RobotToasterMar 1, 2024

We really need to move away from the idea that a user having control over his/her device is insecure.

I can use online banking and paypal with windows logged in as administrator or GNU/Linux logged in as root[0], why shouldn’t I be able to use google wallet pay wallet with root?

[0] yes I know you shouldn’t log in as root, but that doesn’t change that you can do it.

Show threadProgrammer BelchMar 1, 2024

Does rooting your device make you the root user or just gives you access to superuser utilities?

In linux systems the root user shouldn’t be used for daily use, you just make an user account with permission to use sudo, doas or su.

Show threadu/lukmly013 💾 (lemmy.sdf.org)Mar 1, 2024

If you root your phone, at least with most tools, you don’t become the root user. Apps that use root access have to request it, and you’ll have to allow it in the root tool you flashed.

Example pop-up from SuperSU:

Show threadevoMar 1, 2024
Lol. So if you use an exploit to gain SU what makes you think a malicious app can’t do the same? Or better yet, find a new exploit in the SU management software you installed. As soon as you root, you can no longer guarantee root activities are not taking place unbeknownst to you…
Show threadnotfromhereMar 1, 2024
That goes for unrooted phones as well. The danger with rooting a phone comes from the automated software that is doing the initial rooting. It could install anything in there and the user would be none the wiser. Once it’s rooted and permissions are requested via the superuser app, it’s not any more dangerous than a non-rooted phone, assuming nothing malicious was installed during the rooting process, that is.
Show threadevo

Once it’s rooted and permissions are requested via the superuser app

And you expect this piece of community software (that is often closed source to avoid detection by safetynet) is perfect? Never had any bugs or exploits?

it’s not any more dangerous than a non-rooted phone

The SU software itself is an attack vector. One with the ultimate payoff (root access). When you root the device you install a window in what was otherwise a solid wall. It is inherently less secure and I can’t understand how a knowledgeable person would argue otherwise.

Mar 1, 2024 at 5:58pmWeb
Show threadnotfromhereMar 1, 2024
I agree with what you’re saying, but all software is insecure and it should be up to the user what their risk tolerance is. Instead, users’ control of their equipment is whittled down and before long the only choice will be deal with it or don’t play. Pinephone comes to mind as a phone with root access that is somewhat secure, but it had latent vulnerabilities that could be exploited as its version of sudo is also an attack vector. Everything is a trade off especially in software/tech.
Show threadevoMar 1, 2024

but all software is insecure and it should be up to the user what their risk tolerance is

Yes. And app developers/companies should in turn do the same. A banking app and a lemmy app probably don’t have the same security requirements. Each needs to apply the appropriate security constraints, and if that means not allowing rooted decices that’s fair imo.

Show threadmichaelmroseMar 1, 2024

SU software has been a thing for about as long as android about 20 years or about. Has otherwise legitimate su been a source of unattended exploiting?

The obvious risk factors are that users shall be tricked into granting inappropriate permissions to otherwise malicious or compromised software that they have deliberately installed. Outside of mobile platforms this is considered an acceptable risk that competent users can consistently successfully manage on their own hardware.

In fact if you look at actual users even those with very limited technical know how the primary thing that

The secondary risk is that users with no legit source of tools to root