It would be amazing if GrapheneOS would distribute rooted versions of their OS with locked bootloader

Persistent app-accessible root greatly regresses OS security and breaks the verified boot security model. We're definitely not going to increase the number of build variants from 40 to 80 in order to provide an insecure option which would take away from efforts to properly implement features instead of doing it via hacks using apps running commands as root. If you want it you can make your own builds with it instead of us doubling the number of builds and deltas we need to make. Most of the people doing it are modifying the official builds and resigning them. Anyone who can understand the consequences of app-accessible root is capable of doing that.

	▲	allreduce 4 hours ago \| parent \| next [-]
		Are there more security disadvantages besides the obvious when giving one app like Termux root access? The obvious being that you trust Termux and all binaries running in it with total access to your system. I am mainly looking to access my filesystem. Currently a lot of things I want to do (backing up app data, scripting, mounting network drives) are hobbled by the bad wrappers around the same. I know this might be out of scope, but is there any plan to re-enable direct filesystem access in a more secure way? Even via ADB it would be useful. It just seems like madness to me that a lot of basics tasks are impossible or incredibly convoluted, because everything has to go through weird wrapper interfaces and Java/Kotlin code someone has to write (instead of just using the filesystem and OS which is right there). Thanks for the great work by the way.
	▲	flawn 4 hours ago \| parent \| prev [-]
		I get that but the core issue is not inconvenience but the fact that also doing that still locks you out of applications that many people call essential (tap2pay, banking, streaming, other various apps relying on Play Integrity). Google is actively locking down the ecosystem in that regard and it would be amazing having a company that caters to people that are savvy AND would like to still be attested for integrity tests (assuming Google would be OK with that, but as mentioned in another comment unlikely)

▲

palata 7 hours ago | parent | prev | next [-]

I don't think they will ever do that. If they want to compete with Android, they need hardware attestation [1], which requires that they get recognised as a trusted Android alternative.

If they distributed rooted versions, then banks and the likes would not be willing to trust them.

[1]: https://grapheneos.org/articles/attestation-compatibility-gu...

▲

Aachen 7 hours ago | parent | prev | next [-]

That would be as big as Signal stepping away from the phone number requirement. Sadly I've lost hope on both of these, no idea why obviously good things (I'd say pro choice if it didn't have another connotation) are always such a no-go

▲

strcat 5 hours ago | parent [-]

▲

Aachen 4 hours ago | parent [-]

Hi strcat, we had this conversation often enough that I'm starting to recognise the username. It's the same every time: Graphene argues it's dangerous, tech-savvy users want it but aren't necessarily interested in the upkeep (even if they're technically capable of making such a build), plus missing security patches (part of the point of this OS, otherwise you can use Lineage or whatever), and Graphene is under no obligation to provide anything to anyone. Same arguments today as they were from the start except now maybe the security patches' embargo time makes it even more hostile to do custom builds by power users

▲

2 hours ago | parent | next [-]

[deleted]

▲

handedness 2 hours ago | parent | prev [-]

"Every time someone makes the same unreasonable demand of you, you offer the same explanation of why their demand is unreasonable."

▲

fsflover an hour ago | parent [-]

Removing access of users to their device is not security. At least not when users do not want this.

	▲	handedness an hour ago \| parent [-]
		Your choosing to frame it that way is, at best, fraught.

▲

kevincox 7 hours ago | parent | prev [-]

Yeah, I would install this in a heartbeat. I am very close to building myself but manually updating the phone every week or two is a big effort. I could use one of the third-party OTA builds but that is extending trust much more than I need to.

▲

Aachen 7 hours ago | parent [-]

Is there an overview somewhere of stable third parties that do these builds? I might want to use one of them and didn't know this was a thing. Not having access to my own data is the only reason I haven't installed the OS yet

▲

flawn 6 hours ago | parent [-]

The problem is that even if you build this yourself, and sign it with your keys, the signature of the builds will not lead to positive hardware attestation. This, as noted by @palata, is required for passing Play Integrity Checks, and in turn is the requirement for using banking, tap2pay & co.

It's really a bummer that Google probably won't certify pre-rooted devices. It would obviously only do harm to them and not fit into the scheme of our big tech companies pushing anti-circumvention laws, but some high-spirited side inside of me still has hope.

	▲	Aachen 4 hours ago \| parent [-]
		I'm not using those. Would be cool if I could access my own data and lie to software vendors about that, but I'm not very interested in playing that game every time they release another update for the detector. I'd rather use free software and have a free device. The apps I use currently on Android have no problem with root