[mpartel]

If a significant number of Android security breaches indeed happen through misleading a user into unlocking their bootloader, that would be a convincing statistic to me.

But I'm under the impression that that is exceedingly rare and that Android has many way more pressing security concerns (e.g. the lack of driver security updates to even slightly old devices).

[raesene9]

Access to root on the device is the pre-requisite of a lot of attacks, and this presents risks.

https://www.kaspersky.com/blog/android-root-faq/17135/

Also the control which allows users to install sofware from different sources, leads in many cases to them installing malware masquerading as "free games" or similar.

Android malware is a much larger problem than malware in the more controlled iOS world.

so to me that's a real trade off. you have control of your device and the ability to install software from more locations, however your security risks increase.

For some people that risk will be entirely justifiable, for others, it makes sense to have an option of a more locked down environment.

Personally I like Linux for servers (I have control/responsibility) but for my smartphone I use iOS as it's easier to secure and I don't really want to use that device for "proper" computing.

[mpartel]

That's fair, and those numbers for rooting are a bit higher than I expected. There's the caveat that rooting and complete OS replacement are somewhat different topics, but those stats are still relevant.

So clearly there's a significant demand (some of which I'm inclined to believe is very legitimate), and clearly there are significant dangers.

I guess in the end it comes down to the eternal debate of freedom vs safety. I find it very hard to side with the stance of protecting people from their own stupidity, beyond giving stern warnings. It feels sort of like giving up on cultural progress in humanity :/

And I think we could still do much more to mitigate this attack vector (Big flashy red lights with "probably a bad idea" in all-caps? Adding more fine-grained permissions so root is needed less?) before ceding yet more control to powerful organizations who are already, somehow, in a position to tax 30% of all software and IAP sales on most devices and reject apps that don't align with their interests.