft products on top?
Why is there so much negative talk about malware infection with rooted phones? If I'm not downloading and installing apps constantly, the risk would still be no more threatening than it is now correct?
Are there any apps that would realize the phone is rooted and refuse to run? Some searches told me that security apps may not like a rooted phone. Does rooting it affect Microsoft Authenticator app?
Lastly, if I only want to pick and choose specific G Apps - can you install only the ones you need? or do they come all bundled together?
Thanks in advance,
What's really at stake if rooting an older phone?
Click to expand...
Click to collapse
Ii is easy to answer:
Pro: Complete Control Over Your Device
One of the most significant benefits of rooting your Android device is the ability to have complete control over it. You can remove any pre-installed apps that you don’t need, customize the look and feel of your device, and control every aspect of its performance. With rooting, the possibilities are endless, and you can make your device truly your own.
Con: Risk of Bricking Your DeviceOne of the most significant risks of rooting your Android device is the potential to brick it. Bricking is when your device becomes completely unusable due to a software malfunction. If you’re not careful, you can render your device useless. However, if you follow the instructions carefully and take the proper precautions, you can minimize the risk of bricking your device.
Speed up older Android hardware with a custom ROM
Click to expand...
Click to collapse
Installing a custom ROM ( or a 3rd-party OS ) allows your device to live a second life, provided you can stomach the somewhat lengthy process. Custom ROMs become especially useful once your smartphone’s manufacturer stops delivering software and feature updates. Most ROMs are also based on vanilla Android ( AOSP ), which means you get a lighter and faster experience than default manufacturer skins.
Having said that, it’s worth noting that custom ROMs are completely unofficial. Some work perfectly, while others may exhibit bugs and instability - you’ll need to do some due diligence for your specific device model. But don’t worry, here is a guide on how to install Lineage OS, one of the most popular custom ROMs.