A rooted phone is definitely a bigger security risk if you don't know what you're doing, as anything with root access is unbounded by the usual android permission system, and can completely demolish your OS. Additionally it can serve as a big warning if someone else has tampered with your device.
Indeed, though I have yet to meet somebody that “doesn’t know what he’s doing” in matters of rooting. Basically, the phones that are still the easiest to bootload unlock are usually only appealing to tech geeks, while the most mainstream phones have a much more complex and hacky (if at all possible) process to unlock. So that in itself filters a lot of tech non-savvy users from getting into the subject…
I’m not sure I agree though with "as anything with root access is unbounded by the usual android permission system, and can completely demolish your OS”. Android’s permission system is imho garbage. It may on paper tick the “provides user with permission management” but since apps that are ill-intended will usually 1) drown the layperson in a multitude of permission requests to do anything,, it will usually translate to the user blanket accepting everything defying fine permission management as a whole 2) finer ID / privacy related data acces permissions don’t even get prompted for access, and only rely on the completely broken dev declarative scheme on the play store. IMHO, the finer permission management solutions that the Android community came up with ages ago (well before Android/Apple even thought fo implementing any permission management) did a much better job.
Rooting comes with a root manager (magisk, superUser…) that modal-prompts the user for either permanent or one-time allow / deny access when an app requests root that can be secured by fingerprint/password. I’d argue Root managers are more user-stupidity-proof thant Android’s own permission manager.
As for malicious apps requesting rooting, well, in the end, if the user is 1) stupid enough to download such apps (I’m guessing shady warez / cheat enabled games for the masses) 2) even stupider to accept a root access request from such an app… let natural selection do its job.
A lot of people definitely don't realize what rooting actually means. If a user blindly accepts all permissions, there's no way it can be framed as an OS problem, that's definitely a user problem. If an app requests permission I think it shouldn't have, I deny it. If the app doesn't work afterwards, I don't need the app.
Totally true, yet this thread app access requestments are more scary to me. I would like to limit those kind of apps. I root to install some ROMs and have fun, by "noobie" i meant that i can't follow the steps without a guide. I didn't mean that i run havok with root accesses left and right.
Thanks for the warnings, yet i still think a literal gambling app is much more risky. I don't use my mobile phone on sensitive password saving apps or banking apps as i think those are risky on rooted phone too. I am just having fun as a careful newbie.
A rooted phone is definitely a bigger security risk if you don't know what you're doing, as anything with root access is unbounded by the usual android permission system, and can completely demolish your OS. Additionally it can serve as a big warning if someone else has tampered with your device.
Indeed, though I have yet to meet somebody that “doesn’t know what he’s doing” in matters of rooting. Basically, the phones that are still the easiest to bootload unlock are usually only appealing to tech geeks, while the most mainstream phones have a much more complex and hacky (if at all possible) process to unlock. So that in itself filters a lot of tech non-savvy users from getting into the subject…
I’m not sure I agree though with "as anything with root access is unbounded by the usual android permission system, and can completely demolish your OS”. Android’s permission system is imho garbage. It may on paper tick the “provides user with permission management” but since apps that are ill-intended will usually 1) drown the layperson in a multitude of permission requests to do anything,, it will usually translate to the user blanket accepting everything defying fine permission management as a whole 2) finer ID / privacy related data acces permissions don’t even get prompted for access, and only rely on the completely broken dev declarative scheme on the play store. IMHO, the finer permission management solutions that the Android community came up with ages ago (well before Android/Apple even thought fo implementing any permission management) did a much better job.
Rooting comes with a root manager (magisk, superUser…) that modal-prompts the user for either permanent or one-time allow / deny access when an app requests root that can be secured by fingerprint/password. I’d argue Root managers are more user-stupidity-proof thant Android’s own permission manager.
As for malicious apps requesting rooting, well, in the end, if the user is 1) stupid enough to download such apps (I’m guessing shady warez / cheat enabled games for the masses) 2) even stupider to accept a root access request from such an app… let natural selection do its job.
A lot of people definitely don't realize what rooting actually means. If a user blindly accepts all permissions, there's no way it can be framed as an OS problem, that's definitely a user problem. If an app requests permission I think it shouldn't have, I deny it. If the app doesn't work afterwards, I don't need the app.
Totally true, yet this thread app access requestments are more scary to me. I would like to limit those kind of apps. I root to install some ROMs and have fun, by "noobie" i meant that i can't follow the steps without a guide. I didn't mean that i run havok with root accesses left and right.
Thanks for the warnings, yet i still think a literal gambling app is much more risky. I don't use my mobile phone on sensitive password saving apps or banking apps as i think those are risky on rooted phone too. I am just having fun as a careful newbie.