LineageOS also discourages and doesn't support replacing the core of the OS with a rootkit providing persistent app accessible root. GrapheneOS is no different from LineageOS in that regard. People do this with GrapheneOS regardless of our strong recommendation not do it. Our reasons for discouraging it aren't vague. It very directly harms the security model and is not a good approach to implementing any of the features hacked together through it. Those features should be properly implemented to fit within the overall approach taken by GrapheneOS. Giving root access to a huge portion of the OS harms security even if you never use the feature. It does not mean you can't do it, we only recommend you don't.

LineageOS provides ADB root access in stock builds. Sure, it isn't as convenient as some su apps but at least I can use ADB to access every file on the device. It probably also improves the attack surface compared to a su app.

> It very directly harms the security model

What do you mean by this? You mean that it is a "god permission" that bypasses other permissions? If so then yes, with great power comes great responsibility and it shouldn't be used lightly.

> and is not a good approach to implementing any of the features hacked together through it.

Maybe not, but is there an alternative? What is your recommended way to access all files of any app? This is my primary use case. Modification would also be valuable but I would be ok with read-only access.

> Giving root access to a huge portion of the OS harms security even if you never use the feature.

Can you explain why root access must be given to a huge portion of the OS? Why can't it be limited to specific apps or features (like ADB shell)?

> It does not mean you can't do it, we only recommend you don't.

Of course. It is your right to recommend whatever you want :)