| |
| ▲ | tholdem 2 days ago | parent | next [-] | | This just doesn't work the way you think, this mentality is not just outdated, but dangerous. People who think like that are more subject to "low IQ" attacks than people who accept the fact they are subject to the same "low IQ" attacks that work on everybody. You are overly confident. You can't be 100% alert and suspicious 24/7, around the clock. At some point you are tired, your attention is elsewhere or you are just not up-to-date on the latest techniques that attackers combine with some form of social engineering. Also no matter how technical you are, it's almost impossible for you to detect zero-click 0days for which you are more vulnerable to than people without root privileges. You running rooted OS actually become easier and less costly target than people without rooted OS. | | |
| ▲ | yjftsjthsd-h a day ago | parent | next [-] | | > Also no matter how technical you are, it's almost impossible for you to detect zero-click 0days for which you are more vulnerable to than people without root privileges. You running rooted OS actually become easier and less costly target than people without rooted OS. I doubt that user-controlled root access is a significant variable in the face of zero-days; LineageOS+Magisk is more likely to resist attack than vendor ROMs that are lagging security updates by months. | |
| ▲ | oneshtein 2 days ago | parent | prev [-] | | There are technical solutions for this problem, which are banned or delayed by GooGle. |
| |
| ▲ | charcircuit 3 days ago | parent | prev | next [-] | | This kind of mentality is why malware became such a big issue on Windows. It turned out ignoring security and just relying on the user to not be stupid doesn't work. That mistake shouldn't be made again and there is no reason to artificially restrict the audience of an OS to people who don't have "low IQ." | | |
| ▲ | oneshtein 2 days ago | parent [-] | | So, your proposition is to remove their ability to install antivirus software, like Google does in Android? Users know about this problem and know how to mitigate it. Get out of my way, please. | | |
| ▲ | Scrubbed4426 a day ago | parent [-] | | No, the goal is to move to a system that doesn't rely on badness enumeration (antivirus) as a primary defense. You can rely on the app sandbox and the security model of the system to keep it in check. Antivirus scanners are essentially useless on modern mobile OSes because they are limited to accessing the same things a malicious app or file would be. | | |
| ▲ | oneshtein a day ago | parent [-] | | Yeah, I have few bricked devices which reached the your goal. No, I cannot rely on the app sandbox. If someone else controls a device, then this device can be used against me. Your antivirus, scanner or not, is useless on your device for you. My antivirus on my device is useful for me. It works fine on GrapheneOS (Pixel 6), but banned by Google on Pixel 5, which is not supported by Google with security updates. WTF? |
|
|
| |
| ▲ | strcat a day ago | parent | prev [-] | | GrapheneOS is very easy to install via https://grapheneos.org/install/web and many non-technical people do it. It's also sold preinstalled on devices. It's very easy to use and not much harder than using regular Android. People often find it to be easier than using a very complex Android UI such as what Samsung typically makes. Providing app-accessible root compromises the security of the OS even for people not using it since it provides root access to a substantial portion of the OS and provides a way to maintain persistent root access for an attacker. A quick tapjacking vulnerability exploit is all that's required to gain full control over the device with no way to detect or eliminate it. The attacker has root so they control all the user interfaces, etc. and can hide it. They can hide what happened and block an attempt at revoking it. The idea that it only impacts people negatively if they use it poorly is wrong. Using it at all is using it poorly anyway, since the right way to implement anything is not giving root access to an application. App-accessible root access is used as an insecure shortcut to implement features without proper security models where components are given the privileges they need to function and are split up to reduce attack surface. For example, in Android, there's an isolated netd process with CAP_NET_ADMIN for configuring the network but it can't load eBPF programs itself, only bpfloader which it only does via predefined programs. This avoids a compromise of netd being able to compromise the kernel via eBPF. Similarly, a VPN service app providing features like local filtering and/or an actual VPN does not have CAP_NET_ADMIN or other highly privileged access. User interfaces in the OS configuring firewall functionality and other network configuration do it via netd. A common use of app-accessible root is giving root access to a GUI application to manage firewall rules directly rather than having a tiny privileged component doing it and then the GUI only being given the privilege of configuring rules through that in a structured way. Principle of least privilege, isolation, etc. are basic security concepts violated by this whole approach. Giving the user root access is not the same as giving apps root access. The user having a root access shell is not nearly as harmful as having apps able to request it. Apps can and will coerce users into doing things they shouldn't. Root access is inherently not required by someone like a firewall configuration GUI and not the right way for the implementation to be made. That's an example of an insecure implementation leading people to believe it requires giving broad root access to the OS and the app when it's not needed by a well written implementation. It's similar to apps demanding a permission like Contacts and refusing to work without it despite it not being required, which is why GrapheneOS provides Contact Scopes and similar features for overruling the demands from the apps. App accessible root access goes against the Android and GrapheneOS privacy and security approach to an extreme. | | |
| ▲ | oneshtein 2 hours ago | parent [-] | | I have Pixel 6 with Graphene and Pixel 5 with stock OS. Also, I have an old ZTE Nubia, which still works. None of them was rooted. Nubia was hacked remotely. It received no updates for years, so it was an easy target. I unlocked Nubia and plan to install LineAge OS to it when my Pixel 5 will die. Pixel 5 was hacked from close distance via WiFi or BT. Pixel 6 with Graphene is not hacked yet. Lack of root doesn't protect me. However, I use SafeDot to monitor phone access to microphone, camera, GPS, so I'm alerted when it starts to beep, which creates problems for spies, so SafeDot is banned by Google at request of СІА. I cannot fix this, because Google controls my phone instead of me. SafeDot still works on Pixel6 GrapheneOS with warning notification about it «unsafety» though. |
|
|
