I'm lucky my banking app works (GrapheneOS), as it's now requiring 2FA with the app anytime I login on the browser. Can't use an actually secure form like TOTP. At least they now allow passwords over 8 characters (yes, serious).
(Meme in comments)
this post was submitted on 07 Mar 2024
644 points (96.3% liked)
Android
27509 readers
173 users here now
DROID DOES
Welcome to the droidymcdroidface-iest, Lemmyest (Lemmiest), test, bestest, phoniest, pluckiest, snarkiest, and spiciest Android community on Lemmy (Do not respond)! Here you can participate in amazing discussions and events relating to all things Android.
The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:
Rules
1. All posts must be relevant to Android devices/operating system.
2. Posts cannot be illegal or NSFW material.
3. No spam, self promotion, or upvote farming. Sources engaging in these behavior will be added to the Blacklist.
4. Non-whitelisted bots will be banned.
5. Engage respectfully: Harassment, flamebaiting, bad faith engagement, or agenda posting will result in your posts being removed. Excessive violations will result in temporary or permanent ban, depending on severity.
6. Memes are not allowed to be posts, but are allowed in the comments.
7. Posts from clickbait sources are heavily discouraged. Please de-clickbait titles if it needs to be submitted.
8. Submission statements of any length composed of your own thoughts inside the post text field are mandatory for any microblog posts, and are optional but recommended for article/image/video posts.
Community Resources:
We are Android girls*,
In our Lemmy.world.
The back is plastic,
It's fantastic.
*Well, not just girls: people of all gender identities are welcomed here.
Our Partner Communities:
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Magisk plus DenyList luckily works for my banks. Couldn't imagine not having a rooted phone.
Beat the main purpose of GrapheneOS. Open the phone to a broad lot of security issues.
Graphene only works for Pixel phones, and I don't want a Google device.
thats fair. device support is a major downside of GOS. but, remember: its not really the fault of the OS, as it requires a lockable/unlockable bootloader, which only pixel phones provide (at least in terms of mainstream phones). blame the OEMs like samsung
There are a ton of unlockable bootloaders. On my OnePlus that's a matter of flipping a switch in the settings.
can it be re-locked? i may be wrong, btw. this is just what ive heard.
I don't know, never tried that.
That's the main issue really, as it open the possibility to manage your device for anyone getting hold of it. Probably some debug attack methods also with it.
Mainstream phones? Pixel is a smaller market share than Motorola, and Motorola has unlockable bootloaders, and lineage supports a fair number of them.
Sadly, can't be re-locked. Would have loved to get a Motorola if it was.
I thought Google owned Motorola, but I missed the sale to Lenovo ten years ago.
@viking @PoorPocketsMcNewHold @android
Then don't bother, there's no GrapheneOS for you!
Yeah, that was their point.
Only big manufacturers can really pay to control entirely the hardware inside it, and allow you to modify it. Checkout Fairphone for example. They've been forced to stop hardware security updates due to their chip manufacturer, who refused to continue supporting it, despite them trying to support their devices for plenty more years. This explains the choice with Google.
What are the security issues? Rooted just means the potential to give trusted apps root access. Of course, if you give an app root access that you trust but is then abusing that trust and being malicious, yes it's a security issue. But if you don't do that, the simple fact of having a rooted phone should have no security change in any way. (Ok, except for potential bugs in Magisk/su or whatever)
The whole issue revolves around the fact Google is presuming a device is compromised or being used for illicit shit simply because root access is possible. If they put in effort to detect/prevent the actual problems they're concerned about, this wouldn't be as big a deal. This broad punishment for simply having root access is lazy and ridiculous.
It's like if Windows apps just stopped working if they detected a local admin account. It's patently absurd to assume the ability to access anything means the device is inherently "unsafe".
But the previous commenter talked about security issues, you're only talking about usability issues.
https://www.reddit.com/r/GrapheneOS/comments/13264di/comment/ji54e19/?utm_source=share&utm_medium=mweb3x&utm_name=mweb3xcss&utm_term=1&utm_content=share_button
I'm pretty sure whoever wrote that was talking out their ass. The fuck is "UI layer" on Android, or rather, what does it have to do with it xD
The actual Magisk prompt that ask you if you want to give root to such app. This UI layer.
Although, i suppose it could be countered by explicitly refusing all requests or enabling a biometric confirmation
But granting root is not done by "the UI layer", "the UI layer" is not running with root. There is no such thing as "the UI layer" as a separate entity, an app can have a UI layer as part of its architecture, but the UI is not running on its own. Just because Magisk shows you a UI for you to grant/deny a root request, that doesn't make it insecure. Nothing is able to interact with this prompt except the Android kernel/libraries itself and Magisk.
Only if you added an application as accessibility tool (or give it root) can it interact with anything within the UI. An app with a UI is generally not much different than an app on the command line.
It still create an attack vector, as it allows a potential extra method to get access to it, in addition of potential hardware exploits that i shared to gain root. Yes, you can minimize the risks correctly, but the user is the only real barrier against it, not the software anymore. The less potential way to exploit your phone, the better it is. You shouldn't rely on thinking that such feature is fully attack-proof.
don't give root to any app duh
GrapheneOS is made by diva developers who frankly should not be trusted. "We only allow Google phones to run our OS!" as if they don't have a backroom deal with Google.
genuinely curious; can u elaborate on the deal with google?
Pure wild speculation if I'm honest, however I'd be more surprised if I was completely wrong. It's always seemed sketchy the way Google have basically said "Use our phone, it's more secure!" with their Nexus and Pixel phones - this was long after the time Google stopped not being evil. At best, the security problems have simply changed manufacturer. Also, Google have a history of undermining development of circumvention, eg hiring the developer of MicroG and forcing him to stop development as a term in his contract.
The diva part is widely known, GrapheneOS developers don't play nice with the rest of the custom development community. So, while I can't substantiate any actual deal between them and Google, it's the perfect recipe.
i see. i bought my phone second hand, so google isnt getting money from the sale, but i can see the problem with every user relying on the same phone manufacturer
Proove us that you can get better security while remaining able to be fully modified with other phones and brands. https://www.privacyguides.org/en/android/#divestos
Privacy Guides has a bit of a sordid history of their own diva behaviour.
Just higher standards.
Nah they've been accused of biases.
@TWeaK @PoorPocketsMcNewHold @android
Bullshit
Just logical. If you gain the privilege to modify system bits, then it just open the potential for attacks abusing root access. And it has been done already. You are just removing one step for them. https://www.bleepingcomputer.com/news/security/loki-trojan-infects-android-libraries-and-system-process-to-get-root-privileges/ https://www.bleepingcomputer.com/news/security/highly-advanced-spydealer-malware-can-root-one-in-four-android-devices/ https://www.bleepingcomputer.com/news/security/new-abstractemu-malware-roots-android-devices-evades-detection/ https://promon.co/security-news/fjordphantom-android-malware/
Non-rooted phones are just like iPhones. Ewww...
Like bicycles with training wheels.
Can you compile your own OS from source for an iPhone and install it yourself? I don't think so.
I have done that with my non-rooted android, and I can do anything I want with my phones through the powers of open source software.
Rooting is unnecessary now and that's a good thing.
You can't do that without unlocking the bootloader, and that alone will trip "root detection" (Play Integrity).
Some apps take it further and won't run if you enable Developer Options! (Or have any number of "hacking apps" installed, such as autotap apps that don't even need root.)
Yes, I am aware of how it works. Unlocking the bootloader is not the same as rooting, and all my apps work just fine.
If they work with an unlocked bootloader then they would almost certainly also work fully rooted, with the advantages that brings (such as actual working app+data backups, limiting max battery charge, better automation possibilities with apps like Tasker, etc)
I'd much rather switch banks than give up rooting my phone.
Who cares if it's necessary? If people want to do it, they should be able to, without punishment.
Well you can, and there is no punishment, so you should be happy.
I imagine you probably think "punishment" is that some bank won't let you use their app on a rooted phone. That is not a punishment, that's the bank implementing the security that they deem necessary for access to their software, and is likely part of a license agreement that you agreed to by using it. You have no default entitlement to have free use of the software that anyone else produces unless the software developer's license states that you do.
Actual punishment would be if your phone gets bricked by the OEM for rooting it, or government authorities fine or arrest you for rooting.
Rooting is always necessary, you can't convince me otherwise, imagine not having root permissions in your Windows, Linux or macOS machine...
Without "rooting" capabilities we wouldn't have custom firmware for tech that is quite locked (like the PSP, Vita, 3DS and whatever OS they use), emulation would not be the same.
Heck, even some iOS versions can be jailbroken yet, I cannot conceive a world where iOS is less locked than Android.
You need to be the one who decides how your hardware is managed.
Agree, don't get why you are being downvoted.
You are being downvoted because you're factually wrong. While Android (especially on Samsung devices) had been getting more locked down over the years, even unrooted it has way more freedom than an iPhone. For instance, you can install any number of APKs, without jumping through any hoops.
For now. Google's recent patterns would seem to indicate the future trajectory of Android to become even more hobbled.
I doubt it will ever be as closed as iPhone but there's a point where the door is technically still open, just not in a way that really means much.
As a I said before, I don't care about downvotes. Be my guest.
That's ok an all, but I assumed that you do care about making a false statement, which was the point of my response, to let you know.