Privacy

36418 readers

777 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

Rooting and privacy on Android (lemmy.dbzer0.com)

submitted 6 days ago by marauding_gibberish142@lemmy.dbzer0.com to c/privacy@lemmy.ml

20 comments fedilink hide all child comments

Hi,

The general consensus amongst the Android community is that rooting is detrimental to privacy. In a sense, I agree with them since privilege escalation because of human error becomes a much bigger threat if the user has root access.

Android has a big privacy problem encapsulated in one word: "baseband". Your modem and other hardware running in your device don't run FOSS firmware and are likely actively malicious towards your privacy.

I am a Linux user, and I understand that concepts do not necessarily transfer well between the two. With that in mind:

If I wanted to be absolutely certain that sensistive hardware like Camera, Microphone and Modem were truly off, would shutting them off as root hold any real significance?
- I do not know what the equivalent of Intel ME is called in the Android space, but I doubt that a highly complex OS is running beneath general Android as we know it. I think it's just the firmware of the individual device that we need to worry about.
Is it possible to replace the bootloader on some Android devices/prevent it from loading unwanted firmware?

With Google taking Android behind closed doors, I suspect we will start seeing some suspicious snippets of code here and there with questionable purpose, but which might be missed by FOSS volunteers because of the sheer volume of work that is. I'm thinking of ways we can try to evade this blatant grab of our personal data.

you are viewing a single comment's thread
view the rest of the comments

[–] drkt_@lemmy.dbzer0.com 21 points 6 days ago (3 children)

I may have misunderstood, but Google isn't doing Android behind closed doors; it's just development. The released versions will still be as open as they are now, as far as I've understood.

[–] shortwavesurfer@lemmy.zip 18 points 6 days ago* (last edited 6 days ago) (1 children)

That's my understanding as well. It's to keep people like the media from being able to determine upcoming functionality by looking at code snippets. So the development would go on in secret, and then once per year, all the final code would be pushed to AOSP. However, OP does make a good point because if you have to examine all the final code at once, you might miss something that would be privacy detrimental.

[–] zwekihoyy@lemmy.ml 2 points 5 days ago

aosp code used to be released all in one lump sum at new version launch and Google has actually changed that to being quarterly releases which takes a lot of burden off android based os devs. so things are actively going in the opposite direction you've hypothesized here.

[–] quickenparalysespunk@lemmy.dbzer0.com 9 points 6 days ago* (last edited 6 days ago)

i think OP is implying the extra time that will be needed on foss volunteers part to review the code at the time [edit: 'of'] release.

it's like pouring liquid into a flimsy plastic cup. drop by drop, the cup can handle it. pour a lot all at once and the cup may tip over and spill.

[–] marauding_gibberish142@lemmy.dbzer0.com 1 points 6 days ago* (last edited 5 days ago) (1 children)

This is setting Google up to eventually say "Aw shucks, might as well make it proprietary, we're doing it in-house anyway".

Edit: I can't believe this comment got downvoted. I wish I could see who the Google SIMPs are in this community

[–] drkt_@lemmy.dbzer0.com 3 points 6 days ago (1 children)

Long live the Linux phone.

[–] marauding_gibberish142@lemmy.dbzer0.com 7 points 6 days ago (1 children)

None of them usable

[–] Pherenike@lemmy.ml 3 points 5 days ago (1 children)

I bought a Linux phone back in 2015 (BQ Aquaris 5 running Ubuntu Touch) and even back then with the flagrant lack of apps the phone was usable

[–] marauding_gibberish142@lemmy.dbzer0.com 1 points 5 days ago (2 children)

Are you able to run banking and chat apps?

[–] Pherenike@lemmy.ml 3 points 5 days ago

I don't have that phone anymore but I used WebApps for banking and chatting and they worked well. Now their app store is much much bigger though.

[–] toastal@lemmy.ml 3 points 5 days ago (1 children)

You can still use cash & websites for banking tasks. You chat should be on an open source protocol so there is bound to be an application or web app for that too.

[–] marauding_gibberish142@lemmy.dbzer0.com -1 points 5 days ago (1 children)

2FA won't work as well for banking. Unfortunately, family is still on WhatsApp

[–] toastal@lemmy.ml 2 points 5 days ago

One of my banks properly uses TOTP which is independent & the other uses SMS which isn’t secure, but is also independent. I would straight up leave a bank if an app was required since there are always other options.

Family is the easiest to convert since they have unconditional love for you & would me the easiest to understand your concerns. You could even roll out a Snikket instance for everyone to use together.