Privacy

36445 readers

859 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

Rooting and privacy on Android (lemmy.dbzer0.com)

submitted 6 days ago by marauding_gibberish142@lemmy.dbzer0.com to c/privacy@lemmy.ml

20 comments fedilink hide all child comments

Hi,

The general consensus amongst the Android community is that rooting is detrimental to privacy. In a sense, I agree with them since privilege escalation because of human error becomes a much bigger threat if the user has root access.

Android has a big privacy problem encapsulated in one word: "baseband". Your modem and other hardware running in your device don't run FOSS firmware and are likely actively malicious towards your privacy.

I am a Linux user, and I understand that concepts do not necessarily transfer well between the two. With that in mind:

If I wanted to be absolutely certain that sensistive hardware like Camera, Microphone and Modem were truly off, would shutting them off as root hold any real significance?
- I do not know what the equivalent of Intel ME is called in the Android space, but I doubt that a highly complex OS is running beneath general Android as we know it. I think it's just the firmware of the individual device that we need to worry about.
Is it possible to replace the bootloader on some Android devices/prevent it from loading unwanted firmware?

With Google taking Android behind closed doors, I suspect we will start seeing some suspicious snippets of code here and there with questionable purpose, but which might be missed by FOSS volunteers because of the sheer volume of work that is. I'm thinking of ways we can try to evade this blatant grab of our personal data.

you are viewing a single comment's thread
view the rest of the comments

[–] utopiah@lemmy.ml 2 points 6 days ago (1 children)

The general consensus amongst the Android community is that rooting is detrimental to privacy. In a sense, I agree with them since privilege escalation because of human error becomes a much bigger threat if the user has root access.

No, that's BS. It entirely depends on your "threat model" just like security.

Namely if you go full OSHW/FLOSS and yet you volunteer your data on Facebook.com (or whatever that website is called today) then you have no privacy. It's not a technical problem, it's a behavior problem.

If your threat model is about government hiring dedicated staff to know what you are up to, or that the infrastructure you rely is can't be trusted, then rooting is the last of your problems.

I'm not saying you shouldn't worry but I don't see the relevance of rooting Android in that situation. Root or not does not somehow change how your modem behaves, you're still at the mercy of the drivers.

I recommend you check projects like Precursor (at https://precursor.dev/ redirecting to the CrowdSupply page) which try to tackle, if I understood correctly, the kind of worry you have, namely actually understand the entire stack.

That being said, even in such context, you still rely on some infrastructure to relay messages to others so you need that and the recipients to also respect your privacy. If not (which would be a fair assumption) then at least you must understand the cryptographic primitives you rely on... and if you don't (which most people don't, me included despite my interest in the mathematics behind that, in particular one-way functions) then you have to some trust in the public research in the domain.

So... I do have a Precursor, tinker with it, PinePhone and PinePhone Pro, had an iOS phone until recently, switched to (rooted) /e/OS and my personal position is that while interacting with others (and a mobile is 100% about that) one has to make pragmatic about their choices.

[–] N0x0n@lemmy.ml 2 points 5 days ago

That's some crazy stuff ! Being able to completely change/repair every part is something every smartphone should be capable off...

We are in a buy/throw away generation amidst a big climate change issue/rare ore depletion... That's depressing.