Comment by thot_experiment

I agree that the features should ideally be provided by the base system so that the user does not have to "hack them in" with root-powered apps. But the reality is that most Android "distros" simply do not support the features that I would consider basic functionality. I mainly root for three reasons:

- Backing up all app data via Neo Backup. Android has an auto-backup feature that backs up app data to the user's Google Drive, but unfortunately the app developer can simply opt out of this, and the user cannot do anything about it. This means that app data may be lost when migrating to a new phone, as the app data is stored in directories that are not accessible in the filesystem without root.

- High-quality call recording via Call Recorder. For some reason, some (most?) phones do not allow apps to access the raw incoming audio stream. Non-root apps have to rely on capturing the other end through the microphone, which is horrible.

- /etc/hosts-based ad blocking while using a VPN via AdAway. DNS-based ad blocking is possible via apps like AdGuard, which use a local VPN to accomplish this. Unfortunately, Android only allows one VPN connection at a time, which means that without root I would not be able to use a VPN for any other purpose while simultaneously blocking ads.

---

I have no experience with GrapheneOS, so I'd be interested to hear if these features are possible on it without rooting. If not, can I request these features somewhere?

Those "random apps" are foss terminal emulators and other various foss apps I explicitly installed.

LineageOS also discourages and doesn't support replacing the core of the OS with a rootkit providing persistent app accessible root. GrapheneOS is no different from LineageOS in that regard. People do this with GrapheneOS regardless of our strong recommendation not do it. Our reasons for discouraging it aren't vague. It very directly harms the security model and is not a good approach to implementing any of the features hacked together through it. Those features should be properly implemented to fit within the overall approach taken by GrapheneOS. Giving root access to a huge portion of the OS harms security even if you never use the feature. It does not mean you can't do it, we only recommend you don't.

The "access your own files" thing is so insane! Hard to describe my feelings [negative] when I found out that all of my voice notes were in the voice recorder and the easiest way to get them out was to manually send each one to myself over discord. Google helpfully mentions that you can just "download them through google takeout" and doesn't leave any option for people who don't just give all their personal data to google.

It's pretty easy to make your own `userdebug` build of GrapheneOS using their official build instructions

That's what I do to get `adb root` and full file system access.

> [I want root,] The fact that I own my device is non-negotiable.

I read that a lot, and I agree that I want to own my device. But that does not mean that I should have root access on the OS I choose to install on it.

Owning my device means that I should be able to install whatever OS I want. It does not mean at all that OS developers must do whatever I tell you to do.

Hm, what do you mean? What app has to let you access your files? Is this Graphene-specific?

"While the spoof key isn't blacklisted" is the critical bit. Soon, all the keys will be, as these old devices age away from being too common to blacklist.

> the concept that you shouldn't own your device for safety is so fucked.

That's not it. The concept is "if you choose to install this particular OS on the device you own, then it comes with this particular security model". That's totally fine. If you own your device, you can run Linux on it and you'll have root access.

"Not owning your device" means "not being able to install the OS you want on it". I want to own my device, obviously. But it does not mean that I own the developers of every OS in the world and that they should do whatever I tell them to do, for free.

A non rooted device is NOT really my device, just seems like a leased device.

If we want to use banking app we have to use a non-rooted/leased device. That is what is really messed up. Personally I only use bank now that has website for banking. If they don't have a web site only app, then it is a red alert for the company.

I think is great, if there are no ramifications when skilled people unlock it.

There's just too much hacking going on, malicious behaviour, to allow uneducated masses to have root on a phone. I've seen so many people just not understanding the outcome of their actions. You'd get people rooting because some shady app lied about why, and just wanted control.

And we don't need more botnets. And it's why banks sometimes throw a fit.

So if a recompile does the trick, and no downside, then it'd be fine.

Android is not UNIX, and that's a good thing. The root account was a historical mistake and not having access to it doesn't mean you don't own your device. That mindset is just trying to project how things worked with a half century old operating system with how modern operating systems work.