| ▲ | nunez 8 days ago | |||||||||||||||||||||||||||||||||||||
As someone who roots single-purpose Android devices, this is one of those things that sucks big-time but makes total sense. The only reason one would unlock a bootloader is to root the system partition. It is impossible to protect data on rooted phones and makes data exfiltration attacks significantly easier to do. This is a huge problem for banking and music apps that absolutely rely on this capability. Samsung is, by far, the biggest seller of Android phones in the US. (I think Xiaomi is the biggest globally), so they are under much more pressure to clamp down on this. That said, rooting Samsung devices has been a worthless pursuit for a long time. Doing so irreversibly (via eFuse) disables KNOX, which prevents DeX and Samsung Health from working. It also trips SafetyNet, which disables a whole suite of key apps (banking apps and Apple Music don't work; not sure about Spotify). There's a Magisk module that uses well-known device IDs to work around these, but these only work temporaily. Many people have also reported issues with the camera (a popular reason for buying Samsungs in the first place), and you no longer get OTA updates. I believe you also get degraded camera performance if you flash another ROM since the device module is closed-source and relies on One UI to work. This is before considering that stock ROMs have gotten really good over the years (especially Samsung's), and many of the reasons why we had to root have mostly gone away. You can work around this by buying a Pixel for now, but I think we're a few years away from bootloader unlocking going away entirely. That said, I stll root Android devices that will only serve a single-purpose, like my BOOX eBook readers that I use Firefox on. This lets me run AFWall so that I can block network traffic for everything except Firefox (and a few other apps). However, I won't be logging into my Google account on them, and they aren't ever going to run banking apps or anything like that. | ||||||||||||||||||||||||||||||||||||||
| ▲ | wackget 8 days ago | parent | next [-] | |||||||||||||||||||||||||||||||||||||
My response would be it doesn't make any sense. There are so many reasons why blocking rooting is a stupid idea. Just some of them: - If you're capable of rooting a device then you're capable of understanding the risks which come with doing so. - The number of users who root their devices will always be so comparitively tiny that the increased risk of data exfil is incredibly small. Also, similarly to above, if you're technical enough to root your device then you're probably not regularly putting yourself at risk by downloading shady apps etc. anyway. - Rather than decreasing security, rooting allows you to enhance the security of your device by installing lower-level tools and, most importantly, removing all the bloatware crap which comes on most phones. This reduces the surface area of attack. Let's be honest and admit that the only reason to prevent users from rooting their phones is to protect companies' profits by ensuring users can't fight back against the blatant tracking, data mining, and analytics capture which is so valuable to companies. | ||||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||||||
| ▲ | throwaway39381 8 days ago | parent | prev | next [-] | |||||||||||||||||||||||||||||||||||||
> This is a huge problem for banking and music apps that absolutely rely on this capability. In the case of banking, unlocking the bootloader usually requires a full device reset and leaves a very obvious message when you boot up the phone—you can't grab someone's locked device, root it, and grab their financial data just like that. As for music apps and other apps that download copyrighted content to the user's device, leaving the moral aspects of stripping the user of control of files on their own device aside, preventing their use on rooted devices just loses them users since - Those are by no means essential apps - If you know how to root your phone, you probably know how how to pirate media as well - People can just use computers to exfiltrate copyrighted media instead since most of those apps have PC versions It "doesn't make total sense", it never has. It's just a kneejerk reaction that conveniently aligns with stripping the user of control. | ||||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||||||
| ▲ | Arch-TK 8 days ago | parent | prev | next [-] | |||||||||||||||||||||||||||||||||||||
> The only reason one would unlock a bootloader is to root the system partition. It is impossible to protect data on rooted phones and makes data exfiltration attacks significantly easier to do. What are you smoking? The only reason I've ever unlocked a bootloader has been to replace the OS with a different one. And it had nothing to do with rooting. I have no interest in having a rooted phone on my person at all times. But I have full interest in having GrapheneOS protecting me, among many other things, from opportunistic government spying. | ||||||||||||||||||||||||||||||||||||||
| ▲ | dlcarrier 8 days ago | parent | prev | next [-] | |||||||||||||||||||||||||||||||||||||
I had submitted a vulnerability report, because the option to require a password could be turned off without a password, and their response was that it works as expected, because they only require a PIN and providing a password is optional. That isn't to say that I have the option to make my account require passwords, it's that providing a password isn't needed, but I have the option of providing one anyway. With only the PIN requirement, and four attempts before a lockout, a security vulnerability in the OS immediately becomes a 1 in 250 chance they'll have full access to may bank account, if I have a truly random PIN, or a 1 in 5 chance, if I have one of the four most common PINs and it always tries those. All that without having to wait to capture me logging in. Also, Google explicitly states that the phones storage should not be used for sensitive data. | ||||||||||||||||||||||||||||||||||||||
| ▲ | ranger207 8 days ago | parent | prev | next [-] | |||||||||||||||||||||||||||||||||||||
> It is impossible to protect data on rooted phones What makes securing rooted phones different from securing rooted PCs? | ||||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||||||
| ▲ | palata 8 days ago | parent | prev | next [-] | |||||||||||||||||||||||||||||||||||||
> The only reason one would unlock a bootloader is to root the system partition. This couldn't be more wrong. You need to unlock the bootloader if you want to install an alternative OS. Which is a completely valid use-case. | ||||||||||||||||||||||||||||||||||||||
| ▲ | sva_ 8 days ago | parent | prev | next [-] | |||||||||||||||||||||||||||||||||||||
> music apps It is so silly though. Someone who knows how to root a phone can probably also figure out how to download songs from Spotify (librespot wink wink.) | ||||||||||||||||||||||||||||||||||||||
| ▲ | anonymousiam 8 days ago | parent | prev | next [-] | |||||||||||||||||||||||||||||||||||||
I'm not sure if this is true, or for how long it has been true. I rooted my company phone (Samsung Galaxy S4), removed the crapware, and un-rooted it so that it could join the corporate network. This was a long time ago. | ||||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||||||
| ▲ | prmoustache 7 days ago | parent | prev | next [-] | |||||||||||||||||||||||||||||||||||||
Banking app do not need to protect data, they are just websites really. | ||||||||||||||||||||||||||||||||||||||
| ▲ | causality0 8 days ago | parent | prev [-] | |||||||||||||||||||||||||||||||||||||
My S24 Ultra is unlocked and rooted and I use DeX every day. | ||||||||||||||||||||||||||||||||||||||