That is why i rooted my phone as a tech noobie, and it gives me security warning everytime i restart it. As if their shitty apps are not security breach, lol.
A rooted phone is definitely a bigger security risk if you don’t know what you’re doing, as anything with root access is unbounded by the usual android permission system, and can completely demolish your OS. Additionally it can serve as a big warning if someone else has tampered with your device.
Indeed, though I have yet to meet somebody that “doesn’t know what he’s doing” in matters of rooting. Basically, the phones that are still the easiest to bootload unlock are usually only appealing to tech geeks, while the most mainstream phones have a much more complex and hacky (if at all possible) process to unlock. So that in itself filters a lot of tech non-savvy users from getting into the subject…
I’m not sure I agree though with "as anything with root access is unbounded by the usual android permission system, and can completely demolish your OS”. Android’s permission system is imho garbage. It may on paper tick the “provides user with permission management” but since apps that are ill-intended will usually 1) drown the layperson in a multitude of permission requests to do anything, it will usually translate to the user blanket accepting everything defying fine permission management as a whole 2) finer ID / privacy related data acces permissions don’t even get prompted for access, and only rely on the completely broken dev declarative scheme on the play store. IMHO, the finer permission management solutions that the Android community came up with ages ago (well before Android/Apple even thought fo implementing any permission management) did a much better job.
Rooting comes with a root manager (magisk, superUser…) that modal-prompts the user for either permanent or one-time allow / deny access when an app requests root that can be secured by fingerprint/password. I’d argue Root managers are more user-stupidity-proof thant Android’s own permission manager.
As for malicious apps requesting rooting, well, in the end, if the user is 1) stupid enough to download such apps (I’m guessing shady warez / cheat enabled games for the masses) 2) even stupider to accept a root access request from such an app… let natural selection do its job.
A lot of people definitely don’t realize what rooting actually means. If a user blindly accepts all permissions, there’s no way it can be framed as an OS problem, that’s definitely a user problem. If an app requests permission I think it shouldn’t have, I deny it. If the app doesn’t work afterwards, I don’t need the app.
Totally true, yet this thread app access requestments are more scary to me. I would like to limit those kind of apps. I root to install some ROMs and have fun, by “noobie” i meant that i can’t follow the steps without a guide. I didn’t mean that i run havok with root accesses left and right.
Thanks for the warnings, yet i still think a literal gambling app is much more risky. I don’t use my mobile phone on sensitive password saving apps or banking apps as i think those are risky on rooted phone too. I am just having fun as a careful newbie.
Fortunately you can use magisk to hide the rooted status from most apps. At least in Finland, I have had no problems with Nordea or Danske Bank. I remember that some app was troublesome, but I think I figured that one out also eventually.
Magisk (latest release) + Universel SafetyNet Fix v2.4.0-MOD_1.2 (kdrag0n github) + add the apps to the zygist deny list + rename magisk manager.
→ does the job for me.
That is why i rooted my phone as a tech noobie, and it gives me security warning everytime i restart it. As if their shitty apps are not security breach, lol.
A rooted phone is definitely a bigger security risk if you don’t know what you’re doing, as anything with root access is unbounded by the usual android permission system, and can completely demolish your OS. Additionally it can serve as a big warning if someone else has tampered with your device.
Indeed, though I have yet to meet somebody that “doesn’t know what he’s doing” in matters of rooting. Basically, the phones that are still the easiest to bootload unlock are usually only appealing to tech geeks, while the most mainstream phones have a much more complex and hacky (if at all possible) process to unlock. So that in itself filters a lot of tech non-savvy users from getting into the subject…
I’m not sure I agree though with "as anything with root access is unbounded by the usual android permission system, and can completely demolish your OS”. Android’s permission system is imho garbage. It may on paper tick the “provides user with permission management” but since apps that are ill-intended will usually 1) drown the layperson in a multitude of permission requests to do anything, it will usually translate to the user blanket accepting everything defying fine permission management as a whole 2) finer ID / privacy related data acces permissions don’t even get prompted for access, and only rely on the completely broken dev declarative scheme on the play store. IMHO, the finer permission management solutions that the Android community came up with ages ago (well before Android/Apple even thought fo implementing any permission management) did a much better job.
Rooting comes with a root manager (magisk, superUser…) that modal-prompts the user for either permanent or one-time allow / deny access when an app requests root that can be secured by fingerprint/password. I’d argue Root managers are more user-stupidity-proof thant Android’s own permission manager.
As for malicious apps requesting rooting, well, in the end, if the user is 1) stupid enough to download such apps (I’m guessing shady warez / cheat enabled games for the masses) 2) even stupider to accept a root access request from such an app… let natural selection do its job.
A lot of people definitely don’t realize what rooting actually means. If a user blindly accepts all permissions, there’s no way it can be framed as an OS problem, that’s definitely a user problem. If an app requests permission I think it shouldn’t have, I deny it. If the app doesn’t work afterwards, I don’t need the app.
Totally true, yet this thread app access requestments are more scary to me. I would like to limit those kind of apps. I root to install some ROMs and have fun, by “noobie” i meant that i can’t follow the steps without a guide. I didn’t mean that i run havok with root accesses left and right.
Thanks for the warnings, yet i still think a literal gambling app is much more risky. I don’t use my mobile phone on sensitive password saving apps or banking apps as i think those are risky on rooted phone too. I am just having fun as a careful newbie.
A lot of banking apps in europa don’t work on rooted phones, so that is not an option.
No problem with Magisk, been using banking apps on rooted phones for years
Fortunately you can use magisk to hide the rooted status from most apps. At least in Finland, I have had no problems with Nordea or Danske Bank. I remember that some app was troublesome, but I think I figured that one out also eventually.
When you dont know what you’re doing it feels that way. I completely understand🙂
Condescending much?
🙃
Magisk (latest release) + Universel SafetyNet Fix v2.4.0-MOD_1.2 (kdrag0n github) + add the apps to the zygist deny list + rename magisk manager. → does the job for me.
Rightfully so. I don’t think rooting a phone is a save option for banking purposes. I use my PC for that