• Dehydrated@lemmy.world
    link
    fedilink
    English
    arrow-up
    5
    ·
    edit-2
    9 months ago

    You need to differentiate between root and custom ROMs. Root is counterproductive in regards to security, because it significantly increases attack surface, but Custom ROMs like GrapheneOS can make your device much more private and secure. It also doesn’t ship any proprietary apps by default and Google Play services are sandboxed and isolated, just like any other app. It’s pretty amazing.

        • BearOfaTime@lemm.ee
          link
          fedilink
          English
          arrow-up
          3
          ·
          9 months ago

          Even then it’s not.

          Is your PC less secure because it has root access/Admin accounts?

          It’s all about how it’s managed. And I’d argue my phone is more secure, because of how I use root to improve security.

          Good luck installing any app on my phone, without knowing how to unlock that functionality.

          • Dehydrated@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            ·
            9 months ago

            I recommend the following section of this article:

            Rooting your device allows an attacker to easily gain extremely high privileges. Android’s architecture is built upon the principle of least privilege. By default, only around 6 processes run as the root user on a typical Android device, and even those are still heavily constrained via the full system SELinux policy. Completely unrestricted root is found nowhere in the operating system; even the init system does not have unrestricted root access. Exposing privileges far greater than any other part of the OS to the application layer is not a good idea.

            It does not matter if you have to whitelist apps that have root — an attacker can fake user input by, for example, clickjacking, or they can exploit vulnerabilities in apps that you have granted root to. Rooting turns huge portions of the operating system into root attack surface; vulnerabilities in the UI layer — such as in the display server, among other things — can now be abused to gain complete root access. In addition, root fundamentally breaks verified boot and other security features by placing excessive trust in persistent state. By rooting your device, you are breaking Android’s security model and adding further layers of trust where it is inappropriate.

            A common argument for rooting is that Linux allows root, but this does not account for the fact that the average desktop Linux system does not have a security model like Android does. On the usual Linux system, gaining root is extremely easy, hence Linux hardening procedures often involve restricting access to the root account.