If the people on the good side stop trying to find exploits like this, and by finding them develop awareness and knowledge about them, so that countermeasures can be devised, then bad actors are much more likely to find new exploits first, and when they exploit it you won’t even see it coming anymore.
Exactly!
Ultimately rooting empowers users with control, and many company profit from users not having control, like Netflix, like Google with their ads, etc., so they love to make people think rooting is somehow unsafe lol
Exactly, taking away tools which enable you to enhance your digital privacy, or the ability to use such tools, is fundamentally a flawed way to enhance your privacy in the long term.
Same for security with rooting, and it’s the same reason why the argument that “rooting makes your phone less secure” is a fundamentally flawed argument.
This would not help us much at all, Google clearly doesn’t consider iOS a completing platform because Google’s core business is still advertising not selling phones or phone OS (which Apple does both since all iPhones are iOS devices and all iOS phones are iPhones). And on iPhones Google already have most of their ads delivery platform and services offered, you have iOS apps for YouTube, YouTube Music and all of them, while the closed nature of iOS makes it even more difficult for people to do things like blocking Google’s ads with system-wide adblockers or bypassing YouTube ads with modded YouTube clients, like you can easily so on Android.
Not to mention iPhones such soooo much more than a locked down Android since on Android it’s still much easier to root as long as you have a phone with unlocked bootloader, than to jailbreak literally any iOS device, since iOS jailbreaking actually requires exploits and Android still has mostly a Linux kernel so a lot of the tools work out of the box, while iOS does not at all and has a very different OS architecture.
Yeah a really big and fundamental difference between an Android phone and an ARM laptop is that a phone has to have a low level radio stuff that have to be close sourced and fully locked down for regulatory compliance in most countries, so that they transmit radio stuff within legal bands and within legal transmission power and all that, you simply cannot open source those or even keep them user-accesable and mod-able without your device being illegal to be commercially sold as a mobile phone, because then anyone could mod them to operate as radio equipment outside the legal range. And that requires the firmware of those radio stuff to be provided by the manufecturers of those radio chips and devices (not the OEM of the phone).
In fact the inherent complexity and overhead from this was one of the biggest hurdle for early smartphone manufecturers and smartphone OS developers like Nokia and their Symbian OS to become successful. And figuring out how to deal with this efficiently between all of the radio stuff suppliers and smartphone OEMs, was one of the major reasons iPhone and Google’s Android were able to succeed commercially in the last decade. In Android this is one of the things that necessitated the HAL or hardware abstraction layer, so that the standardized Android system components and especially Android kernel don’t have to directly deal with more than thousands of different models of radio hardware from all kinds of different manufecturers that all require different drivers and such because of how they are close sourced and locked down, whereas on a regular Linux distro running on a normal ARM laptop, the drivers of all those devices can be included into the kernel and redistributed because they are open source.
Exactly, trying to find software alternative for what ultimately going to be locked down hardware is never going to be a sustainable solution.
Alternative OS means nothing if there’s no widely supported open hardware with unlocked bootloader to run such OS long term, and Google is got all mainstream phone manufactures cornered legally and commercially with this and their requirement for manufecturer authorization for shipping GMS suite with their products.
The only way out is this ridiculous decision of Google getting push backs from legislation, because there’s nothing manufecturers can do and without them there’s nothing FOSS developers can do to push back long term, and Google isn’t stopping themselves from doing Evil™.
What making things more secure? Google was absolutely NEVER concerned about the security and privacy of their user, it goes directly against their core interest as an advertising company. This move is 100% about taking control over their user and developers on their platform and is exactly 0% about doing anything to improve the security of their user.
Google is not even trying to pretend otherwise, notice how Google is only requiring verification of the developer’s, and absolutely not doing anything about verifying the actual apps from those developers, just like they have not really done anything meaningful about security checking the apps submitted on their Play Store since ever.
Yeah may Google have mercy on them LMAO
Hint: Google will NOT have mercy on them LMAO
I agree in theory, but you’re never completely in control of what’s running on Android because there are still proprietary bits (like device firmware) that we can’t replace, right?
That argument is moot, even if you use a device that’s 100% FOSS and you actually have total control over even down to firmware, like a Raspberry Pi cyberdeck/small form factor PC you built yourself using open source wifi cards, you are still connected to an internet infrastructure that’s filled with proprietary devices such as routers and servers which you have practically no control over, and deliberate malicious actors can still do MITM attack for example as long as any data is being transmitted. And it’s not really a personal mobile device anymore if you don’t connect it to the Internet at all.
However, even if you cannot ensure 100% control, having root access on your personal device enables you far greater freedom to monitor and investigate the behavior of the proprietary stuff you can’t control directly, and mitigate or bypass the security and privacy vulnerabilities they might poss with far more options than is ever even close to possible on an unrooted device.
For example, there are many apps I need to use because of services I need to use because of the city I live in, they have known track records of security and privacy violations. With a rooted device I have the freedom to capture every single pocket they transmit and analyze on Wireshark to see what they are doing, I can block internet access specifically for these apps without conflicting with my existing VPN setup, I can spoof my device’s IMEI and other identifiable information for specifically these apps so they can’t identify my phone, including even spoof my geolocation without the apps realizing they are spoofed, I can block these app’s access to my phone’s application list so they can’t profile me by seeing what other apps I have, I can block their access to my phone’s sensors without the apps knowing they are blocked (other than getting empty sensor reading), I can even deny permissions to those apps without the apps knowing the permissions were denied. On an unrooted device you either need ADB or can’t do any of these at all.
Also, without any of these tools how do you even know your device’s manufecturer has done everything they need to do to protect your security and privacy? Just because they said “Trust me bro!”?
Principle of least privilege is completely irrelevant here, any system app provided by your phone’s manufecturer already have total system control anyway, including Google’s GMS apps and Facebook framework apps that are pre-installed, and without root you also do not have an option for truly stopping or removing those apps.
This question shows you do not seem to understand what is actually going on.
It’s not the OS that need to be supported it’s the phone who’s manufecturer isn’t contractually bound by Google to implement developer verification for blocking installation, otherwise they lose access to Google’s proprietary suite including Play Store.
There are already a LOT of existing, established and technological mature OSes that are open source and don’t need to block anyone for installation applications, including Android AOSP itself.
But the problem is you canNOT use a smartphone OS without a smartphone which allows you to run it on, with unlockable bootloader so you can install the desired OS, or is designed to run the desired OS instead of Google’s garbage out of the box.
Okay then keep buying Samsung phones and support their aggressive and audacious push for walled gardens on a platform that started as an open source OS, when they are neither the most affordable nor the most feature rich option.
You deserve every bit of the enshitification and corporate exploitation that you have enabled and supported directly yourself.
That’s one of the biggest lies that’s been systemically propagated by the industry. A rooted phone is as secure as you make it, because you are in control of your device’s security.
And a device you have control over is as secure as you make it so.
It doesn’t work like that for mainstream manufactures, the way Google does this, as they have declared so far, is making it a contractal obligation to keep this code in order for them to get Google’s GMS certificate, which Google requires for authorizing them to integrate Google’s suite into their phone’s ROM, including Play Store and Google Service Framework, which are all proprietary software which manufacturers are not legally allowed to distribute without Google’s authorization. And outside China it doesn’t look like most mainstream manufactures dare to sell an Android phone without Google’s Play Store, thanks to the wonderful collective of the Android users making fricking brilliant choices with their wallet over the decade, didn’t they?
The only way out of this for a government agency to step in it seems because Google really does have the manufacturers cornered here.
Yes I agree that in terms of a financial service, tokenized transaction system indeed architecturally guarentees greater safety, but a bigger concern is the provider of this service.
Did you not hear about what happened recently when a certain major payment processor realized they can arbitrarily enforce what they think other people should and should not be able to buy, by withholding the availability of such service? Well functionally the exact same thing is happening to you, Google doesn’t want you to be able to control your own devices because Google is an advertising company who also profits from selling your data, annnnd Google also happens to be the commerical supplier of Android with their commerical GMS certification program which includes Play Integrity check and all that, so they can arbitrarily decide that if you attempt to have more control over your own device, you don’t get to use Google Wallet anymore.
Are you happy to submit to this mafia practice from Google? I wouldn’t lol. Not saying I have a solution but then again I don’t think any single individual could possibly have a solution to the disaster that is the US capitalism.
By 2025 Q2 Samsung smartphones have 19.7% global market share, how cute.
Samsung has over half of all android phones in the US.
Oh don’t worry it is not even close to being the biggest problem people in the US are having lol
Why not just use credit/debit cards like we used to do before Google Wallet got its current market dominance in certain regions?
And for most of the service apps like Uber you can just add your credit card information so payment never need to go through Google Wallet anyway, and you can also deal without your bank directly if there’s a purchase dispute instead of having to have Google in the middle, no?
By the way you’re in EU right? I’m curious which region is having so much issues with all of these
There’s a difference between you cannot root on a lot of phones and you cannot root on a lot of Samsung phones. Saying you cannot root Samsung phones isn’t all that different from saying you can’t root iPhones is it?
You mean rooting causes some of the apps which were deliberately designed to be anti-consumer, from some of the companies that are known to be most consumer-hostile with a long history of screwing over not only their customers but also the entire industry? Yes.
But why would you use those apps anyway.
That’s hardly enshitification, the USB camera monitor feature is NOT USB video output capability, which remains as a hardware feature on all Xperia phones, it is a proprietary software feature for receiving video output from Sony’s Alpha Cameras into the phone via standard USB-C port, and displaying the camera’s viewfinder feed on the phone. This is exactly the same as what you can do with for example Spacedeck to use your phone or any other Android device as an external monitor for PC, but with Sony’s own proprietary implementation. And Sony’s implementation is exclusive to their professional Alpha series cameras, you could never use your phone as an external monitor of any other device with that feature, which would always require another software to encode the video feed to transmit theough the standard USB-C interface anyway. So it’s been an extremely niche proprietary feature only used by a very small group of people who happen to be professional photographers, doing certain specific types of photography, and happen to be using certain Sony Alpha cameras instead of professional cameras from other vendors. I agree it’s a ridiculous and beyond stupid decision from Sony but I do also think it’s a bit of a stretch to call that enshitification, especially compares to the kind of practices from many other much bigger OEMs that have unfortunately become almost ubiquitous these days throughout an entire industry.
While at the same time, Sony Xperia phones remains some of the very few high end Android phones these days that still have BOTH 3.5mm headphones jack and SD card support, together with an open device policy where you’re always free to unlock bootloader and root without artificially losing major core OS features.
Yeah I also think it would take a lot more than just one single bit of discrete information in an universe of completely uniform and homogeneous nothingness, to restart the universe lol /s