Comment by wackget
9 days ago
My response would be it doesn't make any sense. There are so many reasons why blocking rooting is a stupid idea. Just some of them:
- If you're capable of rooting a device then you're capable of understanding the risks which come with doing so.
- The number of users who root their devices will always be so comparitively tiny that the increased risk of data exfil is incredibly small. Also, similarly to above, if you're technical enough to root your device then you're probably not regularly putting yourself at risk by downloading shady apps etc. anyway.
- Rather than decreasing security, rooting allows you to enhance the security of your device by installing lower-level tools and, most importantly, removing all the bloatware crap which comes on most phones. This reduces the surface area of attack.
Let's be honest and admit that the only reason to prevent users from rooting their phones is to protect companies' profits by ensuring users can't fight back against the blatant tracking, data mining, and analytics capture which is so valuable to companies.
The main reason IMO to block rooting is to stop resellers selling phones with preinstalled malware. If the phone has two Amazon/Aliexpress sellers, you're going to pick the cheaper one right? With who-knows-what alterations? It's a really prevalent problem and most people are not going to notice the "insecure" warning at bootup.
Phones can and do have a warning that they were rooted on boot. So this is not an excuse. But don't worry, I'm sure there are several marketing teams at work on new excuses why your computers should be controlled by benevolent corporations and not you.
Agreed. There truly is no good reason to prevent people from unlocking their phones' bootloaders. There are plenty of bad ones.
> The number of users who root their devices will always be so comparitively tiny that the increased risk of data exfil is incredibly small
> the only reason to prevent users from rooting their phones is to protect companies' profits by ensuring users can't fight back against the blatant tracking, data mining, and analytics capture
You contradict yourself, if the number of users which will root their devices is tiny, the lost profits from tracking, data mining, analytics is tiny as well.
Not necessarily if you consider the level of paranoia of these companies regarding controlling how their devices are used, as well as the tech sectors growth at all costs mantra.
There's also the argument that if tiny percent can do it, could it start to catch on and slowly grow to a larger percent?
More so in an economic environment where spending $2,000 on a new phone every year is decreasing in popularity, especially when the differences between model X and model X+1 have to squinted at ever harder to determine.
> Let's be honest and admit that the only reason to prevent users from rooting their phones is to protect companies' profits by ensuring users can't fight back against the blatant tracking, data mining, and analytics capture which is so valuable to companies.
I'm with you on the general sentiment, but how do the companies that block rooting benefit from any of the nefarious activities you mentioned? Those are executed by different organizations, typically.
They benefit from user buying a new phone when they stop providing updates for it. If the bootloader can be unlocked, the community can take over support & the device will be used for longer. Kinda like a 10+ old laptop is perfectly functional and usually fully supported by moder Linux distros, but 10 year old phone is more often than not a paperweight.
First party apps, carrots and sticks from large players like alphabet and meta, pressure from banks, pressure from governments.
- If you're capable of rooting a device then you're capable of understanding the risks which come with doing so.
Spend an hour in xdaforums and you'll see how untrue that is.
Many people root just to get YouTube Revanced or something like that. Meanwhile, you have launchers masquerading as a stock launcher that will happily steal refresh tokens for your Google account.