Comment by HybridStatAnim8
3 hours ago
You would install your own build of GrapheneOS. Not the official images.
Its not advisable to run anything as root, at all. Or expose access to it in any form.
You can make userdebug builds to access a form of root that doesnt undermine the entire security model, in ADB. Afaik this lets you access apps internal directories but is not recommended for production devices.
> You would install your own build of GrapheneOS. Not the official images.
Awesome, so you're advising against installing GrapheneOS for anyone that wants control over their own data.
Sorry for twisting the words slightly, but that's the essence of the issue here, isn't it?
> Its not advisable to run anything as root, at all. Or expose access to it in any form.
And then you advise for exposing access to it in pretty much the same form I asked for before.
It'd be funny if it wasn't so exhausting.
Regarding the security model: So adjust the security model.
Any access that an app can have, should also be available to the user. Importantly, they should be able to access and modify any data.
The system documents/files app already has special permissions for that, there's no reason why it shouldn't have access to all files (accessible through the same unlock system as e.g. the security settings)
No, official GrapheneOS is an ideal method to control data. As a part of this, they also provide build documentation for whatever you want to do. It is FOSS, after all.
To be clear, I am NOT advising root access. I am not contradicting myself. I am telling you it is dangerous but still telling you how it can be done in a less terrible way. To withhold that info would be senseless gatekeeping. GrapheneOS supports being built as a userdebug image but that will not stop them from telling you how bad an idea it is to use it on a production device.
GrapheneOS will not be rolling back aspects of the security model. That would be a massive step backwards for privacy and security.
So let me get this straight.
An app developer getting access to send my files to a random server somewhere? That's just a simple permission prompt, no unlock needed.
But me getting access to my own files? That's an absolute no-go. Even with adb and unlock, absolutely impossible
Seriously, you need to explain the difference. Because I don't see how apps being a one-way street (they can access my data, but I can't access theirs) is in any way reasonable.