This is shitty, but genuinely I have no idea why people root or run custom ROMs these days. I haven’t found an actual use for it since about 2015
Custom roms: I don’t want google service on my device.
As to rooting, I have rooted in the passed, its my device and I’m a tinkerer so why not?
Might as well ask why people run linux after buying a laptop with pre installed windows.
Well Linux is an entire different OS which comes with its own benefits. Rooting makes it a lot more difficult to use apps that use safetynet so doing it because “why not” rather than for a specific benefit doesn’t make sense to me
Android is Linux with a patched kernel and a different userland. Are you saying you never use root on Linux?
My usage of my phone is different from the usage of devices I specifically install Linux on.
Being root gives you access to the firewall and better access to controls over apps. Although maybe you don’t care
That’s fair, but yeah I don’t really care for that. I can understand why someone would though
I need root for some things like IsoDrive and Frida. Frida would be usable without root but it’s really cumbersome. Also AdBlocking and some LsPosed modules like CorePatch. WireGuard works better with root aswell because you can use the kernel module directly
I also hate being restricted by arbitrary locks, it’s my device so I wanna be able to do whatever I want with it
OK, if you want a whole different experience there’s some mobile GNU+Linux distros like Ubuntu touch, Postmarket OS or Mobian.
-
Less bloat ware/spy ware - custom ROMs don’t come prepackaged with random shady games from shady companies or random shady social media apps from shady social media companies.
-
Better privacy and security implementations along with DeGoogling - a lot of ROMs offer Gappless ROMs which is really important since Google is way to big and has too much influence on android OEMs and its easily the biggest ad company in the world and constantly refused to respect peoples privacy. e.g GrapheneOS https://grapheneos.org/features and DivestOS https://divestos.org/
-
Long term software support to help against e-waste e.g LineageOS supports so many phones who’s manufacturers have stopped supplying software updates. https://wiki.lineageos.org/devices/
-
Customization e.g Crdroid includes loads of custom settings from a variety of other custom ROMs and OEM ROMs that rarely get implemented by any stock ROMs. https://crdroid.net/
-
Rooting android phones gives users the ability to access system files that they may not have been able to backup if the apps don’t support it. It also allows for a full system backup and restore
-
It also allows users to block ads and unwated connections without using a local VPN e.g adaway
Enabling Google to dictate what a user can do with their own device by limiting features is a slippery slope and the last thing we want to happen is for Android to end up like iOS with its walled garden approach.
The walled garden is something that grows fast everywhere. Users should have the rights over their devices. Maybe its time to get the EU on this train, their last approaches like the GDPR or the DSA are from near the same spirit.
Its unlikely that they’d get involved, RCS might be default on Googles messenger app but people still mainly use alternatives like WhatsApp so there’s not a big enough user base that would be affected and since Google is pushing RCS as interoperal, DSA won’t apply.
Yes, OS supported root should be mandatory, it shouldn’t have to be some sort of hack.
You can still install custom roms without root enabled. The question is, does google disable rcs on such devices too, or is it just on rooted devices?
As of 2024, Google is now quietly blocking RCS messages on unlocked/rooted android devices. Even if your device only has an unlocked bootloader, it is now at risk of being quietly shadowbanned from sending RCS text messages.
According to the OP that opened the issue with Google, it doesn’t work with devices with unlocked bootloaders so it would affect the majority of custom ROM users since very few custom ROMs and devices support relocking the bootloader, and I think it probably would still affect these devices too since the last time I relocked a bootloader with DivestOS I still had the error message about system integrity on boot
Rooted users can probably bypass this issue with some Magisk modules the same way they do with GPay and banking apps.
If Google really does want to push RCS then disabling access to the more technically inclined users now seems a bit silly.
I thought they’d at least wait for wider adoption before locking it down like they’re doing with YouTube and ad blockers, especially with imessage and WhatsApp being such big competitors. At least in Europe, I don’t see anyone dropping WhatsApp for RCS anytime soon.
Rooted users can probably bypass this issue with some Magisk modules the same way they do with GPay and banking apps.
That doesn’t work anymore due to hardware attestation
Yeah this will cause issues because many device that allows relocking bootloader can only do it once, which lock out future rom upgrades.
What prompt google to do this? Do they have bots problem abusing the service?
You can only relock once? Since when?
Or do you mean relock once with current OS? Yea, unlocking requires a reset, as a security mechanism.
I’ve been degoogled since 2019 so I have never actually used RCS so I’m not 100% sure.
If I were to guess I would assume it has something to do with Apples support for RCS. The last time I checked, Apple won’t support end-to-end encryption in RCS and the messages are only encrypted in transit so maybe Android users that will use RCS with Apple users will have all of the chats saved unencrypted within the system folders and that would be no bueno for Google
But I’m honestly not sure, I have no interest in learning about RCS unless GSMA helps open source apps integrate it so I’m not stuck with either Samsungs or Googles messaging apps
I have no interest in learning about RCS
I never will. It’s too little, too late.
20 years ago it would’ve been a god replacement for SMS. Today? I only use SMS with people who refuse to switch to any modern messenger. I was using XMPP on my phone 20 years ago…
-
Because it’s my fucking phone.
Custom "rom"s extend the life of the device via both security updates and app compatibility. They’re usually able to be used without propriety Google shit at all, if the person wants.
Just rooting allows more control over what is and isn’t on the device, which goes back to the “my fucking phone” factor as well as the rest.
Yeah, you can partially debloat via adb, but that’s a partial solution to a systematic problem.
And that’s ignoring apps that can do more with root, if you want them to have those abilities.
Edit: hell, just access to hosts file is enough justification.
for me , privacy. no google services run in my phone, and none od my data gets shared with anyone
You need to differentiate between root and custom ROMs. Root is counterproductive because it significantly decreases your security, but Custom ROMs like GrapheneOS can make your device much more private and secure. It also doesn’t ship any proprietary apps by default and Google Play services are sandboxed and isolated, just like any other app. It’s pretty amazing.
It’s not necessarily counterproductive, it depends on what you’re trying to accomplish
*counterproductive in regards to security, I updated my original comment
Even then it’s not.
Is your PC less secure because it has root access/Admin accounts?
It’s all about how it’s managed. And I’d argue my phone is more secure, because of how I use root to improve security.
Good luck installing any app on my phone, without knowing how to unlock that functionality.
I recommend the following section of this article:
Rooting your device allows an attacker to easily gain extremely high privileges. Android’s architecture is built upon the principle of least privilege. By default, only around 6 processes run as the root user on a typical Android device, and even those are still heavily constrained via the full system SELinux policy. Completely unrestricted root is found nowhere in the operating system; even the init system does not have unrestricted root access. Exposing privileges far greater than any other part of the OS to the application layer is not a good idea.
It does not matter if you have to whitelist apps that have root — an attacker can fake user input by, for example, clickjacking, or they can exploit vulnerabilities in apps that you have granted root to. Rooting turns huge portions of the operating system into root attack surface; vulnerabilities in the UI layer — such as in the display server, among other things — can now be abused to gain complete root access. In addition, root fundamentally breaks verified boot and other security features by placing excessive trust in persistent state. By rooting your device, you are breaking Android’s security model and adding further layers of trust where it is inappropriate.
A common argument for rooting is that Linux allows root, but this does not account for the fact that the average desktop Linux system does not have a security model like Android does. On the usual Linux system, gaining root is extremely easy, hence Linux hardening procedures often involve restricting access to the root account.
Speak for yourself.
Meh, they were speaking to the other population. They speak for most.
I was speaking for myself, I have no idea why people do it. Didn’t say there aren’t legitimate reasons, I just don’t know any of them
I have installed custom ROM (PixelExperience) on my Moto G5s Plus. This way I extended its life by 2 years. The stock ROM only went up to Android 8.1 and was very slow and buggy, unlike with Android 7. This way I got Android 11 which was newest at the time. It was also much faster than the flawed 8.1 update.
Additionally, PixelExperience allowed some nice things. It looks like Google Pixel phone, even to Google, so I got free unlimited photo/video backups. This may be against ToS, but it’s not like I said I have a Pixel 5, they decided that I do ¯\_(ツ)_/¯.
Another really great thing is routing Wi-Fi hotspot over VPN. I definitely don’t want someone using my internet connection raw.Next, root. I have only done that with Samsung Galaxy Ace from 2011. No locked bootloader BS, just flash, Tada! Rooted.
This allowed me to do full backups, including apps on that device.But there’s countless other uses, most of which I forgot. Some that I can think of that would be useful to me are:
- Proper firewall
- Access to Android folder (without using desktop) (removed since Android 11)
- Full app backups
- Routing hotspot over VPN
- Band locking on Qualcomm SoC (possible without root on Exynos and MediaTek)
- WPS push and WPS pin Wi-Fi connection (insecure) (removed since Android 9)
- Opening ports <1024
- Changing screen resolution and aspect ratio (useful for screen mirroring)
- Removing bloatware
- Changing Wi-Fi MAC address manually
- Battery charge limiting (e.g. to 80%)
- Precise management of app permissions
Proper firewall
What services does it have that are listening on external interfaces?
It’s not necessarily about listening.
Many/most apps try to connect to Facebook, for example. Part of the ghost profile issue.
Or a handful of other data gathering services.
Blocking those are useful for both privacy reasons and battery life.
Those apps like to run in the background at al times, registering for every single receiver the phone has (apps like Solitaire, for example). If I didn’t block receivers many apps would run all the time, even apps I use once a month.
It’s MY phone… End
That’s the point. I don’t know.
Privacy? I am astonished that you’re seriously asking this.
Is this the point about unlocking the bootloader being risky, or did you just pour the Google/Samsung advertisement ethos down your throat?
I guess that’s a fair reason. I hadn’t really considered that because I don’t personally care too much
I’m interested; are you saying you don’t care about privacy from your android device?
I don’t care to enhance it any further from the default experience, especially with the downsides
Downsides?
You’re talking about other people, not yourself.
The internet is chock full of people rooting. If you don’t know why other people rot it’s from willful ignorance.
Because it’s my device, not Googles.
Do you let Dell lock down ur laptop and prevent you creating an Admin account?
What I do on my PC and what I do on my phone are different. Above all the most important feature of my phone is that it works reliably, not that I can tinker or install mods
tinker or install mods
lol, tinker and modding is one of the two things I do most on my phone.
Telegram community is way more active than XDA for my phone.
You want an example? GrapheneOS, to take back my privacy.
Personal firewall.
If an app doesn’t need internet access to do its job, it doesn’t get it. Simple as that.Delete bloarware or just straight up remove all of the Google services
How do you keep a phone more than 5 years while still having security updates without a custom ROM?
I had my note 8 for longer than security updates existed so I installed lineageOS on it, it got security updates but lost a ton of other features and became buggy and slow. Maybe with other phones the experience is better.
Good standard you have there. Good features are proprietary to Google and you can’t use it while rooted.
Lmao
This seems to match the standard, at least for RCS payments (something Google may be working on?):
The device OEM should ensure any RCS client is not modified since it was released, e.g. using integrity checks. The service provider and MNO could potentially rely on such assurance from the OEM. For example, the RCS client should not be running on a device that has ‘root access’ or is ‘jailbroken’.
How very unfortunate.
We really need to move away from the idea that a user having control over his/her device is insecure.
I can use online banking and paypal with windows logged in as administrator or GNU/Linux logged in as root[0], why shouldn’t I be able to use google
walletpaywallet with root?[0] yes I know you shouldn’t log in as root, but that doesn’t change that you can do it.
The problem with root access is that malware uses root access to take funds out of Google Wallets and banking apps. They’re not protecting you, they’re protecting themselves from having to pay their users their money back for losing all of their savings to TotallyLegitWhatsAppUpdatev0.1alpha.apk.zip.
I must be missing something. How would Google be at all liable for restoring funds stolen by software that they themselves didn’t furnish, on a device that’s out of their control?
A judge may not see it that way. They may perceive it as Google failing to provide adequate protections to their users.
If user installed the app created by Google and did not share any login credentials. It’s easy to claim Google is liable.
The equivalent would be a bank leaving the back door to their vault open. An intruder going in and removing your funds. Despite following all the banks instructions, the bank has not replaced the funds.
The banks is responsible for people gaining unauthorised access to your account. Especially when you don’t share your login credentials with anyone (even unknowingly). If they can’t protect against root access attacks then, they shouldn’t permit use of their app on those devices.
Apps have convenience features, especially related to easy sign in. Their website logins don’t have these features. They require the user to enter passwords, challenge codes, card reader etc. If someone gets access to a password manager, the user is at fault. The bank likely stated you shouldn’t write down or record your password.
Google has a contract with the banks. They get exclusive payment provider access, but in exchange must make sure that customer funds don’t get stolen.
When CandyCrushHack.apk drains someone’s bank account, the victim will first go after the bank, who should’ve seen the fraud and acted. If the user can prove that they did not authorize the transactions, in many cases, the bank is forced to restore the customer’s balance. That’ll be expensive as hell, and someone will need to pay. The bank knows damn well that Google is on the hook, because their payment gateway could’ve and should’ve detected that the phone was compromised, so Google will either need to pay for the damages, or win an expensive court case with an army of expensive finance lawyers.
So now there’s a small risk of “user gets hacked, we need to pay back millions” that’s put up against “a sliver of a percentage of our user base can’t do contactless payments with their phone”. I don’t know about you, but I don’t think I would go “let’s blame the users! rooted phones for everyone!” if my pay check was on the line.
Alternatively, the user is left without a retirement fund and is now forced to work until they die. The news will feature another “picking Android ruined my life” story, Google stock drops, Samsung stock drops, iMessage gains a new set of users.
That said, my bank allows me do pay by card through the bank app no problem, even without trying to hide root access. Clearly, they trust their anti fraud systems much more than Google trusts theirs.
is now forced to work until they die
As if that’s not already the case
Tried installing the most recent WhatsApp update but it’s failing. I think a virus is blocking the update, better try again with secure browsing off…
Yeah, I’m going to get downvoted into oblivion for this…
I’m sick and tired of reading this same uneducated argument. Your desktop browser and an app on your phone are entirely different paradigms security/development wise.
Your desktop browser is expected to be insecure. Nobody stores data there besides cookies. Most processing happens somewhere else on a server.
Apple and Google have changed this stance entirely because they knew apps could be a lot more powerful if they did. The API’s that exist to build apps on your phone are designed around the concept of having a secure, sandboxed environment per app. Apps can run offline and manipulate data quickly because data can be synced down and stored locally. I know it sucks for rooted users, but I don’t blame developers for refusing to support those devices one bit.
We all get that the design paradigm is “a secure, sandboxed environment per app”. We just know its a retarded design.
“why shouldn’t I be able to use google wallet pay wallet with root?” Because little innocent Google won’t be able to build their advertising profile of you. Can’t have that!
Does rooting your device make you the root user or just gives you access to superuser utilities?
In linux systems the root user shouldn’t be used for daily use, you just make an user account with permission to use sudo, doas or su.
If you root your phone, at least with most tools, you don’t become the root user. Apps that use root access have to request it, and you’ll have to allow it in the root tool you flashed.
Example pop-up from SuperSU:
Lol. So if you use an exploit to gain SU what makes you think a malicious app can’t do the same? Or better yet, find a new exploit in the SU management software you installed. As soon as you root, you can no longer guarantee root activities are not taking place unbeknownst to you…
That goes for unrooted phones as well. The danger with rooting a phone comes from the automated software that is doing the initial rooting. It could install anything in there and the user would be none the wiser. Once it’s rooted and permissions are requested via the superuser app, it’s not any more dangerous than a non-rooted phone, assuming nothing malicious was installed during the rooting process, that is.
Once it’s rooted and permissions are requested via the superuser app
And you expect this piece of community software (that is often closed source to avoid detection by safetynet) is perfect? Never had any bugs or exploits?
it’s not any more dangerous than a non-rooted phone
The SU software itself is an attack vector. One with the ultimate payoff (root access). When you root the device you install a window in what was otherwise a solid wall. It is inherently less secure and I can’t understand how a knowledgeable person would argue otherwise.
SU software has been a thing for about as long as android about 20 years or about. Has otherwise legitimate su been a source of unattended exploiting?
The obvious risk factors are that users shall be tricked into granting inappropriate permissions to otherwise malicious or compromised software that they have deliberately installed. Outside of mobile platforms this is considered an acceptable risk that competent users can consistently successfully manage on their own hardware.
In fact if you look at actual users even those with very limited technical know how the primary thing that
The secondary risk is that users with no legit source of tools to root
I agree with what you’re saying, but all software is insecure and it should be up to the user what their risk tolerance is. Instead, users’ control of their equipment is whittled down and before long the only choice will be deal with it or don’t play. Pinephone comes to mind as a phone with root access that is somewhat secure, but it also has latent vulnerabilities that could be exploited as its version of sudo is also an attack vector. Everything is a trade off especially in software/tech.
if you use an exploit to gain SU what makes you think a malicious app can’t do the same
They can. 99% of computer security is still not installing malware or being tricked into taking actions that enable your own harm. That said often rooting methods involve physically pressing keys while booting to access the boot loader, ADB, running things with with expansive permissions. Malicious apps install via play store with reasonable permissions will generally have a much harder time breaking out of the sandbox.
Or better yet, find a new exploit in the SU management software you installed
Historically “sudo” tools haven’t been the source of many issues whereas a multitude of problems flowed from complex memory unsafe code.
As soon as you root, you can no longer guarantee root activities are not taking place unbeknownst to you
You can never guarantee this however if you are careful what you install you will remain safe same as it was before.
So google is lying about rooted devices, they seem as secure as an OEM letting an user sideload apps or google themselves letting malware apps inside their store
No my friend, our overloads have decided that you shouldn’t have control over your desktop either.
I’m not even rooted and gpay keeps breaking on crdroid for me, despite passing safetynet. I’ve given up and just got another credit card that I can use with my garmin watch that works every time without the hassle.
how would an unrooted but old, deprecated version of android be any better than an updated custom rom?
those things baffle me, they just want to take away control.dont they?
The standard seems to be complete and utter garbage. It was garbage from the very beginning, which is why I never understood why people were getting so incredibly hyped up about RCS support.
Every day I am attracted more and more by PinePhone. At least as a secondary device, at first.
Perhaps it’s not even close to polished yet with existing distributions, but at least it isn’t made to be shitty.
Does the Pinephone have RCS these days?
No. I genuinely doubt it ever will… Huge pinephone stan here but I don’t see it happening. And before you make the purchase… Please be sure you know what you’re getting into… I’m so sick and tired of folks popping in the chat rooms asking how to install android. We’re actually dealing with a lot of spam lately due to a clearly butt hurt person…
Seems like a decently attractive option. I wish more apps were/had PWA alternatives and I’d be good
I was wondering why RCS just stopped working the other day
My husband and I were having an issue yesterday sending an RCS message, they were never getting delivered. They ended up being sent via SMS. It cleared up after an hour or so
I don’t get the RCS hype. I already have apps for rich messaging and RCS offers nothing for me over those apps. What I do appreciate is SMS, which is posed to be killed-off by RCS. I can rely on SMS even when there is no data signal, can’t say that for RCS. I wish I had a way to permanently disable RCS on my Pixel 6a, instead I have to keep rejecting the ‘upgrade to RCS’ dialog.
Can’t you just disable RCS in the Google Messages app and use a different messenger? You can just change the default SMS app to one that doesn’t do RCS (which is almost all of them).
Edit:
I can rely on SMS even when there is no data signal, can’t say that for RCS.
The RCS Universal Profile Service Definition Document has the following to say about that:
Users in many cases switch cellular data usage off locally on their device. To allow the MNO to offer IR 92 / IR 94 and RCS services to their users even in these use cases, the data off switch shall have an MNO configurable impact on the device connectivity. It shall be up to the individual MNO to ensure a good Operator service experience by the end user in cases that allow IP service usage even if the data switch was set to ’off’ by the end user.
“MNO” refers to the cellular network operator you have a subscription with.
Of course, this requirement cannot be satisfied if you use a random internet server (such as Google’s) for RCS, rather than your carrier’s. This is a problem with Google’s servers, RCS itself was designed to operate even if you have data disabled. 4G and later are completely packet-based, so there is no “no data signal” situation, just “terrible reception and slow data rates”.
The hype is because America won’t switch to Internet messaging by default and only wants one app to message with. So SMS is the only primary option for that. Meaning lower resolution media, and a lack of modern features like read receipts and typing indicators.
I don’t know why, but that a sad news :/
Good news.
The more people they keep from using this garbage “standard”, the better.
It still requires a phone number. It still falls back to SMS, it still fails, a LOT - just see the comments in this thread.
It’s 20 years too late.
XMPP was better, in 2010, than RCS is today. I was using XMPP on my phone in 2010, messaging people on computers, seamlessly. Without a phone number. On multiple services using Pidgin.
No thanks, I don’t want this garbage called RCS.
I can also confirm it doesn’t work on a de-Googled device, even with something like MicroG (though it may work on GrapheneOS’s sandbox thing).
I always disliked RCS, I kept telling people it’s a walled garden, mainly controlled by Google
The weird thing is that so many people are buying into the Google and Apple marketing on SMS being insecure.
If you’re on an unroooted smartphone running stock OS, nothing you do is secure
Basically everything is more secure than SMS though. Security is a gradient, and never absolutel.
it’s a walled garden
it’s a golden prison*
I agree. You’re much better off just using Signal. It’s not federated/decentralized, but it’s all client apps, the protocol and the server code are completely open source and anyone can fork the project. It also works on every platform, its encryption protocol is the most secure one out there and it’s been around for over 10 years. They also recently added some cool new privacy features.
Ok good. But then there’s the problem of actually convincing people to use Signal. A messaging app is pointless if nobody else wants to use it.
Even so you’d think they’d want to get as many people as possible on board with RCS to increase adoption, not fewer.
Then what they’re doing tells us all we need to know.
Google wants to control what data they can glean from RCS users.
This is Google’s end game messaging app. They want to replace text messaging and Google hangouts/allo/chat… were never going to cut it.
Its a chat app that doesn’t look like one. It looks like the default sms app, you don’t need anyone to download or make an account for it. There biggest hurdle was getting iOS users. They’ve now pressed apple into supporting it as well. They even have Apple state Google will help with their installation. We know Google pay apple billions every year to keep Google search the default on iOS, it even binds Apple to publicly and in court support the arrangements. I wouldn’t be surprised if Google has paid billions just for RCS on iPhone. It will keep their marketing monopoly in place for a long time.
Jibe, maybe. RCS is just a telecom spec, like SMS and VoLTE are. If your carrier bothered to implement RCS, you can just use one of the alternative RCS apps (which won’t have Google’s proprietary encryption, of course)
Jibe is RCS. They are so dominant all other implementations will have to follow. So far only Google, Samsung and soon Apple can actually implement RCS practically.
Where I live there’s a single ISP which doesn’t use Jibe. RCS is largely Google, and this likely won’t change with iPhones supporting RCS.
The thing is is that if MNO’s truly cared about running their own RCS network (instead of leaving everything to Apple and Google). It might actually be a more open system. Sure, you can’t self host an MNO, but it’s still a much larger step forward.