I’m frustrated. I’m a long time fan of Motorola. Their phones have been pretty simple and easy to remove junk apps. Recently I got an update that forced perplexity on my phone.

  • jeff_hykin@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    1 month ago

    Good guess about the federating problem. Thats a good reminder for me to change instances (was on lemm.ee before it died, .world was my backup).

    OTA, While a fair point, again is a technical problem. Desktop systems get timely OTA updates. Its perfectly possible for rooted Android to get security updates that are on-par with rooted (e.g. basically any) Linux systems. The hash can be done on the incoming update instead (integrity hash) instead of on the system.

    Linux has other tools and protections.

    1. If there are protections they’re at the system level (not app space). Which means the ROM provider could/should add those same protections as Linux instead of saying “you dont need root, stop asking”.
    2. AFAIK there are, unfortunately, basically no protections on Linux. Sudo can be trivially shimmed (add malicious exe to PATH) without even having sudo permissions, then the next time user inputs sudo an attacker would have their password. Its bad that its so easy, but its a double standard to say Linux is fine but an (up to date) Android with root is vulnerable.
    • AmbiguousProps@lemmy.today
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 month ago

      OTA, as of right now, needs to hash the device to prevent system corruption. I don’t think it’s a very simple problem to solve, or surely there would be a ROM out there that does fix it with root. A better fix would be a package manager, but that’s not going to happen with AOSP.

      Regarding #1, it’s fundamental to AOSP, and not any particular ROM. Similar to the OTA issue above. It’s not just graphene (which, technically, you can root fyi, but I really would not do so, as again it defeats the purpose of running a verified boot secured phone).

      #2 is debatable, because it’s also highly dependent on the distro and configuration. As an example, immutable distros (which are actually closer to Android than non-immutable distros) make it so sudo/root isn’t needed very often, if at all. Fedora CoreOS, for example, can run package updates on a schedule without user intervention, use rootless containers, and do verified boot. It can be deployed from a single file and validate itself after the fact, meaning a user would never be prompted for a password at any point. Obviously that’s not a 1:1 because it isn’t made for PC usage, but other distros based on Fedora Silverblue and the like can be more secure than standard Linux for similar reasons. Everything is generally sandboxed (flatpaks and containers) and root is rarely, if ever, required.

      That being said, if you’re not concerned, there isn’t anything stopping you aside from your phone’s manufacturer, which I’m sure you’re aware of. I’m fine just knowing that I could do it, and much prefer the security benefits of verified boot and proper sandboxing above all else. I don’t trust Google to properly patch zero days related to rooted phones, let alone patch the ones that affected non rooted devices.

      • jeff_hykin@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        1 month ago

        Immutable OS’s like nix and fedora silverblue still have sudo, they can still rm -rf /. If they can do it and maintain security, then Android can too.

        I agree both the OTA and safe way of doing superuser requests could be heavy technical work. My bigger point is people who manage ROM’s shouldn’t demonize having full control of devices we own. Root can be done safely. Its not an inherent security risk, its just a technical problem waiting for a technical solution. “Just accept you dont need it” is not an acceptable response IMO.

    • ScoffingLizard@lemmy.dbzer0.com
      link
      fedilink
      arrow-up
      1
      ·
      1 month ago

      Wait, what? Like there are no protections on PATH and you’re saying that sudo can be hijacked and replaced with simething that does the same thing but with a keylogger.

      • jeff_hykin@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        1 month ago

        Yeah try it. It is concerningly easy. Write a program that edits the users bashrc/zshrc. Have it append a line that adds something to the front of the path, and have it shim sudo. You can even have it forward the password to the real sudo.

        Instead of waiting for the user to open another shell, you can also open a subshell. (E.g. your malicious program never returns/exits, it just appears to exit by opening a subshell witj the modified path)

        • ScoffingLizard@lemmy.dbzer0.com
          link
          fedilink
          arrow-up
          1
          ·
          1 month ago

          Aaaaaand, now I want to check the source code of all git repos before doing a git clone. Damn. Yeah, Ill test it out. Thanks for the heads up. Now I know why it’s so dumb to run yay as root.