1. 37
  1.  

  2. 12

    If you have to have a non-free firmware (and you do) I’d rather it be made by Apple instead of “Xiaomi”.

    Any layers of free software you add on top of that non-free foundation can never erase the fundamental truth that you don’t control your device and are therefore in the business of selecting a company to trust. And I don’t think there is much “carefully selecting a company to trust” going on here.

    I would love if things had gone a different way — I’d buy an iStallman phone in a heartbeat — but that’s water under the bridge.

    1. 10

      The firmware isn’t really made by Xiaomi. It’s all Qualcomm. I’m not sure if Qualcomm even shows their source code to the actual phone vendors.

      1. 4

        theres no good option for a cell phone to talk on, but there is this:

        https://pyra-handheld.com/boards/pages/pyra/

        1. 1

          Does it make sense for them to track at the firmware level, considering that the vast majority of their users is okay with having it in userspace?

          1. 1

            Not sure. Better question: Would you trust them not to if there was a profitable and/or convenient reason for doing so?

        2. 7

          Xiaomi has a specific policy about the bootloader unlocking

          Fun fact, this does not apply to their “Android One” models (A1, A2) — they are fastboot oem unlockable without any extra procedures, just like good old Nexuses :)

          1. 3

            Correct, I have an a1 and unlocked it this week and put lineage on it. They made it really easy to unlock it, it surprised me too.

          2. 3

            Do you really need to have root privileges on your Google-free phones?

            I would like to keep my phone as much secure as possible, and having root privileges enabled doesn’t seem like a smart choice if you have security in mind too.

            1. 7

              Yes. I’m the owner of the hardware, I want to be able to do whatever I want with it, including the things that not having root would prevent me from doing.

              1. 3

                The problem with this idea is that you are also allowing the possibility for any applications you install to also use root. Some ‘root access management’ apps will prompt you, etc, but then you’re just depending on them to not have any issues that would allow an app to circumvent their checks.

                I am the owner of my hardware, and I choose to not allow applications to assume more permissions than the OS was designed to allow them to have.

                1. 7

                  That just sounds like an argument for improving those components instead of giving up control altogether.

                  1. 8

                    Not at all what I intended. I’m merely pointing out the downfall in enabling root access on current mobile operating systems. I would use root in an OS which I could control, sadly there’s no longer any mobile device supporting one (RIP N900), but hopefully there will be a new one soon (Librem 5 cannot come fast enough).

                    1. 2

                      That makes sense.

                      1. 2

                        My N900 is still kicking, but yeah it’s not my daily driver because browser reasons :P

                        Besides Librem5, we’re also waiting on the Pyra. The Gemini is here today running Debian as an alternate. Also running ubports on a Nexus 5 can get you close.

                        1. 1

                          Of course! There’s also postmarketOS.

                    2. 3

                      There used to be a lot of good use cases for rooting an Android phone, because there were a lot of reasonable things you needed root to do (run VPNs, block ads, change DNS settings, put background apps to sleep) and a lot of the culture of that time has persisted in the Android modding community. But over time, most of the things you really needed root for have been either added to the base system (doze, night mode) or made available to a user-space API (VPNs) or developer settings. With Android 7 or later, the only thing you really would need root for is micro-tweaking kernel settings, and that’s really only useful when you’re trying to get the most out of older hardware. Now it’s worth the little bit of extra security to leave your phone/tablet unrooted.

                      1. 4

                        There used to be a lot of good use cases for rooting an Android phone

                        If you’re using a carrier-branded phone there are still reasons:

                        • Debloating/disabling undesirable preinstalled apps.
                        • Fine-grained app permissioning (xposed framework).
                        • App hibernation and background running control.
                        • DNS choice and filtering.
                        • Ad Blocking.
                        • Enabling hotspot support (varies with carrier).
                        1. 4

                          Some of those (DNS and ad blocking) no longer require root.

                          If you are able to unlock the bootloader and run something like LineageOS, then you effectively resolve the remaining issues without rooting the device.

                          1. 1

                            Oof. Yeah, though to be totally pedantic, you could install an unrooted LineageOS on that phone (if it, or similar, is available), and get most of those. Blokada gives you DNS choice and filtering and ad blocking, and it doesn’t require root (it uses the VPN framework).

                            1. 1

                              Blokada

                              I’ll give that try. I found DNS66 to cause long hangs and random lookup failures and, of course, AdAway requires root.

                    3. 4

                      The ‘root access’ moniker is a bit of a misnomer as it makes many people seem to think disabling it disables the root account. This is of course not what happens, Android being *nix underneath it by definition has a root account which is used to boot the device and run a host of services. Any bugs which would give rise to local root access still apply no matter whether a working su is installed or not. If the installed su app is working as it should the attack surface is only raised by so much as the user remains vigilant over granting root to specific apps. Any app which does get root can abuse it so this privilege should only be bestowed upon those bits which are ’ known to be trustworthy’. In other words, the security of a ‘rooted’ device depends for a large part on the judiciousness by which the user grants or denies root access, just like the security of a firearm depends on the hand wielding it.

                      1. 1

                        depends for a large part on the judiciousness by which the user grants or denies root access

                        Not entirely. It also depends extremely heavily on the mechanism used to manage root access (e.g. SuperSu). If that application has issues that can be exploited to go around the user intervention, then all bets are off. Suddenly your firearm is capable of firing without you touching it.

                        1. 1

                          If the installed su app is working as it should the attack surface is only raised by so much as the user remains vigilant over granting root to specific apps.

                          1. 1

                            Ok, but my point is that’s a mighty big assumption to make.

                      2. 3

                        Like any decent system, every root requests are accepted (or rejected) by the user.

                        It’s not like you installed an app from the store and it uses root without you knowing.

                        1. 3

                          You’re assuming the root manager software (like Magisk, or SuperSU back in the days) has no security issues whatsoever.

                          Mind you, I’m not saying that commonly used root managers are compromised, but I believe that the current status of Android rooting management is inherently insecure because we rely on software not always audited. I prefer having a custom ROM (maybe even with a custom boot chain of trust!) without root rather than leaving such a wide attack surface available for an hypothetical rogue party.

                        2. 1

                          because if someone stole your phone and guessed your root password they could install whatever they want on it?

                          1. 1

                            Is this an argument against my thought? If yes could you please elaborate more? I’m curious about your point of view, and I’m afraid my (lacking) knowledge of English didn’t help me understanding your reply.

                            1. 2

                              i’m confirming how having root access hurts security. which attacks can be carried out when your phone is rooted, which couldn’t be carried out if it weren’t rooted?

                              1. 3

                                An app with root access can read the private data of other apps, and can generally disregard the permissions system, so that’s two major classes of things there.

                                1. 1

                                  but the user would be able to decide whether to run a program as root, wouldn’t they?

                                2. 3

                                  One could trick the user into installing an app that bypasses root managers and gets root permissions directly. From there, the same rogue app could steal basically everything from the user’s phone without even noticing anything.

                                  1. 1

                                    why would the app be run as root? on linux i can build and run programs as my user account without giving the programs root permissions. i install programs with sudo, but then i’m running the package manager which is code i trust, not the programs i’m installing which i trust less. after installing a program, i still have to explicitly run it as root. does android work differently?

                          2. 2

                            I have an old Nexus 4 that I keep around, and very sporadically try to get it up & running using LineageOS without Google Play Services, in hope that I’ll be able to do that one day on the phone I use daily.

                            It generally works impressively well, but for the life of me I cannot convince OsmAnd~ to properly figure out my location. I’ve tried all combinations in the Android Location settings dialog, all failing miserably (OsmAnd~ reporting “Position not yet known” indefinitely). I’m currently at a point where I’m considering hardware failure as an option, since it’s an old phone and this seems to be working out of the box for everyone else in the “Google-free Android phone” genre of articles… But I’m fairly certain the thing worked properly before switching to LineageOS.

                            If anyone has any ideas, I’m all ears. I feel like I’m really close, but I depend on my phone’s maps too much to just let it go.

                            1. 4

                              You need a location services provider installed, which is one big thing I noticed the article neglected to mention. The MicroG project includes one along with other replacements for Google Play services.

                              1. 2

                                That makes a lot of sense. I need to look into it, thanks!

                                I have seen MicroG mentioned around before, but I wasn’t sure whether I really needed it.

                                1. 2

                                  Just to follow-up – I have played around with this today, and can confirm everything works fine after installing UnifiedNlp and a few location plugins. I did not have to install the “full” MicroG package, which is neat.

                                  There are a few hoops to jump through, though: I had to push the APK to /system/apps-priv from my computer since the standard installation from F-Droid did not work, and once I did that, it was not obvious how to configure UnifiedNlp (there was no icon in the application drawer, but there is an option in Android’s location settings).

                                  Thanks for the pointer, gcupc!

                              2. 2

                                Thanks in part to this article, I finally switched my phone (Moto G4 Plus) over to LineageOS without Play Services. The piece of the puzzle I was missing was Aurora - I didn’t realise that I could install Play Store apps without chasing down APKs.

                                So far it has been a surprisingly smooth transition, in part I’m sure because I’ve already 90% off Google services. The remaining 2 I use a lot are GCal and YouTube - NewPipe is a great replacement for YT, but I haven’t worked out what to do with GCal yet. For the moment I’m using davdroid to sync gcal.

                                1. 2

                                  Try not to rely on fingerprint unlock only, or better yet use only PIN/password/pattern unlock, as biometric data can be cloned.

                                  Source?

                                    1. 1

                                      The researchers did not test their approach with real phones, and other security experts said the match rate would be significantly lower in real-life conditions.

                                  1. 1

                                    Or just buy a cheap dumb phone with no internet access and very few sensors to track you.