Rooting concerns

[godlovingman]

I've thought about rooting my phone in the past and had a member here say I should. But my concerns are safety related worried about the security of my personal information and or phone. Worried about the software needed to do the root then the custom roms downloaded to my laptop and phone. Or am I just worrying for nothing?

 

[The_Chief]

The first thing you need to ask yourself is why you want to root. What benefit can you derive, from gaining administrator access to your phone, that you don't have already?

Back in the good old days when I rooted my Motorola Droid or Galaxy Nexus, it was because there were features and functions that I could not get with the stock Android operating system. Over time, however, those features and functions have either been added to Android or are now available as apps.

The Android ecosystem is far more complex now, with banking and financial apps; cryptocurrency trading; stock and bond trading; and every type of commerce you can think of. Because of the security concerns involved in routing and opening your phone up to full administrator access, many banking and financial apps will not run on a rooted device or a custom ROM that is different from the stock operating system.

Since I have found, over the last few years, that I lose more benefit than I gain by rooting, I haven't done it... not to mention that many devices have encrypted bootloaders that cannot be unlocked without the decryption key. And the manufacturers are not willing to provide that.

 

[godlovingman]

The first thing you need to ask yourself is why you want to root. What benefit can you derive, from gaining administrator access to your phone, that you don't have already?

Back in the good old days when I rooted my Motorola Droid or Galaxy Nexus, it was because there were features and functions that I could not get with the stock Android operating system. Over time, however, those features and functions have either been added to Android or are now available as apps.

The Android ecosystem is far more complex now, with banking and financial apps; cryptocurrency trading; stock and bond trading; and every type of commerce you can think of. Because of the security concerns involved in routing and opening your phone up to full administrator access, many banking and financial apps will not run on a rooted device or a custom ROM that is different from the stock operating system.

Since I have found, over the last few years, that I lose more benefit than I gain by rooting, I haven't done it... not to mention that many devices have encrypted bootloaders that cannot be unlocked without the decryption key. And the manufacturers are not willing to provide that.

That's why I never rooted my phone the security concerns mainly I was just making sure I'm just worrying too much like I do with most things. I'm planning on getting a new phone but just making sure I'm not just worrying for nothing.

 

[nickdalzell]

I stopped rooting when they stopped making ROMs that were as great as CyanogenMod 7.1. Back when you could overclock, use SD for internal storage, theme the entire system beyond icons, change the system UI, etc. In 2010 ROMs and rooting were far more interesting. The last ROM I used was a basic and boring Android 9.0 Pie ROM for my Nexus 6, and it was pretty lame in comparison.

Also, Pokemon Go stopped working. Why? My Serve app didn't care. Then SafetyNet happened (thanks for nothing Apple Google)

Today it's quite pointless. Custom ROMs are boring and only thing they offer are newer versions of Android for unsupported handsets. Like, as a proof of concept more than useful. You can put Android 12 on a Galaxy SII, but it will perform about like a PC with 1GB of RAM and a single-core CPU does on Windows 10.

 

[The_Chief]

@godlovingman if you have concerns about your personal security regarding use of your phone, there are things you can do to increase that security. While there's nothing to guarantee you won't be a victim of data loss or anything, it's really not necessary - the goal is to be a more difficult target. Hackers and scammers look for easy prey... so just don't be easy prey. Here are some tips:

Spoiler

A password manager is pretty much a must. It can generate and store unique, computer-generated random passwords for every site. Your vault is securely encrypted and accessed with your master password (which needs to be computer-generated as well).

While there are a number of good options out there, LastPass is not one of them. Their lax security procedures and deceptive communications to users has kicked them out of consideration by many security firms. I use Dashlane - its Friends & Family plan allows for up to 10 people on the account, and it includes the premium version of Hotspot Shield VPN.

Speaking of which, a VPN will help encrypt your online existence.

Always use 2FA (also called MFA), multi-factor authentication. Instead of just relying on username and password to log in, an additional step is required: either with a code that's texted or emailed to you, or use of an authenticator. If someone gets your credentials, they still won't be able to log in unless they get that code as well. While I do have software authenticators on my phone like Microsoft and Google authenticator apps, I am moving away from those in favor of a hardware key. This is a small device that connects to your USB port and requires your fingerprint to authenticate. I have a Yubikey 5 plugged into my desktop PC, And I have ordered a Yubikey 5C Nano that will stay plugged in to my phone. If I have to login using multi-factor authentication, I can simply touch that key: my fingerprint is registered and I'm logged in. Easy!

Finally, keep your phone up to date with the latest security patches and keep all your apps updated.

 

[godlovingman]

@godlovingman if you have concerns about your personal security regarding use of your phone, there are things you can do to increase that security. While there's nothing to guarantee you won't be a victim of data loss or anything, it's really not necessary - the goal is to be a more difficult target. Hackers and scammers look for easy prey... so just don't be easy prey. Here are some tips:

Spoiler

A password manager is pretty much a must. It can generate and store unique, computer-generated random passwords for every site. Your vault is securely encrypted and accessed with your master password (which needs to be computer-generated as well).

While there are a number of good options out there, LastPass is not one of them. Their lax security procedures and deceptive communications to users has kicked them out of consideration by many security firms. I use Dashlane - its Friends & Family plan allows for up to 10 people on the account, and it includes the premium version of Hotspot Shield VPN.

Speaking of which, a VPN will help encrypt your online existence.

Always use 2FA (also called MFA), multi-factor authentication. Instead of just relying on username and password to log in, an additional step is required: either with a code that's texted or emailed to you, or use of an authenticator. If someone gets your credentials, they still won't be able to log in unless they get that code as well. While I do have software authenticators on my phone like Microsoft and Google authenticator apps, I am moving away from those in favor of a hardware key. This is a small device that connects to your USB port and requires your fingerprint to authenticate. I have a Yubikey 5 plugged into my desktop PC, And I have ordered a Yubikey 5C Nano that will stay plugged in to my phone. If I have to login using multi-factor authentication, I can simply touch that key: my fingerprint is registered and I'm logged in. Easy!

Finally, keep your phone up to date with the latest security patches and keep all your apps updated.

I know and understand that, I feel like rooting my phone and using a custom roms opens the doors more for issues thus why I never rooted my phone and didn't really see the point. Was just wondering from others who've rooted phones before. I'm definitely not going to root any phone I have thanks everyone who responded!

 

[ocnbrze]

rooting takes some time to learn the process. it is not as easy as some of the one-clock root methods back in the day of éclair or froyo. these days you need a computer. you need to learn adb and fastboot commands.

and keep in mind that rooting breaks down your security protection. i started rooting back in the days of the HTC Hero....way back when. but recently i do not see a reason to root. phones have come a long way in that there is more internal storage and more ram to handle everyday use. it was not so in the beginning. batteries are bigger and lasts longer as well. processors are much faster. there is no need for a custom kernel that would allow you to overclock a phone anymore.

so to be honest, if you do not have the time to read and learn how to use adb or fastboot and how to root the device(each phone is going to be different) than i would recommend that you not root the phone. i have seen here were folks just jump into rooting and never really learned the process. and these guys ultimately bricked their phone.

 

[nickdalzell]

Overclocking really didn't help much back then anyway when the phone only had like 512MB of RAM. There was no any way to increase RAM via software or root or ROM (sorry, SoftRAM!)

 

[ocnbrze]

Overclocking really didn't help much back then anyway when the phone only had like 512MB of RAM. There was no any way to increase RAM via software or root or ROM (sorry, SoftRAM!)

tell that to my HTC Evo4G. i had it overclocked. it was very zippy and had a decent battery life due to the custom kernel.

 

[jhtalisman]

Rooting to me has become unnecessary. I like not having to wonder what I am flashing as each person's experience may differ.

20 years ago I was flashing custom firmware to DVD burners for better quality based upon write algorithm. Newsflash: more times than not you won't get better results deviating from the original firmware/software.

Been there and done that, but if it isn't broken, don't fix it.

 

[Hadron]

I've thought about rooting my phone in the past and had a member here say I should. But my concerns are safety related worried about the security of my personal information and or phone. Worried about the software needed to do the root then the custom roms downloaded to my laptop and phone. Or am I just worrying for nothing?

As others have said, the first thing to do is ask why you want to root. Then look at the other implications (things that won't work, or will be difficult to make work) and decide whether it makes sense overall. If the answer is still yes then make sure you understand the process before starting (and back up everything important first).

Rooting has security implications for one simple reason: since it gives the user the ability to grant administrator access to non-system apps it also means that malware could potentially exploit the same ability. Hence while you should anyway be careful about what you install and where from, and keeping your important accounts secure, it's more important with a rooted device.

If your phone allows "standard" rooting procedures (unlock the bootloader, flash a custom recovery, use that to flash the patches to root the phone or a pre-rooted custom ROM) then there's not much risk at all from the software needed to root the phone. There used to be "one-click rooting apps" which sometimes were rather shady, and which I'd never have recommended, but those things only work with really old phones these days so you should just ignore them. A ROM downloaded on your laptop is nothing to worry about: it's just an inert zip file and can't do anything. Obviously if someone were to pre-load malware on a ROM that would be a problem for anyone installing it, but since most ROM development is done in the context of an enthusiast community such things are rare (I've never actually heard of a case) an would result in the removal of user and software when discovered, so if you look on a reputable site like XDA-developers for such things I'd not be too worried about that.

Of course it also depends on what phone you have: rooting is well past its heyday and most devices have few if any custom ROMs available.

But it does come back to the old question of why? I rooted my phones between 2010 and 2017 because the early ones really needed it and the later ones I still felt I gained from it. But these days the hardware is capable enough that I don't need to tune things, and I do use some apps what would not work if I rooted, and hence I've given up doing so (I still only buy phones which I could root if I wanted, i.e. with user-unlockable bootloaders, but haven't done it for 6 years now).

 

[The_Chief]

More nostalgia...

I got my Motorola Droid in November 2009. By December 2009 custom ROMs were already showing up for it (Pete's Bugless Beauty and Bugless Beast). By rooting the phone and installing a custom ROM, I was able to overclock the Droid to 1.1 MHz stable, get wireless tethering (now called Wi-Fi Hotspot, something carriers charged a lot extra for), make complete backups of the phone, and make the phone look & feel completely different.

That trend continued with the Galaxy Nexus and Note 3: by then, I was an expert at making a nandroid backup, factory reset,, flashing new ROMs to try them out and restoring data to them. In fact, my profile icon here used to be white text on a black background, saying "I void warranties". These days, though, everything I need is already there, out of the box. I hung up my "Rooting and ROMming" hat quite a few years ago... ah, the good ol' days of the Android Open Source Project...

 

[nickdalzell]

Rooting ain't necessary for me these days. Even with a S4 Mini it does everything I need it to and doesn't bother me. That's a ten year-old phone today.

Back in the days of the LG Optimus V, however, unless you wanted to live with 60MB of internal storage after all the Google sync got done, rooting was needed to use the SD card as an internal storage partition so you could actually install stuff. That's one thing about 2009-10 that I don't miss.

If anyone remembers my beginnings here on AF, despite my fondness for Android 2.3, I was used to iOS 6 at the time. Android was different **enough** to bother me a ton. I had many root failures trying to 'fix' Android when I would have been better just leaving it alone. I just am that stubborn when I get used to something and expect it to never change. iOS 7 was what brought me to Android, but it took a lot of getting used to--since Android is that much different from iOS (or at least it used to be--it seems more and more like it these days)