I’ll make it simple then. The device that is rooted is not a phone first off so it has no cellular data. Secondly all the accounts on it that apps are logged into are unique and bogus with no real data about me. Third the network it’s used on I has its own private DNS address. I also have a VPN set up with a spoofed location. The device itself is spoofing its own location somewhere else. It’s also not used for anything more than YouTube and surfing for the most part.
Referring to healthcare and telecommunications industries. If you’ve ever filled out a credit application for a cell phone service or filled out a intake form at a doctor’s office all of that demographic data is stored and used by many different entities including the government.
Connect to an open WiFi source at a coffee shop without a VPN then log into a website on your phone rooted or not and a guy with a $20 WiFi scanner from Amazon and a laptop can record all the passwords moving around inside the shop.
I agree you don’t have to make it easy for someone but the idea that a non rooted phone means it’s secure is laughable.
When I checked the /e/ OS on my device after flashing it it showed as rooted. What’s the deal with that anyway if unrooted is supposed to be so secure?
The rest of the support staff have said, “We give you a clean slate and the user does what they want from there with it.” That’s how it should be.
I’d rather not discuss mobile phone security with you either. My question was to Alexwander asking if he was able to get Vanced working on his device not for someone’s opinion on what they think I should or shouldn’t be doing with my own device or my personal data.
admittedly OT: @harvey186, could you explain me in what way rooting makes the phone unsecure for an IT specialist as you apparently are one?
I am just an advanced user, but I rooted every smartphone I had since 2013. In my (basic) understanding a rooted phone is just the same secure as a non-rooted phone IF you don’t grant root privileges to random apps. This makes the phone ‘relatively’ secure, depending on the user’s knowledge.
e.g. for open source projects that require root I can’t imagine a major security problem. Can you?
Thx for the flowers, but I’m also only and advanced user
With root, some advanced linux commands are ‘free’ for use by apps. For example: getting access to root / system folder with write access. So it’s simple to write an app which will manipulate your whole system, installing a keylogger or malware.
Sure, normally a app is asking for root access. But not hacking apps. They will install what the want without asking for root access.
If an app will need root access, all my alarm lights will go on. Sure, a backup app needs root access to read all partitions and folders for backup and restore. But why do a Video player need access to root ?? No, never will use such an app.
I don’t know what kind of apps with needed root your are using. But really, is here no alternative app without root access ?
Do you allow all your apps access to phone / location / address book / microfon … and so on ? No, you will restrict them.
So why allowing an app access to ALL folders/data on your phone ? But that was not your question.
One other question: Do you using Windows with the admin account ? No, always with a user account without admin rights.
Or on Linux, do you login as root ? No, always as user without root rights. How much programs do you have installed on Linux which needs running under ‘root’ account ? I think none.
https://f-droid.org/de/packages/com.amaze.filemanager/
just one example: it doesn’t need, but it offers the ability.
And since I never had a phone that ran with microG (foss) ootb, I had to install it manually, using different ways to install it and to spoof the signature.
what about apt-get? you don’t need root for that in your (linux)distro? that sounds dangerous to me. I wouldn’t want to use a distro where your packet manager doesn’t need root access to install programs. well, root access is not password protected under android, but I doubt an app can just use root access without asking for it (if it’s not anyway a preinstalled system app that therefore has root rights)
I’ve been using Invidious for a good couple of months now and apart from hiccups caused by Google trying to crack down on them, no issues. But I’m fine with not being able to comment. Not sure what you mean by the lack of featured search tool, though.
sure, it installs programs and therefore it needs (not ever) root access. But you will ask for a password.
Your example with a file manager is not good example. because it don’t need root access. It will work as good without root.
And sure, there are opensource apps wich need root for working. For example oandbackup. But regarding backup I have written everything my other post.
Sorry, don’t know what does it stands for
MicroG is nothing else as an FOSS replacement of play services (Only to clarify)
And sorry. this I also don’t understand
Oh, sure. I think you know what (bad) potential hackers have. never heard that keyloggers have been installed without the knowledge of a user on Windoofs systems ? And why should no one be able to do it on Android ? You know NSA and ‘Bundestrojaner’ and all the other trojans ??
That assumption sounds logic so you may be right. Still i assume the most successful and most used ways are the ones that work most often. And I’m sure there’s only a very small fraction of devices with enabled for access…
That’s correct. So I agree that the need for that can be discussed.
But if you look at that from a developer or tools (here file manager) side I still think it gives sense to implement a root access option to give the user the freedom to decide. This is why I don’t agree that a file manager should not offer that option.
I just want everyone to think not just 1x but 3 times about whether they need root or if there are alternatives. And if root, then forever or just for a short time, for a backup or something.
I think that many people are routing their phone without knowing why or for what. I hate it (@archie new ‘hate’ for your list ) that in many HowTo’s on XDA or other sites it says - unlock bootloader - wiping - flashing - rooting. This is crap !!
well… long story short: replacing a system app (like google play service) is not possible without root.
I assume, you never tried to install microG manually. Lucky you. I was a “poor” (maybe better call it stingy) young man, I didn’t spend a lot of money on phones. and therefore always had crappy ones, whitout lineageOS-Support, and back then “MicroG for Lineage” didn’t exist yet. On my first android phone I had to erase the bloatware in order to be able to install more than 5 apps at a time. apps2sd increased the amount of installable apps up to 20, yay! both just impossible without root.
anyway, I also researched a little about spyware (e.g. FinSpy a.k.a. Bundestrojaner). thank you @harvey186, for getting me to do that. I learned something and I think I will unroot my devices as soon as I am done with the root-dependent job (if even needed). they’d probably still get into my device, but at least they have to work a little harder. according to kaspersky.
explanation:
ootb: out of the blue. (German: “ohne weiteres Zutun”)
edit: just realized, some people also understand: out of the box. same meaning.
Good to hear that I was able to make it a little clearly.
By the way. On most devices I don’t gave installed microG (or google play service). If an app won’t work without microG I’m searching for an alternative. If there isn’t one I have to find a workaround. If there is none, OK, no Problem. I can live without.
Browsing YouTube with the Tor Network might be a good solution in the future for privacy (though the Tor Browser for Android is still in its infancy, so I gather it doesn’t yet keep people anonymous.) Also, it currently requires Orbot, but the plans for the future are to have the Tor Browser for Android run independently.
Regardless, even now, I still think it is a good option. So, to install, do the following:
Install and then open F-Droid. Select “Settings”, then tap on “Repositories”. You will see an option to enable “Guardian Project Official Releases”. Enable this.
Within F-Droid, find Orbot. Install it. Now find Tor Browser. Install it (don’t bother with TorFox or the Tor Browser alpha, the former is old and the latter, I think, is the same).
Open Orbot. Go through it’s guided set up, and turn on VPN Mode. At some point, you’ll be presented with a list of apps which you can make into “Tor-Enabled Apps”. Select “Tor Browser”. (If you’re not given this opportunity during the set up, then just click on the “Tor-Enabled Apps” menu item at the very bottom, which will present you with a list of apps which you can enable for Tor, and then select “Tor Browser”.) Start it (press the onion logo thing).
Now, fire up Tor Browser, which will take a bit of time to connect to the Tor Network. Once it does, open YouTube, and watch videos, knowing that you’ve made it harder for them to track you.
To test it, just try some site that gives you your IP address (from a quick search I found whatismyipaddress.com). Check it out and see if the site knows where you’re from. When I used the regular browser, it correctly reported the IP address and location of my device. When I used the Tor Browser, the IP address and location was completely different (it was reporting on another device within the Tor Network).
well, you’re also not able to uninstall google play services without root. (but you could use adb root I guess). Maybe you can “deactivate” them, but I don’t think so. Using an alternative OS you don’t have google play preinstalled, though.
) that in many HowTo’s on XDA or other sites it says - unlock bootloader - wiping - flashing - rooting. This is crap !!
