I have been looking into de-googled android forks, such as /e/ OS, LineageOS, GrapheneOS, and CalyxOS. It appears none of these comes with root access by default. I read from the CyanogenMod Wikipedia entry that it came with root access, but the project is discontinued.
Is there any Android fork that comes with root access by default? It seems very strange to me that I haven’t found anything popular that offers this.
I think it can be understood if we think of it from the perspective of Google&co who created Android in the first place. Their goal was to have a system where they control the device. They were never interested in putting the user in control. With that starting point, I think it makes sense to design the whole system based on the premise that the manufacturer has root access while the user does not.
Hey, I thought life without root was unlivable and restrictive. I see the appeal of root, the perception of freedom and ability to make customisations is very appealing. I completely understand how you feel. However, as someone who’s been very used to root for a long time and gave it up, I urge you very strongly to reconsider what you really want. An Android ROM such as GrapheneOS can prove rather secure and comfortable without root and while maintaining a locked bootloader, you don’t want to give this up. As someone who had to give up beautiful, consistent theming and lots of nice mods to use GrapheneOS, I was worried that giving up root (and even developer options, which must remain disabled for security purposes) would make me some sort of security puritan or feel like some sort of weird diet, perhaps even emasculating. A day after giving up root and installing GrapheneOS and I felt absolutely great, no regrets. I was shocked to realise how little I lost when giving up all of my root “freedoms” and modifications. I have no doubt you’ll have a similar experience. Please, stick with something like CalyxOS or GrapheneOS.
Also, many ROMs have supported first-party root addons, it makes more sense to allow root an optional extra rather than have it included in the base install and have people need to manually disable or properly remove it. Think about what it would mean for OTAs…
I understand why some people might not want it. If they just want to give up control over their devices completely because they don’t have any knowledge/interest in tinkering with their technology or because they don’t trust themselves to avoid sketchy websites, etc.
It doesn’t make sense to me when people say that there is never a person or situation that should have root control on a phone. It makes me think of Stockholm syndrome: because we have no choice about mobile operating systems ever giving complete control to the owner of the device, we just learn to love the safety that our captors provide.
As User you do not need root for your usage. As Admin you need to be root. But you can use adb too.
Likely if an App will have root privileges, you have to fully trust that software and that it have no security bugs. However, it is better to have firewalls running wither user rights as vpn, for example. Then 3erd Party Software with ring 0 or ring -1.
No its not about never. I can have it with adb, developer Options from my Computer or by adding Magisk.
Like on Windows, its just stupid to use your Computer as Admin or on Linux as root.
However i understand why you want to have that possibility.
None, Linux is not secure at all. Linux is terribly insecure. A rooted android device may well actually be more secure than a Linux installation. From my perspective, you seem to set the bar low and fail to appreciate the extent to which our current computing systems are insecure.
When you use the full User-Stack with Desktop… yes you are right. But you can use embedded Linux with minimal features and software. This will reduce the security issues to some minimal lines of Code. Why i like Librem5.
Yes right now you are right. Android AOSP have much more years of Progress, and security fixes and Bug bounties.
However since 2003 Google change their view on Userdata, like Microsoft with Version 10. It is highly probable that this company grep still some, to sell it from the sdk or api, used in the first place, to develop software.
But, why is Linux insecure? First, are you talking about the kernel, or all the distros based on Linux? Or more to the point, why is, say, Debian server with only SSH access, no root logins and key-based authentication insecure?
Thats quite a bold statement there. Which is coming from somebody who is recommending using stock android. By definition a non-rooted android device is insecure as manufacturers don’t release any security updates after a year (or 2 years max). So by not rooting a device you are guaranteeing it to be it insecure after that time.
On top of that, even if a device gets updates, you are still at the mercy of the device manufacturer, and even some of them claim to include certain security patches without really doing it. There is a wired article about this subject: https://www.wired.com/story/android-phones-hide-missed-security-updates-from-you/
Also by claiming Linux is terribly insecure you are talking about the kernel and not about a specific distro. Android kernel is based on which kernel?.. yeah Linux Kernel which is supposed to be terribly insecure. I’d love hear what Mr. Torvalds has to say about that.
Well, you’d be completely right if what you were referring to had much to do with root! What you’ve laid out is an excellent argument for switching to an alternative, non-stock operating system like LineageOS when updates and support for the stock OS die. You may be equivocating having a bootloader unlocked with having root.
Even so, lets consider that argument as an argument for unlocking the bootloader and installing Lineage or similar. In the case of Lineage, Lineage backports android updates (including security updates) and changes to support already obsolete systems such as the Pixel 2, although the situation in terms of security guarantees on that platform is not optimal. It’s also an open source project. So in a sense, you’d have a point… What you neglect to realise is that GrapheneOS managns this better and with all sorts of hardening and security improvements. It manages this while keeping the bootloader locked after installation! No need for root either, in fact, its explicitly discouraged.
Even forgetting this, it depends on the context and what kind of security you’re looking for! If you want to use an old device as an airgapped portable cold wallet, you’d be without a doubt safer with a severely outdated base android OS than leaving the bootloader unlocked for reasons relating to what could happen if an attacker gets physical access to the device. In other contexts, you may be far better off with the modern exploit protections of a newer base OS and without a locked bootloader.
As for root itself, not only would the root installation itself create attack surface for serious exploitation, but granting a malicious application root by accident, or even intentionally giving an application that is innocent but vulnerable to exploitation root rights would be catastrophic. Not to mention the increased complexity in auditing the state of a system when the system partition has been modified…
GNU/Linux is insecure on so many levels, the kernel is the very beginning of ones worries. Compare the security properties of the design of android with any modern linux distribution and you’ll notice that Linux distributions are extremely prone to exploitation and have far weaker security features. Simply executing a malicious binary as a regular user could make any assumption of security disappear in a flash, think about the implications of the lack of sandboxing in this context and the discretionary access control model. This is just one simple example.
No. Magisk, just reed in Wikipedia about it - Rooting (Android), is about that. Some Phone sellers will give you a Device and you can install a ROM, have Root with the legal encrypted Filesysteme (with Pass-Phrase), and you can use Magisk to gain root access for maintaining without access to user Files too.
With root you can have booth, power and observation for the users. But right now on android, you don’t need to. You can have full Hardware Control without breaking the users seal for private data.