Comment by diacritical
15 hours ago
Unfortunately from what I read a couple of times, including a month or so ago, GrapheneOS discourages and doesn't support rooting the phone for security reasons that seem vague to me and don't appeal to my need to actually own my phone and OS. You could still root it with some third party tools from what I know, but not having root as the default makes it less of a secure FOSS OS and more of a closed down toy.
As for payment apps and other crap that refuses to run if I, the owner and administrator of my own device, don't have admin access, I would just refuse to run it. What's next - websites refusing to work if I have root on my Linux desktop?
These reasons for not supporting the root have been stated on their discussion forum multiple times.
But they do not stop you from doing so, you can fairly easily build your own images with root enabled.
LineageOS also discourages and doesn't support replacing the core of the OS with a rootkit providing persistent app accessible root. GrapheneOS is no different from LineageOS in that regard. People do this with GrapheneOS regardless of our strong recommendation not do it. Our reasons for discouraging it aren't vague. It very directly harms the security model and is not a good approach to implementing any of the features hacked together through it. Those features should be properly implemented to fit within the overall approach taken by GrapheneOS. Giving root access to a huge portion of the OS harms security even if you never use the feature. It does not mean you can't do it, we only recommend you don't.
I agree that the features should ideally be provided by the base system so that the user does not have to "hack them in" with root-powered apps. But the reality is that most Android "distros" simply do not support the features that I would consider basic functionality. I mainly root for three reasons:
- Backing up all app data via Neo Backup. Android has an auto-backup feature that backs up app data to the user's Google Drive, but unfortunately the app developer can simply opt out of this, and the user cannot do anything about it. This means that app data may be lost when migrating to a new phone, as the app data is stored in directories that are not accessible in the filesystem without root.
- High-quality call recording via Call Recorder. For some reason, some (most?) phones do not allow apps to access the raw incoming audio stream. Non-root apps have to rely on capturing the other end through the microphone, which is horrible.
- /etc/hosts-based ad blocking while using a VPN via AdAway. DNS-based ad blocking is possible via apps like AdGuard, which use a local VPN to accomplish this. Unfortunately, Android only allows one VPN connection at a time, which means that without root I would not be able to use a VPN for any other purpose while simultaneously blocking ads.
---
I have no experience with GrapheneOS, so I'd be interested to hear if these features are possible on it without rooting. If not, can I request these features somewhere?
Rooting is a very bad idea. https://madaidans-insecurities.github.io/android.html#rootin... But GrapheneOS is fully open source and provides great build instructions, so you can always make your own build and add whatever features or privileged apps you like within the standard AOSP frameworks for privileged apps with system integration.
> Backing up all app data via Neo Backup
GrapheneOS includes Seedvault by default. https://grapheneos.org/features#encrypted-backups
> High-quality call recording via Call Recorder
Call recording is built into the Dialer app on GrapheneOS. https://grapheneos.org/features#encrypted-backups:~:text=Cal....
> DNS-based ad blocking is possible via apps like AdGuard
DNS-based blocking can also be accomplished by using Android's native Private DNS feature with a resolver that blocks ads. You could even host your own on a VPS if you are more comfortable running name resolution and DNS-level adblocking on infrastructure you control.
The RethinkDNS app also lets you use DNS-level adblocking and a VPN at the same time. https://grapheneos.org/faq#ad-blocking-apps
> I have no experience with GrapheneOS, so I'd be interested to hear if these features are possible on it without rooting.
I recommend giving https://grapheneos.org/features a read.
> If not, can I request these features somewhere?
Check out the issue tracker on GitHub: https://github.com/GrapheneOS/os-issue-tracker/issues
2 replies →
>but not having root as the default makes it less of a secure FOSS OS and more of a closed down toy.
I don't get it, it's "less of a secure FOSS OS" to not have root by default, but it's secure to run random apps as root and breaking android's security model? What's the threat model here?
Those "random apps" are foss terminal emulators and other various foss apps I explicitly installed.
Yeah, this is the deal breaker for me as well. The fact that I own my device is non-negotiable. It is the reason I left the stock OS and I'm not going back. The idea that I can't access my own files if an app doesn't explicitly give me access is wild to me. I understand there are security risks of a root permission but it is important to have that fallback when you need it and the existing permissions aren't sufficient.
LineageOS also discourages and doesn't support replacing the core of the OS with a rootkit providing persistent app accessible root. GrapheneOS is no different from LineageOS in that regard. People do this with GrapheneOS regardless of our strong recommendation not do it. Our reasons for discouraging it aren't vague. It very directly harms the security model and is not a good approach to implementing any of the features hacked together through it. Those features should be properly implemented to fit within the overall approach taken by GrapheneOS. Giving root access to a huge portion of the OS harms security even if you never use the feature. It does not mean you can't do it, we only recommend you don't.
LineageOS provides ADB root access in stock builds. Sure, it isn't as convenient as some su apps but at least I can use ADB to access every file on the device. It probably also improves the attack surface compared to a su app.
> It very directly harms the security model
What do you mean by this? You mean that it is a "god permission" that bypasses other permissions? If so then yes, with great power comes great responsibility and it shouldn't be used lightly.
> and is not a good approach to implementing any of the features hacked together through it.
Maybe not, but is there an alternative? What is your recommended way to access all files of any app? This is my primary use case. Modification would also be valuable but I would be ok with read-only access.
> Giving root access to a huge portion of the OS harms security even if you never use the feature.
Can you explain why root access must be given to a huge portion of the OS? Why can't it be limited to specific apps or features (like ADB shell)?
> It does not mean you can't do it, we only recommend you don't.
Of course. It is your right to recommend whatever you want :)
The "access your own files" thing is so insane! Hard to describe my feelings [negative] when I found out that all of my voice notes were in the voice recorder and the easiest way to get them out was to manually send each one to myself over discord. Google helpfully mentions that you can just "download them through google takeout" and doesn't leave any option for people who don't just give all their personal data to google.
I use a FOSS voice recorder app from F-Droid. It's just called "Voice Recorder" with an orange icon. It does exactly what it says, records audio from your microphone, lets you play them back. They're just files on the device.
Anytime I need a "simple" utility, I check f-droid first to get the one-trick-pony app over spyware from the play store.
Other utilities I use are: WorkTimer: pomodoro app DiskUsage: self explanatory Http Request Shortcuts: setup home screen app shortcuts that run http requests
1 reply →
It's pretty easy to make your own `userdebug` build of GrapheneOS using their official build instructions
That's what I do to get `adb root` and full file system access.
> [I want root,] The fact that I own my device is non-negotiable.
I read that a lot, and I agree that I want to own my device. But that does not mean that I should have root access on the OS I choose to install on it.
Owning my device means that I should be able to install whatever OS I want. It does not mean at all that OS developers must do whatever I tell you to do.
Yes, that is why it is a deal breaker. I'll choose to run a different OS. I didn't say that GrapheneOS must support root. Just that I won't run it if they don't.
5 replies →
Hm, what do you mean? What app has to let you access your files? Is this Graphene-specific?
There's nothing GrapheneOS-specific about it and it doesn't prevent rooting. LineageOS doesn't officially support it any more than GrapheneOS does. It doesn't stop people doing it for either. Our recommendations aren't law.
Any files created by apps in their main data directories are inaccessible on most distributions of Android (I think it is actually required to be Google certified). The exception is apps that go out of their way to store files in user accessible directories or provide a feature to export or share data out of the app.
By rooting your device you can access the app data directories as you wish.
1 reply →