We really need to move away from the idea that a user having control over his/her device is insecure.
I can use online banking and paypal with windows logged in as administrator or GNU/Linux logged in as root[0], why shouldn’t I be able to use google wallet pay wallet with root?
[0] yes I know you shouldn’t log in as root, but that doesn’t change that you can do it.
Does rooting your device make you the root user or just gives you access to superuser utilities?
In linux systems the root user shouldn’t be used for daily use, you just make an user account with permission to use sudo, doas or su.
If you root your phone, at least with most tools, you don’t become the root user. Apps that use root access have to request it, and you’ll have to allow it in the root tool you flashed.
Example pop-up from SuperSU:
Once it’s rooted and permissions are requested via the superuser app
And you expect this piece of community software (that is often closed source to avoid detection by safetynet) is perfect? Never had any bugs or exploits?
it’s not any more dangerous than a non-rooted phone
The SU software itself is an attack vector. One with the ultimate payoff (root access). When you root the device you install a window in what was otherwise a solid wall. It is inherently less secure and I can’t understand how a knowledgeable person would argue otherwise.
but all software is insecure and it should be up to the user what their risk tolerance is
Yes. And app developers/companies should in turn do the same. A banking app and a lemmy app probably don’t have the same security requirements. Each needs to apply the appropriate security constraints, and if that means not allowing rooted decices that’s fair imo.
RobotToaster
Programmer Belch
u/lukmly013 💾 (lemmy.sdf.org)
evo