Ah yes, getting access to your own data would be a massive problem, can you imagine such a world?! /s
Such data should be put in (or encrypted by) the hardware-backed keystore. You get to have full access to what the OS does, including seeing what data gets passed into this secure element for encryption or signing (you retain visibility and control), and yet secrets can't be leaked to you or an attacker who tries to extract those secrets
See e.g. your bank card: it's yours, you can choose where to stick it and what transactions it authorizes, but you can't get at the token that serves as proof of possession nor reset the PIN attempts counter. Your phone('s banking app) could work in the same way and has the hardware on board that makes this possible. So you see, it's a choice that you don't get to see what apps are doing and people are scared into believing that access to their own phone is bad. It's a matter of conflicting incentives on the vendor side, not technical risk
Because my new phone would be my new phone. And a phone is a computer. That should be enough of a reason.
I'm quite surprised people who post here don't get that. I've been lurking for years even though my account is new and even though general hackerishness here has gotten a bit reduced over the years, but it's still HackerNews, not ConsumerNews. No offense implied - I just hoped I'd see more people willing to claim their right to own and modify their OS like a true hacker.
If I could point out, the vast majority of people you see writing things as stupid as that are either have a huge stake in the company/industry or the government.
Thanks for all of your other comments in this thread I read them all and it is such useful advice for everyone, even seasoned security people.
I do (re-)root my phone (after each update I have to flash the Magisk-modified boot.img again), but FWIW almost nothing needs root on Android, it lets you do way more by default than iOS. I think some people equate jailbreaking and rooting when there's not really a jail to begin with. You can install a custom ROM without having root and I think that's what most people really want to do. Cleaner base system, maybe some new features. I run LineageOS without gapps and it's great. I can use `sudo` inside termux since I have root. I don't really use it for anything except to verify that Magisk reinstalled okay (I do `sudo ls /` as a quick check). Installing F-Droid doesn't need root. You can even do it on locked down TVs and Amazon tablets usually. adb works as well, not sure why someone was saying it doesn't. Hell, adb should work even without either root or a custom ROM. I use it to reboot my phone into fastboot without the button combo and then flash Magisk right after.
I agree you might not need it, but the issue is one of principle. I want it because I might need it. I don't want to find another OS that supports root if I realize I need it.
Just how I may be OK with staying at home for months with deliveries and internet access and everything else provided for me, but I want the freedom to go outside. There is rarely anything I need that's outside, to be honest. And outside is more dangerous. But I want to be able to sudo outside whenever I want for whatever reason I want.
Backing up all app data.
That breaks Android's security model and reduces overall security.
I think those are features, not a bug.
Ah yes, getting access to your own data would be a massive problem, can you imagine such a world?! /s
Such data should be put in (or encrypted by) the hardware-backed keystore. You get to have full access to what the OS does, including seeing what data gets passed into this secure element for encryption or signing (you retain visibility and control), and yet secrets can't be leaked to you or an attacker who tries to extract those secrets
See e.g. your bank card: it's yours, you can choose where to stick it and what transactions it authorizes, but you can't get at the token that serves as proof of possession nor reset the PIN attempts counter. Your phone('s banking app) could work in the same way and has the hardware on board that makes this possible. So you see, it's a choice that you don't get to see what apps are doing and people are scared into believing that access to their own phone is bad. It's a matter of conflicting incentives on the vendor side, not technical risk
An alternative if you are using Graphene would be to build your own image with the changes that you want, without or without root.
Because my new phone would be my new phone. And a phone is a computer. That should be enough of a reason.
I'm quite surprised people who post here don't get that. I've been lurking for years even though my account is new and even though general hackerishness here has gotten a bit reduced over the years, but it's still HackerNews, not ConsumerNews. No offense implied - I just hoped I'd see more people willing to claim their right to own and modify their OS like a true hacker.
Exactly. It is my device. End of story.
If I could point out, the vast majority of people you see writing things as stupid as that are either have a huge stake in the company/industry or the government.
Thanks for all of your other comments in this thread I read them all and it is such useful advice for everyone, even seasoned security people.
It isn't natural to want less freedom.
I do (re-)root my phone (after each update I have to flash the Magisk-modified boot.img again), but FWIW almost nothing needs root on Android, it lets you do way more by default than iOS. I think some people equate jailbreaking and rooting when there's not really a jail to begin with. You can install a custom ROM without having root and I think that's what most people really want to do. Cleaner base system, maybe some new features. I run LineageOS without gapps and it's great. I can use `sudo` inside termux since I have root. I don't really use it for anything except to verify that Magisk reinstalled okay (I do `sudo ls /` as a quick check). Installing F-Droid doesn't need root. You can even do it on locked down TVs and Amazon tablets usually. adb works as well, not sure why someone was saying it doesn't. Hell, adb should work even without either root or a custom ROM. I use it to reboot my phone into fastboot without the button combo and then flash Magisk right after.
I agree you might not need it, but the issue is one of principle. I want it because I might need it. I don't want to find another OS that supports root if I realize I need it.
Just how I may be OK with staying at home for months with deliveries and internet access and everything else provided for me, but I want the freedom to go outside. There is rarely anything I need that's outside, to be honest. And outside is more dangerous. But I want to be able to sudo outside whenever I want for whatever reason I want.
1 reply →