Thought some of you will find it interesting
Worth the wait. GrapheneOS is the sole vanguard of privacy and security in the mobile market right now. They should be supported, and other projects should take notes from them.
Does graphene support root access yet? I’ve been wanting to try graphene but I know in the past that was either discouraged or impossible and unrooted android is way too frustrating to be worth any benefits
The primary focus and benefit of GrapheneOS is security, and user>root privilege escalation completely undermines that securiy model. The project doesn’t and likely never will support root access for that reason.
I mean, that is saying in effect that the user is a security liability, that rights should be withheld from the user because they can’t be trusted. I think that is diametrically opposed to the very principles motivating giving the user control of their phone and privacy.
Sure, lock root behind whatever “I’m an adult and the phone’s owner, and know what I’m doing” setup, or sandbox as need, or require a user to properly self-authenticate any key-related operations, but desktop OSes function fine giving users root abilities. The reason device manufacturers lock their phones and prevent root is maintaining a trusted environment adversarially to the user, not that the user’s data will be insecure.
This isn’t about the user being treated as untrustworthy or as less than an adult, it’s about the security model GrapheneOS is based on. The team explains it well in this thread: https://discuss.grapheneos.org/d/18953-why-the-stigma-against-rooting
If you want to trade away the benefits of that security model to be able to tinker with things and feel more in control of your phone, you can use something else that lets you do that by default, or patch and build a rootful Graphene yourself. Ironically, the risk there is of giving full control of your phone and privacy to a potential malicious third party anyways, but different threat models may deem that acceptable or low-risk enough.
but desktop OSes function fine giving users root abilities.
Again, threat models. They may function fine for most people, and for most people the risk is low, but the linux desktop world is a security nightmare.
I mean, that is saying in effect that the user is a security liability, that rights should be withheld from the user because they can’t be trusted.
This is literally true when dealing with cyber security. And always will be.
And, no, throwing up some scary warning does not magically fix anything. If root access exists - at all - that creates an extreme vulnerability to any kind of malware.
You want Android that is secure? Then say goodbye to root access. You want root access? Then you don’t have a secure OS on your phone.
There is no middle ground. Just doesn’t work that way, sorry.
¯\_(ツ)_/¯
This is only true with an embarrassingly coarse threat model.
Yes, every avenue that allows a user access in theory allows a hacker possible access. But the entire point of security is to create access that is as close to seamless for the user and as close to impermeable for the hacker as possible.
Think of the physical world. We secure a literal bank vault against thieves, customers and even employees with different threat and access models while officers and executives retain “root” access.
If you simply use an access and threat model that treats the user as a hacker, it’s both lazy and undermines the basic purpose of security. It’s just encasing the bank vault door in concrete.
But I don’t think you even realize what you’re arguing - you’re not advocating that nobody gets root access. You’re advocating that the phone or OS maker gets root access while the user does not. You really are saying we can’t own our phones rather than than we can’t secure them.
Everything I used to use root access for, I do without root access on GrapheneOS.
And also, I can still take root anytime I want. I just don’t need to. Instead, I set per app permissions, including storage scopes for each app.
If you’ve been waiting for root, check it out. I bet you’ll like what you find.
Root is tied to USB debug. It is not available wirelessly.
Welp if Qualcomm is involved there goes full open source. Bring on RISC V.
I’ll hold out on buying a phone until then
