Rooted Android phones vulnerable due to Android kernel patching flaws
zimperium.comThe author goes into the weeds on the vulnerabilities that can be left following some rooting methods. All to the good.
Meanwhile, it's non-rooted phones that get endlessly compromised
by state sponsored cellbright attacks (LEO),
by blackhatted Israeli exploitive malware platforms
and from an endless array of general crapware, much
of it from handset manufacturers, wireless carriers and
their bloatware affiliates.
>Meanwhile, it's non-rooted phones that get endlessly compromised
With the notable exclusion of GrapheneOS. (It's also Cellebrite-proof going on three years now.)
What are the security vulnerabilities of GrapheneOS?
> With the notable exclusion of GrapheneOS. (It's also Cellebrite-proof going on three years now.)
Does Whatsup run on GrapheneOS ? Asking for a friend /s
You are mistaking "rooting" with using a different Android distribution.
You can install GrapheneOS/Lineageos without root. And you can install a su binary on the stock OS, not improving privacy at all.
Would be much easier to work against such vulnerabilities if rooting was officially sanctioned and actual resources could be put towards making it a viable and secure option, rather than taking away the power from the user for the device they purchased.
Giving apps root permissions exposes a huge hole in the Android security system (normal permissions) though. This is inherently more insecure than not having root at all.
> rather than taking away the power from the user for the device they purchased
I disagree with that. Not having root doesn't mean it's inherently anti-user. I use GrapheneOS without root and am still in total control of my device.
What does giving apps root permissions have anything to do with rooting a device? Rooting in this context means unlocking the bootloader to allow for a custom OS/kernel that isn't signed by the OEM. You can have a rooted device while still running an OS that restricts apps (that behave) from having root account access.
I'd rather have the ability to enroll my own keys so I can boot my own signed OS and maintain a root of trust that I own much like what can be done on desktop Linux with a TPM. IIRC Google's Pixel phones have this ability (and are one of the few phones that have this ability if I'm not mistaken).
> Rooting in this context means unlocking the bootloader to allow for a custom OS/kernel that isn't signed by the OEM
That would not be the correct usage of the term "rooting". "Rooting" on Android systems generally means to install a `su` binary (like Magisk) that you can use to give apps root permissions, thus completely circumventing the normal android app permission system.
> I'd rather have the ability to enroll my own keys so I can boot my own signed OS and maintain a root of trust that I own much like what can be done on desktop Linux with a TPM. IIRC Google's Pixel phones have this ability (and are one of the few phones that have this ability if I'm not mistaken).
I agree completely. I have a Google Pixel and use this with GrapheneOS.
This feature is `called avb_custom_key`, and yeah, unfortunately only some devices support it.
I am not understanding what you are trying to say. Nobody runs daily apps as root on desktop linux either. Root here means ability to not necessarily actually doing something as the root user.
I don't know anything about Android permission system is built atop linux, what does it mean when you say giving an app 'root permissions'?
This latest test is related to rooting framework KernelSU. Sinilar vulnerabilities were found earlier in other rooting frameworks such as APatch , SKRoot, etc. The vulnerability results in gaining root access and escalated privileges.