|
|
|
|
|
|
by strcat
773 days ago
|
|
|
This doesn't work with GrapheneOS but rather you can create a derivative of GrapheneOS without the core security model intact. Instead of a tiny core portion of the OS being trusted with root access, a massive portion of the OS is trusted with that. It's much easier for an application to compromise the OS. An attacker doesn't need exploits for privileged persistent compromise anymore but rather that's a given since the verified boot security model is no longer intact. The purpose of locking the bootloader is enabling verified boot, which is no longer intact with this approach. CalyxOS doesn't have a complete verified boot implementation for the OS like GrapheneOS and rolls back the standard security model a fair bit, but doing this rolls it back far more. You cannot have your cake and eat it too in this case. If you want modifications to the OS, you should use the official build instructions and avoid replacing the core of the OS with a rootkit trusting a massive portion of the OS to give out root access and trusting persistent state with root access. |
|
|
There will always be a subset of users who prioritize functionality over security. This includes anyone who would root an Android device (and anyone who would use a desktop computer running most distributions of Linux, macOS, or Windows).
I'll be glad to reconsider using root on Android if all of the functions of App Manager's "block trackers" feature[1] and Basic Call Recorder[2] were available on Android without root.
[1] App Manager: https://github.com/MuntashirAkon/AppManager
[2] BCR (Basic Call Recorder): https://github.com/chenxiaolong/BCR