Years ago, on Fridays, we would share Custom ROM Friday posts that would highlight new and exciting developments in the world of custom Android ROMs. It was great times, as it seemed like the majority of our readers at the time were deep into running custom software and accessing root...
Well, yes, breaking the security model is the whole point. The security model prevents things you might want to do, like using the hosts file as a denylist (adblocking). On the other hand, a malicious app writing the hosts file would allow an attacker to impersonate websites and services. HTTPS wouldn’t save you either since they could add malicious certificates.
Ideally, we’d have ways to open much smaller holes in the security model; an ACL could allow an app to write just the one special file or directory it actually needs rather than giving it completely unrestricted access.