| ▲ | kevincox 9 hours ago |
| Yeah, this is the deal breaker for me as well. The fact that I own my device is non-negotiable. It is the reason I left the stock OS and I'm not going back. The idea that I can't access my own files if an app doesn't explicitly give me access is wild to me. I understand there are security risks of a root permission but it is important to have that fallback when you need it and the existing permissions aren't sufficient. |
|
| ▲ | thot_experiment 9 hours ago | parent | next [-] |
| The "access your own files" thing is so insane! Hard to describe my feelings [negative] when I found out that all of my voice notes were in the voice recorder and the easiest way to get them out was to manually send each one to myself over discord. Google helpfully mentions that you can just "download them through google takeout" and doesn't leave any option for people who don't just give all their personal data to google. |
| |
| ▲ | MSFT_Edging 6 hours ago | parent [-] | | I use a FOSS voice recorder app from F-Droid. It's just called "Voice Recorder" with an orange icon. It does exactly what it says, records audio from your microphone, lets you play them back. They're just files on the device. Anytime I need a "simple" utility, I check f-droid first to get the one-trick-pony app over spyware from the play store. Other utilities I use are:
WorkTimer: pomodoro app
DiskUsage: self explanatory
Http Request Shortcuts: setup home screen app shortcuts that run http requests |
|
|
| ▲ | strcat 5 hours ago | parent | prev | next [-] |
| LineageOS also discourages and doesn't support replacing the core of the OS with a rootkit providing persistent app accessible root. GrapheneOS is no different from LineageOS in that regard. People do this with GrapheneOS regardless of our strong recommendation not do it. Our reasons for discouraging it aren't vague. It very directly harms the security model and is not a good approach to implementing any of the features hacked together through it. Those features should be properly implemented to fit within the overall approach taken by GrapheneOS. Giving root access to a huge portion of the OS harms security even if you never use the feature. It does not mean you can't do it, we only recommend you don't. |
| |
| ▲ | kevincox 5 hours ago | parent [-] | | LineageOS provides ADB root access in stock builds. Sure, it isn't as convenient as some su apps but at least I can use ADB to access every file on the device. It probably also improves the attack surface compared to a su app. > It very directly harms the security model What do you mean by this? You mean that it is a "god permission" that bypasses other permissions? If so then yes, with great power comes great responsibility and it shouldn't be used lightly. > and is not a good approach to implementing any of the features hacked together through it. Maybe not, but is there an alternative? What is your recommended way to access all files of any app? This is my primary use case. Modification would also be valuable but I would be ok with read-only access. > Giving root access to a huge portion of the OS harms security even if you never use the feature. Can you explain why root access must be given to a huge portion of the OS? Why can't it be limited to specific apps or features (like ADB shell)? > It does not mean you can't do it, we only recommend you don't. Of course. It is your right to recommend whatever you want :) |
|
|
| ▲ | rudhdb773b 8 hours ago | parent | prev | next [-] |
| It's pretty easy to make your own `userdebug` build of GrapheneOS using their official build instructions That's what I do to get `adb root` and full file system access. |
|
| ▲ | palata 7 hours ago | parent | prev | next [-] |
| > [I want root,] The fact that I own my device is non-negotiable. I read that a lot, and I agree that I want to own my device. But that does not mean that I should have root access on the OS I choose to install on it. Owning my device means that I should be able to install whatever OS I want. It does not mean at all that OS developers must do whatever I tell you to do. |
| |
| ▲ | kevincox 7 hours ago | parent [-] | | Yes, that is why it is a deal breaker. I'll choose to run a different OS. I didn't say that GrapheneOS must support root. Just that I won't run it if they don't. | | |
| ▲ | palata 6 hours ago | parent | next [-] | | And I'm fine with you wanting root on the device you own. But you were implying that not having root means that you don't own your device. I disagree with that. You can totally own your device and not be root. I think it is important, because I read a lot of comments that imply that "owning their device" means "owning the developers". And that's a wrong fight. The real fight is that it should be illegal to prevent me from installing my preferred OS on a general-purpose computer. | | |
| ▲ | kevincox 6 hours ago | parent [-] | | Fair enough. Owning means having a choice. The unlockable bootloader enables that. But for me the choice of OS will be one that lets me access all files on the device should I need to. |
| |
| ▲ | galangalalgol 6 hours ago | parent | prev [-] | | What should that support look like? Maybe have a userdebug build already built and available? I don't include a root account on hardened container images for some of the same reasons they cite. So including it for everyone and creating a way to activate it is suboptimal for people who don't want that trade off. A parallel build pipeline seems the most reasonable to me? | | |
| ▲ | kevincox 6 hours ago | parent [-] | | Yeah, I would be fine with a different build stream. I do think it could be sufficiently secure in a single stream but it will always be increased attack surface so the safest option is to do separate builds. I also don't include a root account in my container images, but you probably have a root account on the sever that runs them in case you need to debug something. But you can probably also build and deploy a new container. At the end of the day you almost always want some last-resort way to access the data stored in case something goes very wrong. Whether that is for backups, "hostile" data export or for other reasons it is important to me. | | |
| ▲ | galangalalgol 5 hours ago | parent [-] | | I don't actually. Devs don't get root at my employer. Even on a vm. I have rootless podman, and can be root in a container. Even our gitlab instances don't have any privileged runners. So kaneko etc. |
|
|
|
|
|
| ▲ | stavros 8 hours ago | parent | prev [-] |
| Hm, what do you mean? What app has to let you access your files? Is this Graphene-specific? |
| |
| ▲ | strcat 5 hours ago | parent | next [-] | | There's nothing GrapheneOS-specific about it and it doesn't prevent rooting. LineageOS doesn't officially support it any more than GrapheneOS does. It doesn't stop people doing it for either. Our recommendations aren't law. | |
| ▲ | kevincox 8 hours ago | parent | prev [-] | | Any files created by apps in their main data directories are inaccessible on most distributions of Android (I think it is actually required to be Google certified). The exception is apps that go out of their way to store files in user accessible directories or provide a feature to export or share data out of the app. By rooting your device you can access the app data directories as you wish. | | |
| ▲ | stavros 8 hours ago | parent [-] | | Ah, you mean /data/data, I see, thanks. I forgot as I've usually had rooted devices (until they stopped Google Pay working). |
|
|
