Hi, I’m wondering myself is root useful or not ? In which case it can be useful ? And Root with magisk is unsecure ?

  • 9tr6gyp3@lemmy.world
    link
    fedilink
    English
    arrow-up
    11
    arrow-down
    32
    ·
    1 year ago

    Rooting Android is one of the most insecure things you can do to your Android phone.

    • db2@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      19
      arrow-down
      8
      ·
      1 year ago

      That’s like saying being able to turn left is one of the most dangerous things you can do to your car.

      • PlatinumSf@pawb.social
        link
        fedilink
        English
        arrow-up
        28
        arrow-down
        5
        ·
        edit-2
        1 year ago

        No, it’s like saying swapping out the fuel delivery system and ecu fuel mapping with a custom tunable system and Map is one of the most dangerous things you can do to your car; which it is if not done by a professional or someone with significant experience/understanding.

        • pimento64@sopuli.xyz
          link
          fedilink
          English
          arrow-up
          18
          arrow-down
          2
          ·
          1 year ago

          No, it’s like saying having admin permissions is one of the most dangerous things you can do on your home computer. Only an idiot would think that.

          • Milady@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            I mean, it is, if you don’t have admin you can’t install root-level malware directly (still can if the malware uses some bug to gain privilege). But I still fully agree with your point, I just wanted to say that technically, having root is dangerous in the sense that you can do anything. Most end users have no reason to modify system files etc. Since they only use a web browser and word.

            • ChonkaLoo@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              That’s going to be a thing of the past. The future for corporate users is a locked down monitored system with least privilege access in the name of security. Zero Trust they call it.

            • pimento64@sopuli.xyz
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              3
              ·
              1 year ago

              How much damage to end users deal

              When I was in IT

              most people aren’t

              most people click

              1. I’m talking about home computers

              2. Skill issue + not my problem. It doesn’t matter if most people are competent, they should have full control over their property. The ones who fuck up will be responsible for the consequences of their actions. Most people are too stupid to use power tools correctly, but the last time I checked, I didn’t have to nicely ask Milwaukee to unlock the bootloader on my drill so I could use it with torx bits.

          • 9tr6gyp3@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            2
            ·
            edit-2
            1 year ago

            Notably, there is a difference between admin and root.

            One has checks, the other can run scripts, change permissions, move files, delete files, hide malware, install rootkits, install ransomware, exfiltrate data, alter your OS, change hardware voltages, etc all without so much as a prompt.

            It doesn’t matter if you’re a beginner or a seasoned veteran with handling root, it can cause some heavy damage to your system when you or another application mishandle it.

            Rule of thumb is to remain in user mode for the entirety of your sessions. Only use admin rights when you need to make a system change. Most well-designed applications should not need to be run as admin, and definitely not root.

              • 9tr6gyp3@lemmy.world
                link
                fedilink
                English
                arrow-up
                2
                arrow-down
                1
                ·
                1 year ago

                Its called the principle of least privilege, or principle of minimal privilege, or principle of least authority.

                Its a philosophy learned by anyone who is serious about information assurance. Its a very basic, yet fundamental security concept.

          • PlatinumSf@pawb.social
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            2
            ·
            1 year ago

            Lol you’re not getting those admin permissions by flipping a simple switch. Root access is far more involved than simple admin permissions so please try again.

      • evo@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        The thing about “knowing just enough to be dangerous” is typically the person doesn’t realize that’s all they know.