Let’s talk about rooting Android phones. Many of us run Custom ROMs with SU privileges/functionality built right in, or run Stock ROMs with Magisk/SuperSU enabled. I feel we would benefit from a discussion of whether rooting is a net gain in privacy, or an inherent security risk.
Advantages of rooting:
- Ability to run privacy-enhancing applications such as AdAway (more consistent than the rootless alternative of DNS66), XPrivacyLua (sends fake data to apps forcing you to give permissions), etc. Keep in mind LineageOS’s privacy guard doesn’t function well.
- Ability to transparently proxy all traffic through Tor via Orbot.
- Significantly more flexibility in patching and fixing parts of Android that could potentially be problematic for privacy.
Disadvantages of rooting:
- Significantly increased attack surface - Neither Magisk, SuperSU or most implementations of custom ROMs are not meaningfully audited for security. An app that maliciously gains root permissions through social engineering (totally legit looking app requests SU to overlock/underclock), or through a vulnerability in SU has complete and full control of the phone.
- Unlocked bootloaders & root - unclear implications for encryption on Android phones. Could potentially be exploited by bad actors should a phone be physically compromised (e.g. at a border crossing, which US and Canadian border agents are given rights under law to do warrantless searches of phones or to indefinitely seize electronic devices to break encryption). I’m not well versed on this aspect of security, but I’m guessing a bad actor could sideload an application or firmware to compromise the encryption.
In which threat models does rooting your phone make sense for privacy? Is it worth compromising security for privacy? Is it merely a discussion of whether your threat model focuses on corporate surveillance, or nation state actors, or both?