Pros and cons of rooting

[EskeRahn 5,399]

(split from another thread)

19 hours ago, VaZso said:

Unfortunately, I don't have permission to reach this directory without root.

(That is one reason I hate Android and its scheme of you device is not yours. I HATE IT!)

I have a hard time finding the logic here. If you want the free access to do as you please, you can just root it.

The whole point of NOT rooting is precisely to make sure the user do not have the rights to accidentally make something that messes things up.
If you want to be in complete control, then root.

Yes there are apps that won't work rooted, for security reason. Typically apps like bank-apps. If you disagree with them requiring the device to be locked&certified, it is a matter to take up with the app-maker,  Not Android in it self.

[VaZso 1,997]

2 hours ago, EskeRahn said:

I have a hard time finding the logic here. If you want the free access to do as you please, you can just root it.

Basically the problem with rooting is what you wrote above.
There are apps which I should use and they handle everybody as billions of flies.

I understand the reasons behind this but I don't agree with them - I understand it is not simple, but that way a web browser on any machine is a very similar "security risk", so do remove all permissions from users on every machines as they don't need it (NO!).
...and there is a continuous fight between those who root their devices and others who don't allow to have full control over your device and on the top of this side is Google.

...and as I read here, if I would root my device, even official updates will fail, so that is not a valid option.

It is hard to like such things if you get used to have full control over your devices which means you can do several things including bug searching, repairs, hardware testing, hardware developing, etc.

I also don't use my PC as root user, but I have root access to do configurations or grant access for my local user to reach specific hardware devices, etc.
The historical way of handling Administrator users on Windows caused a lot of problems and they found strange hacks instead of proper solutions, however, the proper solution (a correct permission handling system) is there since NT, just the historical reason leaded to an improper use by users and I think basically the roots of Android-style permission handling comes from here, but it should not be an ultimate solution.

So basically I hate the idea behind these restrictions and I also hate Android-style "multitasking" and I also hate Android-style task handling.
Also, I hate I can not simply ssh to my phone _and_ reach my photos and data, or at least I have not found a proper solution for this yet (shame I use my mail client to transfer files between my phone and my PC, I also heard others use Telegram for the same purpose. Shame.).
No, I don't want to use automatic synchronization to Google cloud.
I also hate it basically uses a strange username (which cannot be modified), so under Termux, I always have to give another username to login one of my other machines (maybe it can be given by an environment variable but it is not seems to be a very good solution).

I also thought I may use my phone to upload my program to a microcontroller on the field, communicate over virtual serial ports (like ttyUSB or ttyACM devices) - so looking at error log or also sending data -, but it is not as simple because of Android.

However, that is why I think Sailfish OS would be a much better OS for me but the lack of Android app support may lead that it isn't, unfortunately.
I would happily pay them for a fully supported system anyway.

I still feel the best OS I have ever used on a phone was Maemo, R.I.P.

So these are not the fault of Pro1 or F(x)tec but Android itself - restrictions are not good because they also disables the ability to use your device for your own purpose or even for work.

Edited June 13, 2020 by VaZso

[Rob. S. 1,634]

10 hours ago, EskeRahn said:

I have a hard time finding the logic here. If you want the free access to do as you please, you can just root it.

The whole point of NOT rooting is precisely to make sure the user do not have the rights to accidentally make something that messes things up.
If you want to be in complete control, then root.

Yes there are apps that won't work rooted, for security reason. Typically apps like bank-apps. If you disagree with them requiring the device to be locked&certified, it is a matter to take up with the app-maker,  Not Android in it self.

I beg to differ 😉 

Android wasn't really designed to be rooted by the user, and if it can be in a device, it's by no obvious or openly available means. Means which neither Android itself nor the device's manufacturer openly provided. Some devices are not rootable at all, like the Priv.

Properly done, root access would have been implemented like other operating systems do, as temporarily elevated privileges with no need to put the whole device in a permanent state of being unsafe. The fact that it wasn't done like that can only be attributed to Android as the operating system, and its designers – the more so as the underlying Linux could have given them everything they'd need to do it right...

[EskeRahn 5,399]

8 hours ago, VaZso said:

.
.
So these are not the fault of Pro1 or F(x)tec but Android itself - restrictions are not good because they also disables the ability to use your device for your own purpose or even for work.

I agree in principle that rooting should not block OTA updates - I was unaware that it did. But my GUESS for the reason behind that is that for a non-rooted device it is much easier to know the state of things, and this simplify updates quite a bit.

For the other root-related issues, I still say that it is an app-thing not an OS-thing, so they are not to blame as such. Though they by certification and SafetyNet offers a frame for the apps to check the base they are working on.
If an app has nothing to loose by you being rooted I doubt that many will require that your device is non-rooted - that would just be loosing users.

But it do make sense for say a bank-app especially in countries with a very consumer-oriented legislation on internet-actions. E.g. in Denmark (and I think it is a wider EU thing) it is the bank and not the consumer that has the risk of fraudulent activities on your account, unless they can prove you can be blamed by gross negligence, e.g. by giving your pin-code away.

Similar some streaming services like Netflix wants to try to assure that only the paying person is using the account. Which make a lot of sense for their business.

Obviously in theory (and if the legislation allows it) both could offer a variant of their product where you as a user took the legal risk of any misuse, and this could be offered without requirement of the security of the platform.

 

For file-transfer MTP can do a lot - though obviously not all files. I modified some code by Christopher Greer to allow to do incremental backups of the MTP exposed stuff, that typically includes the voluminous parts of the content on the device (Images, videos, audio) see this. Works great in combination with backup software where you can deselect these parts, as the backup programs I\m aware of only do total, bot incremental backups.

[EskeRahn 5,399]

4 minutes ago, Rob. S. said:

I beg to differ 😉 

Android wasn't really designed to be rooted by the user, and if it can be in a device, it's by no obvious or openly available means. Means which neither Android itself nor the device's manufacturer openly provided. Some devices are not rootable at all, like the Priv.

Properly done, root access would have been implemented like other operating systems do, as temporarily elevated privileges with no need to put the whole device in a permanent state of being unsafe. The fact that it wasn't done like that can only be attributed to Android as the operating system, and its designers – the more so as the underlying Linux could have given them everything they'd need to do it right...

Well it is possible to work from a third state between what we have as un-rooted and fully rooted.
Giving us the flexibilities of rooting temporarily, without the permanent risk of working rooted.
But seen from an app-perspective it is still an insecure platform, as they (obviously) have no idea what we did while we worked with high privileges.

 

It is the old story of where we want to be in the spectrum of in the safety in jail in one end and total anarchy without restrictions in the other.

I doubt that there will be any place in that spectrum that fits all. Quite a lot of people seems happy in their self exposed iJail. Other shun this and want total freedom by rooting.

I'm not to say either is wrong - to each their own.

 

BB Priv is an example of BB trying to make a more safe ( / less insecure) Android device, and the cost of that increased safety is less freedom.

SURE they could have opened up and let people flash whatever they want on their devices (like Fxtec does).
BUT I understand why they did not do that!
When something goes wrong on a device, it s often the device that gets the blame, and that is (for BB was) a risk for their image, if they want to claim to be a safe platform.
Sure they could offer it NOW, with no hardware brand-value to loose / but that is another story.

[VaZso 1,997]

1 hour ago, EskeRahn said:

For the other root-related issues, I still say that it is an app-thing not an OS-thing, so they are not to blame as such.

...but OS owns the infrastructure and it is what was designed this way.

Also. I don't really understand why they did not implement Linux permission system on user level as Android runs under Linux itself but on a higher layer.

1 hour ago, EskeRahn said:

I agree in principle that rooting should not block OTA updates - I was unaware that it did. But my GUESS for the reason behind that is that for a non-rooted device it is much easier to know the state of things, and this simplify updates quite a bit.

Under Linux, updates are perfectly handled by a proper package manager - it can be done well and it is an OS thing.

1 hour ago, EskeRahn said:

But it do make sense for say a bank-app especially in countries with a very consumer-oriented legislation on internet-actions. E.g. in Denmark (and I think it is a wider EU thing) it is the bank and not the consumer that has the risk of fraudulent activities on your account, unless they can prove you can be blamed by gross negligence, e.g. by giving your pin-code away.

I can login to a bank account on my machine where I have root privileges.
If they follow the same thinking, they will not allow to access them running under Linux if you have access to root account or Windows if you have access to Administrator privileges on that computer. Maybe macOS would be perfect for them as you may not really have access to the base system, as far as I know.

So this road leads far away and basically not user is what they want to "protect".

1 hour ago, EskeRahn said:

For file-transfer MTP can do a lot - though obviously not all files.

Yes, but for access, I need to use a cable and also it is not a really fast protocol.
Basically Mass Storage mode was a much, much better solution, however, it was crossed through by Microsoft by gathering money on every Android hardware because of outdated FAT filesystem.

Also, they chose not to use a modern filesystem and write appropriate user driver for Windows (as Linux, so basically also Android supports a lot of filesystems, but they are not necessarily enabled under Android), so they designed this MTP thing instead, which would be better it it was non-existent.

1 hour ago, EskeRahn said:

Well it is possible to work from a third state between what we have as un-rooted and fully rooted.
Giving us the flexibilities of rooting temporarily, without the permanent risk of working rooted.

I really don't understand why it was designed this way under Android.
It remembers me of Windows UAC solution, with permission elevation basically disabled.
UAC is not the right solution. Administrator / root should be a different account, used for deep access, but applications should not be run under root in normal circumstances.

1 hour ago, EskeRahn said:

But seen from an app-perspective it is still an insecure platform, as they (obviously) have no idea what we did while we worked with high privileges.

...but it leads to a restricted OS which Android and macOS is.
The rooting of Android is basically a hack and not an official solution.
Also, an OS will not be automatically insecure platform if you have root / Administrator access.
However, it is true that a user of r=1 category should not use this high privilege.

1 hour ago, EskeRahn said:

It is the old story of where we want to be in the spectrum of in the safety in jail in one end and total anarchy without restrictions in the other.

I doubt that there will be any place in that spectrum that fits all. Quite a lot of people seems happy in their self exposed iJail. Other shun this and want total freedom by rooting.

Yes, but OS implementation exposes all users to jail and handles it as an absolutely normal behaviour.
...and Android wants to serve only this part of the spectrum. So the problem is not that users are happy behind a jail, but the lack of options for others.

Sorry for this long reply.

[EskeRahn 5,399]

42 minutes ago, VaZso said:

..and Android wants to serve only this part of the spectrum.

Not quite. It is not Android that prevents you from rooting, it is some phone manufacturers.

But sure rooting could be made easier, and a more advanced security level system could have been implemented in Android. I guess this could be a matter of history, that Android worked on hardware much more limited than today's devices, and have not been thoroughly reimagined/rewritten.

And on the bank thing, I repeat my self here: it is an APP thing not an OS thing. At the least in Denmark web-banking requires much more authentication than opening a bank app on your Android device.

 

I'm not opposed to rooting, nor am I encouraging people to do so. Both has it's pros and cons. I'm just saying that I do understand the reasons why some apps require the devices to be locked. If you disagree with these requirements, you should take that discussion with those responsible for the apps in question. Don't blame the OS for making it possible for the apps to have the requirements they want.

[VaZso 1,997]

45 minutes ago, EskeRahn said:

Not quite. It is not Android that prevents you from rooting, it is some phone manufacturers.

...but there is no official support of rooting, so Google is against rooting.

45 minutes ago, EskeRahn said:

But sure rooting could be made easier, and a more advanced security level system could have been implemented in Android. I guess this could be a matter of history, that Android worked on hardware much more limited than today's devices, and have not been thoroughly reimagined/rewritten.

Yes, it should have been implemented much better in Adroid and yes, Android used to work on much more limited hardware.
However, the lack of proper user / permission handling is not caused by weak hardware, it is not a really hardware-consuming thing.
Also, the main idea of using Dalvik VM was a much more hardware-consuming decision - it has its own reasons, for example the possibility of changing the Linux main layer later (which is also sometimes used by applications, so it is not as easy anyway).

...but if we are speaking about limited hardware, it worth mentioning the Dalvik / Java solution was against hardware.
However, they also had other decisions like the handling of processes. Basically Android freezes applications which are not in the foreground - it can be worked around officially anyway but the background was the weak hardware and higher battery life.

However, on N900, which ran at only 600 MHz and had only 256 MB of RAM, a native operating system ran much more fluently with proper permission handling and real multitasking just because it has no additional layers but a good-working system (basically it was a modified Debian on ARM).
So the OS overhead was much lower, but otherwise the world became more complicated, so the hardware is currently also limited to properly display today's web pages, but it is another question and not the OS itself.
(The CPU and RAM are the limit.)

So on one hand, Android has some overhead but programming is much easier / more supportive.
On the other hand, they tried to limit applications on the OS to be able to run better on weak hardware.
That is by historical reason but it still lives among us.

I really liked that on Maemo, I could open more web pages and while one was still loading, I could read the other.
Under Android, it is not even possible, however, I frequently run into this problem.
Yes, it can be solved by special programming, but basically Android was not designed to work this way.

45 minutes ago, EskeRahn said:

And on the bank thing, I repeat my self here: it is an APP thing not an OS thing. At the least in Denmark web-banking requires much more authentication than opening a bank app on your Android device.

It is an OS thing which is available to serve these apps.
I understand it is not Google's individual decision but the pressure of these organizations - it is all about money...

45 minutes ago, EskeRahn said:

Don't blame the OS for making it possible for the apps to have the requirements they want.

Basically the OS has some restrictions against their user's freedom, so it is still the OS which is basically a restricted environment.

Edited June 13, 2020 by VaZso

[EskeRahn 5,399]

2 hours ago, VaZso said:

Basically the OS has some restrictions against their user's freedom, so it is still the OS which is basically a restricted environment.

In short: No.
It is a bit like saying that a car manufacturer limits your freedom by offering seat belts.
If a govermental agency requires you to use the seat belts to drive on public roads, they are the ones doing the limiting, not the car manufacturer.

[Hook 2,907]

2 hours ago, VaZso said:

...but there is no official support of rooting, so Google is against rooting.

Not exactly. Google may not make it easy but they have explicitly stated in the past that rooting (and unlocking the bootloader) does not void warranty on their branded devices and I believe this is still true with Pixel devices.  They even provide factory images that can be flashed before warranty repair.  They simply state that if you get into trouble by altering Android code in some way you shouldn't, flash the factory image before sending your device in.

F(x) Tec is the same.  They encourage unlocking and rooting and doing so won't void warranty. 

 

 

[VaZso 1,997]

1 hour ago, EskeRahn said:

In short: No.
It is a bit like saying that a car manufacturer limits your freedom by offering seat belts.
If a govermental agency requires you to use the seat belts to drive on public roads, they are the ones doing the limiting, not the car manufacturer.

I think no. The seat belt is not limit the use of the car at all.

It is more like the car manufacturer or authority would physically limit the maximum speed of the car (I mean by software, which as far as I remember they started to speaking about).
Basically the idea is good but there are circumstances (for example to avoid an accident) where you may also need higher speed to escape from such a situation... and here come the exceptions anyway.

...or a better example is later, when self-driven cars are widely available, an authority will not allow you to drive your own car just the automatic driving.
This time will also come anyway.

However, the car and computer comparisons are always jerky.
...as today phones are computers and these are limitations.

Maybe secure boot in a way Microsoft tried to spread it a similar restriction in another level.

46 minutes ago, Hook said:

Not exactly. Google may not make it easy but they have explicitly stated in the past that rooting (and unlocking the bootloader) does not void warranty on their branded devices and I believe this is still true with Pixel devices.

Maybe it does not void warranty (which is good), but also it is not a preferred way, maybe just slightly tolerated.

48 minutes ago, Hook said:

F(x) Tec is the same.  They encourage unlocking and rooting and doing so won't void warranty. 

Yes, it is right.
F(x)tec allows you to do anything with your phone and even provide a restore method, nothing wrong with F(x)tec here.

[EskeRahn 5,399]

19 hours ago, Hook said:

F(x) Tec is the same.  They encourage unlocking and rooting and doing so won't void warranty. 

I would say that "encourage" is pushing it a bit. I would rather say that they in no way are opposed to it, And openly tell people of the options, But I doubt that they will encourage the 'ordinary' users to do so, as it might limit them from running apps they would want, and increases the security risk, especially for the 'ordinary' users.

[VaZso 1,997]

20 minutes ago, EskeRahn said:

I would say that "encourage" is pushing it a bit. I would rather say that they in no way are opposed to it, And openly tell people of the options, But I doubt that they will encourage the 'ordinary' users to do so, as it might limit them from running apps they would want, and increases the security risk, especially for the 'ordinary' users.

Right, they are not pushing it but they allow the use of other OS (or don't really care).
As the hardware has high potential, it would be a wrong decision to limit it to only run stock Android.

However, it may also gain more work on helpdesk side, but this possibility is also a selling point (so it is also not black and white).

It is right that an 'ordinary' user should not do it as it may cause false use of warranty service - we also saw it on this forum when somebody sent the device back to Dragonbox, while only its software was messed up.

Edited June 14, 2020 by VaZso

[EskeRahn 5,399]

30 minutes ago, VaZso said:

It is right that an 'ordinary' user should not do it as it may cause false use of warranty service - we also saw it on this forum when somebody sent the device back to Dragonbox, while only its software was messed up.

Yes, this is a nice example of the dillema a manufacturer has here. A user complaining about a product being 'faulty' is bad PR even if the fault is actually in the (mis)use and not the product - the last part seldom reaches all those that heard there was a problem...

So I do understand that many manufacturers keep things locked being scared of this. I'm glad that F(x)tec give us the options. 🙂

[Hook 2,907]

1 hour ago, EskeRahn said:

I would say that "encourage" is pushing it a bit. I would rather say that they in no way are opposed to it, And openly tell people of the options, But I doubt that they will encourage the 'ordinary' users to do so, as it might limit them from running apps they would want, and increases the security risk, especially for the 'ordinary' users.

Quite right.  I only meant that they were encouraging to those who want to do it, providing links, resources and a user forum to document experiences and promoting alternative OSes in their official tweets.

[VaZso 1,997]

30 minutes ago, EskeRahn said:

s, this is a nice example of the dillema a manufacturer has here. A user complaining about a product being 'faulty' is bad PR even if the fault is actually in the (mis)use and not the product - the last part seldom reaches all those that heard there was a problem...

Yes, it is a bad PR and also a misuse of warranty service which is a direct and indirect loss of money on one side.
On the other side, it allows the use of other OSes and may also cause more selling of phones.
So at the end, it is a good question what is the better option financially.
However, in fundamental point of view, the better to have higher freedom.

37 minutes ago, EskeRahn said:

So I do understand that many manufacturers keep things locked being scared of this. I'm glad that F(x)tec give us the options. 🙂

Right, I feel the same and I hope they will also have later devices and they keep these options.

However, the background of Android / Google's behaviour (which we discussed above) has the same roots...
 

[daniel.schaaaf 177]

17 hours ago, EskeRahn said:

Yes, this is a nice example of the dillema a manufacturer has here. A user complaining about a product being 'faulty' is bad PR even if the fault is actually in the (mis)use and not the product - the last part seldom reaches all those that heard there was a problem...

So I do understand that many manufacturers keep things locked being scared of this. I'm glad that F(x)tec give us the options. 🙂

I don't think it is reputation the manufacturers are concerned about. They care about money before anything else. Yes, reputation can affect sales (ever so slightly), but that is a secondary effect. A primary effect is customer support. And, it is sooooo easy to refuse support for a rooted device.

Yes, there are half-wits who have no clue what they are doing and who break their devices ... but these will find a way to root and screw up anyways.

On the other side, if the manufacturers and Google would not constantly screw up and give their users more choices/freedom, there would be fewer reasons to root. Android is crippled by greed. Google and phone manufacturers cripple the user experience because it is cheaper not to consider our wishes. After all, "we stupid bunch of idi***" buy their phones anyway. On Lineage, I don't need GravityBox. On stock, GravityBox improves the UI a lot. Google cripples SD-card access more and more with each new version of Android. I do not believe their claim to protect our privacy. I believe they want to sell their phones without SD-card slot and get higher margins from overpriced internal memory. Simple as that.

One of the biggest drawbacks of rooting and modifying your system is the update problem due to a modified system partition. Google has a choice in this matter. They could package updates on a file basis for binaries and parse text files (as they did in earlier Android versions?). But they decided to go for partition images ... and took things further by refusing to update when the checksum of the system partition is wrong. Mix in the ability to destroy your encrypted data partition in the blink of an eye, and you have perfection.

Another thing that Android does really badly is user control over apps. Even the most simple fart-app is regarded as the most important app by their developer. Hence, most apps start on boot and listen to events like USB-power or WiFi availability to auto-start themselves. Yes, one could say this is the app's fault. But I blame Android for giving apps all these crazy possibilities that no one would accept on a desktop OS. Only root with certain apps can help us users. Again, Google cares only about money from app sales and advertising, and caters to app developers instead of end-users.

Talking about advertisement and user control... Google and manufacturers don't like root because they can lose out on precious user data. Some people argue that advertisement is a way to finance app development. I disagree. Advertisements and the collection of user data are the only way to keep a saturated market going. If all apps would be either advertisement free or paid, most apps would cease to exist. No one needs 1000 fart apps. This is the reason why Google does not give us the choice to filter for apps without advertisements in their Play Store. The only choices are paid or free (most often with ads or in-app purchases).

In essence, root is not a security issue but a loss of revenue. It is not just apps with root detection. Android itself was made to make root either impossible (by the manufacturer's choice) or as inconvenient as possible.

[zurvan2 125]

I have always required root on my phones. I will not buy a phone that can't be rooted. I've even bought phones without a keyboard, but that were rootable. Root is non-negotiable.

OTA Updates are affected, not directly by root, but by other things using root to modify the partitions that the OTA updates would affect. The OTA mechanism is a simple binary diff, so if a single byte is out of place, it would fail. This is done to minimize download size.

I totally agree that android would be better off for all users if they adopted a finer-grained permission model for apps. In particular, the one permission that I want to see is a permission for network access. Stupid silly local games have no need for network access, etc. Network access is the one permission that trumps all the others. I don't care if a silly game reads my contacts, as long as it is not allowed to talk to the network.

We saw teases of better permission models in Android for a long time, which to me indicates that the Developers want to add them. The features must keep losing out to other work, though. Apparently adding permissions doesn't make money. 

I would love to hear about which phone operating systems are *more* open than Android, though. IOS certainly isn't... everything that's limiting about android is 5x worse on an iPhone. Bonus points if those operating systems also have robust app stores and available supported hardware.

[tdm 2,322]

7 hours ago, daniel.schaaaf said:

[...] snip [...]

I agree with most of what you said.  Except perhaps the part about comparing app permissions to a desktop OS.  Every desktop OS allows apps (we used to call them programs or executables, remember?) to do pretty much whatever they want whenever they want.

 

Please note that there are two distinct meanings for "secure" / "security" in terms of a device.  There is security from the corporate perspective, which includes things like DRM and evidence of tampering.  And then there is security from the user perspective, which includes exploiting vulnerabilities, hacking, malware, etc.  Whenever a company talks about security, they are talking about security for them, not you.  That may intersect somewhat, but when it does not, they will only care about their security, not yours.

 

Google has had to walk an interesting line regarding rooting and software generally.  They had little chance of competing with the iPhone without an open source OS that companies could take and customize.  But that open source OS is also one of the major reasons that advanced users expect to be able to have root access.  Not only that, many manufacturers like FxTec, OnePlus, and many many others, including Google themselves allow unlocking the boot loader and installing custom software that effectively hands complete control of the device to the user.  On the flip side of the coin, companies including Google themselves want all the corporate things from Android -- namely "security" (for them). So they come up with complex schemes like SafetyNet to try to detect when devices are not "secure".

 

But what about user security?  Companies will tell you that locking a device and only running signed software makes a device more "secure".  From a user perspective, it does -- to a degree -- as long as the OEM is providing regular security updates, a locked device is technically more secure against hacking and malware than an unlocked device.  But as soon as the OEM stops doing updates, third party software like LineageOS actually makes the device more "secure" for the user than the OEM software.  That's the part they don't like to talk about.  They would much rather you go out and buy a new device with new software than keep pumping money into doing software updates for devices that are not making any revenue.  And the Pro1 has the additional wrinkle that Qualcomm Secure Boot is off, so the device can never really be fully locked and secure.

 

[VaZso 1,997]

34 minutes ago, tdm said:

they are talking about security for them, not you

I think this is the appropriate expression I was searching for.

If I have root access on my phone, then it is less secure in corporate perspective, but if I don't have root access, then the phone is less usable for me in general.

[EskeRahn 5,399]

9 hours ago, daniel.schaaaf said:

They care about money before anything else. Yes, reputation can affect sales (ever so slightly), but that is a secondary effect. A primary effect is customer support. And, it is sooooo easy to refuse support for a rooted device.

Well if that was their reasoning they would just love people rooting, as they could use that as an excuse for refusing support and repair under warranty, and thus save money....

[Gigadoc2 54]

I'd like to add a bit unto the things @daniel.schaaaf and @tdm already said, with regards to how Google interprets "security".

There is a paper by Google employees where they explain the Android security model, it might even be an official Google position (though I am not 100% sure of that): https://arxiv.org/pdf/1904.05572.pdf#section.3

That paper is quite interesting, they include a detailed threat model (which finally explained to me why Google considers a locked bootloader as a critical security feature for regular end-users) and it is not even that old, it refers to Android 9.0. I really recommend the read if you are interested in knowing why the Android ended up being like it is now.

But related to this discussion, I want to point your attention to section 3, "THE ANDROID PLATFORM SECURITY MODEL". The first bullet point here is "Three party consent", and it really confirms what @daniel.schaaaf and @tdm have said.

Quote

No action should be executed unless all three main parties agree — i.e.user, platform, and developer (implicitly representing stake holders such as content producers and service providers). Any one party can veto the action.

So, without much speculation or conspiracy theories, I think I can safely state that Google does not consider you the owner of your phone. "Your" phones ownership is shared between you, the vendor and the content providers (developers). The paper goes on to list more specific examples where this three-party consent is needed (and where not), but the point is: As long as any single action on your phone requires this three-party consent, you can not have root permissions in any way or shape. If you had root, the veto of the platform and the developer would be void. This is why things like SafetyNet exist, and this is why I believe that getting root or installing custom ROMs will become harder in the future, and not easier. Well, getting root or a custom ROM might not become harder, but actually using your phone with full functionality after that will become harder.

On 6/15/2020 at 5:10 PM, tdm said:

But what about user security?  Companies will tell you that locking a device and only running signed software makes a device more "secure".  From a user perspective, it does -- to a degree -- as long as the OEM is providing regular security updates, a locked device is technically more secure against hacking and malware than an unlocked device.  But as soon as the OEM stops doing updates, third party software like LineageOS actually makes the device more "secure" for the user than the OEM software.  That's the part they don't like to talk about.  They would much rather you go out and buy a new device with new software than keep pumping money into doing software updates for devices that are not making any revenue.

Look how small the section 4.8 about fast patching is. They acknowledge that updating is an issue and then… do nothing about it. They do list unpatched vulnerability securities in their threat model (T9), but then they only refer to it when talking about how they sandbox apps - they don't really talk about vulnerable OS components AFAIS.

 

But then why can we root? Why can we install LIneageOS and why is so much of Android open source?

Well, here my source ends and I start going into conspiracy theory territory. Similar to @tdm, I think this has just been part of the early marketing strategy. I don't know whether Google would have succeeded against iOS without the openness, but there is another possible reason: You can't compete with free. Someone smarter than me (unfortunately I don't know the source anymore) described Android as a "scorched-earth" strategy. You make a great OS, you make it entirely free for manufacturers to use and adapt (it's not even GPL, you can just take the code and run with it), and then promise to support it entirely for free. No way anyone else is ever (for values of ever being 10-20 years) going to make a mobile OS again. Well, there is SailfishOS and there is Ubuntu Mobile, but they exist in a niche as they cannot really compete with Android for the global market.

But doing this obviously carries a heavy price, you have to invest all that developer time into your OS and you might not get anything out of it if every manufacturer adapts the OS to their needs (and leaves out the parts that generate revenue for you). So Google left this "hook" in Android to be able to retain control and pull it back into their ecosystem should it ever get out of hand. There is this tiny part which is not free, the App Store (Android Market, later Play Store). Correct me if I am wrong here, but I think the Market in particular has been closed source from day one. The manufacturers would be willing to accept Googles control over the App Store as long as they could still include their own stuff in the OS (and having Googles App Store in there means having access to a lot of Apps to entice customers). Even the tech enthusiasts and free software fans would accept the Android Market being proprietary, as they could easily replace it (and most of the apps you needed back in that time were shipped with AOSP then). So Android gets adopted, and the people get used to the Android Market. Slowly, one after another, Google stops developing the AOSP apps and replaces them with proprietary GApps. The Android Market becomes the play store, the play services become a thing and they slowly incorporate more and more features (as opposed to those features being provided by AOSP). The line between "Features in the new Android version" and "Features in the Play Services for that new Android version" gets more blurred. This is part of Google reining Android back into their control, after they made it popular by making it free. But because of this history, this marketing decision, we have AOSP, we have our custom ROMs and our root.

I don't think that Google will ever directly try to prevent rooting Android, or running custom ROMs. But they will (and already do) provide app and device makers with means to do exactly that, and that may get worse over time.

Depending on how long the Pro1 will survive in my clumsy hands, it may very well be the last Android phone for me. I could imagine that by the time the hardware is finally to old to keep using, the Android ecosystem will have become too restrictive for me. I'd like to believe that I can run AOSP + open source apps forever, but even the free software apps are depending on Play services nowadays to actually work. Maybe I am being too pessimistic here, but I kind of see myself falling back to a feature phone at some point. Already today I can see practical limitations of open source Android: I can't use a FIDO2 token without play services. Not a big deal right now, but if even Mozilla is relying on the Play Services for functionality as important as website authentication, I see that as kind of indicative as to how things will continue from here.

 

EDIT: Kind of forgot one major point: For me as an open-source fan, the story of Android and how it started open and then got more closed by means of the Play Services sort of taught me: If it is not 100% open, it is not open. As long as there is some closed source part in an operating system, however tiny, as long as it becomes widely accepted it presents a way for the owner to retain control over the rest of the OS as well. Sure, in theory someone could always fork and fix it, but as long as the proprietary version (here, Android + Play Services) remains popular, the fork has to play catch-up with upstream. For a project the scale of Android, that is just not feasible.

Edited June 24, 2020 by Gigadoc2

[EskeRahn 5,399]

5 hours ago, Gigadoc2 said:

So, without much speculation or conspiracy theories, I think I can safely state that Google does not consider you the owner of your phone. "Your" phones ownership is shared between you, the vendor and the content providers (developers).

In the above I think you forget a very important commercial aspect: Many (most?) apps are sold as 'free' by being infested with ads, and for some by stealing data.
That model would not work if people had complete control and could easily remove/block the ads. E.g. by blocking or restricting network access.

BUT that said, It would be nice if all apps in the Android Market were required to also provide a (paid) no-ads version. And they could then offer only those apps for rooted devices - this would remove that part of the reasoning.

The problem here is a bit like adblockers for browsers. Very convenient for the user, but it really is stealing when we use them!
I would love if there were a way to ensure that the sites I visit could have the same micro-payment from me as they would get from the ad-provider showing the ads, so it would be my choice as a user to see the crap, shell out or go to another site.

I do not think that I got a single app I use installed in a free version if a no-ad version is offered. There might be apps I installed but never use and forgot to uninstall though.
Not the least because ads is heavy on the battery, and thus severely reduced the stamina of the device.

 

Apart from the concern of the 'free'-model, the same concern for Android's brand image  goes for Google as it does for the hardware-providers. If people mess up their phone (actively or accidentally by installing apps with malicious code) The story posted in the narcissistic media could very easily end as 'this specific device and/or Android is crap' - conveniently omitting that it was actually the user that was to blame for messing things up - we even got an example of it in here, a dishonest user messing up the device, and then returning it to the vendor claiming it as 'faulty'!!

 

Repeating myself: I'm not against rooting, but I do understand why they provide the pampered environment as the default.

[Gigadoc2 54]

13 hours ago, EskeRahn said:

19 hours ago, Gigadoc2 said:

So, without much speculation or conspiracy theories, I think I can safely state that Google does not consider you the owner of your phone. "Your" phones ownership is shared between you, the vendor and the content providers (developers).

In the above I think you forget a very important commercial aspect: Many (most?) apps are sold as 'free' by being infested with ads, and for some by stealing data.
That model would not work if people had complete control and could easily remove/block the ads. E.g. by blocking or restricting network access.

In that sentence you quote the app developers are the "content providers", so I don't think I forgot them in that part of the post? This is precisely why they have that veto right in the Android security model, so that they can retain control over their content, be it the App itself or some media distributed through it.

13 hours ago, EskeRahn said:

The problem here is a bit like adblockers for browsers. Very convenient for the user, but it really is stealing when we use them!

This is a very good starting point for me to explain why I don't agree with the Android security model. I am pretty convinced that adblocking is not at all stealing:

To make things simpler, let's consider a PC and not a phone for the moment. Leaving aside things like the Intel Management Engine or proprietary UEFI firmware, I am very confident in saying that I own my PC. I bought all the hardware components myself and paid with money; no harddrive, CPU or anything else is being indirectly financed by ad revenue, third-party tie-in (I don't own a Nvidia GPU anymore) or something similar. The operating system and browser I use are free software, while I didn't pay for them there is also no expectation that me using this software somehow generates revenue. So up to the Browser, my system has already been paid for in full, and there is no theoretical or practical "debt" that I have to some vendor. Which means, not only should I be in full control of that system, I am (with the above exception to the Management Engine and UEFI). So I can, and do, enact strict control over what my browser does with the data it is being given by external parties, which may include not loading or displaying ads.

So there is a conflict: I control the Browser and the OS, thus can block ads (or as I like to view it, decide not to load them). On the other hand, the websites business model might rely on me loading those ads. I totally acknowledge that this conflict exists, but… It's not my task to fix their business model. I might be willing to pay for content that I consider worthwhile (which for most sites is not even an option, because ads and tracking just pay better), but I am not altruistic enough to relinquish control of my systems to the advertisers. And I don't see a moral reason to do so, unless the system is not actually mine. Which leads back to the question about ownership of Android phones.

With the PC, the case is pretty clear-cut (well, maybe not if Windows 10 is involved), but with Android phones it is more difficult. At the very least Google is of the position that a phone is not solely owned by its user, and most of the vendors probably agree with this. The Samsung I bought to tide me over to the Pro1 is probably only that cheap because it gets co-financed by ad or cloud services revenue; if I hadn't bought it used anyway I would have probably costed Samsung some money by immediately installing LineageOS on it. And if I am not the sole owner of my phone, then I also see why I should not block ads with it. If the ads are paying for the phone instead of me, then blocking them would indeed constitute stealing. But there is still one problem with this business model, as it is currently practiced.

I admit, I just really don't like this kind of business model, where instead of selling full-price devices you sell at a loss and then get that money back via ads or something. Which is at least as much of a reason than the keyboard for me to have bought the Pro1 btw, as fxtec voluntarily renounces their "veto right" on the device. But aside from my personal dislike, I really think that it is misleading to tell your customers that they "buy" a phone, if they in reality don't. If the phone you are "selling" me is not fully financed by the buying price and you thus expect to retain some degree of control over it, tell me outright. Call it "leasing" or something, make it abundantly clear that I don't fully own the hardware, and specify the timeframe for how long you expect to retain control of the device (especially if that timeframe is "forever"). I think Steam is currently facing some backlash in France over using "buying" terminology and imagery when in reality you just lease a game with a one-time lease-fee; this is similar.

And when it comes to apps, and how they too are indirectly financed by you not having full control over the device they are running on, I would apply a similar reasoning. It's not the same as with the phones themselves, as we are already not talking about "buying" here, but the app developer still needs to make obvious that in order to use their app, you have to agree to partially hand over control of your phone to them. Currently I see the marketing around smartphones and apps framing everything as being under your (the users) control: Your phone, your apps, your accounts, etc. But it's all leased, the business models all depend on you not having full control over the hardware you hold in your hand.

 

14 hours ago, EskeRahn said:

Apart from the concern of the 'free'-model, the same concern for Android's brand image  goes for Google as it does for the hardware-providers. If people mess up their phone (actively or accidentally by installing apps with malicious code) The story posted in the narcissistic media could very easily end as 'this specific device and/or Android is crap' - conveniently omitting that it was actually the user that was to blame for messing things up - we even got an example of it in here, a dishonest user messing up the device, and then returning it to the vendor claiming it as 'faulty'!!

I'm not sure if this is as big of a problem as vendors like to claim, but if this lockdown is necessary for a vendor to save face, then that too should be communicated honestly: "You are not buying this device but are leasing it, because we need to ensure that you can't break it and make us look bad."

 

BTW, I hope these posts do not come off as aggressive, I really enjoy this discussion. The topics of ownership and control in technology are really interesting to me :)

[Hook 2,907]

29 minutes ago, Gigadoc2 said:

I totally acknowledge that this conflict exists, but… It's not my task to fix their business model. I might be willing to pay for content that I consider worthwhile (which for most sites is not even an option, because ads and tracking just pay better), but I am not altruistic enough to relinquish control of my systems to the advertisers.

Bingo. 👍