Related
The Vulnerability
In recent updates to some of its devices, HTC introduces a suite of logging tools that collected information. Lots of information. LOTS. Whatever the reason was, whether for better understanding problems on users' devices, easier remote analysis, corporate evilness - it doesn't matter. If you, as a company, plant these information collectors on a device, you better be DAMN sure the information they collect is secured and only available to privileged services or the user, after opting in.
That is not the case. What Trevor found is only the tip of the iceberg - we are all still digging deeper - but currently any app on affected devices that requests a single android.permission.INTERNET (which is normal for any app that connects to the web or shows ads) can get its hands on:
the list of user accounts, including email addresses and sync status for each
last known network and GPS locations and a limited previous history of locations
phone numbers from the phone log
SMS data, including phone numbers and encoded text (not sure yet if it's possible to decode it, but very likely)
system logs (both kernel/dmesg and app/logcat), which includes everything your running apps do and is likely to include email addresses, phone numbers, and other private info
Normally, applications get access to only what is allowed by the permissions they request, so when you install a simple, innocent-looking new game from the Market that only asks for the INTERNET permission (to submit scores online, for example), you don't expect it to read your phone log or list of emails.
But that's not all. After looking at the huge amount of data (the log file was 3.5MB on my EVO 3D) that is vulnerable to apps exploiting this vulnerability all day, I found the following is also exposed (granted, some of which may be already available to any app via the Android APIs):
active notifications in the notification bar, including notification text
build number, bootloader version, radio version, kernel version
network info, including IP addresses
full memory info
CPU info
file system info and free space on each partition
running processes
current snapshot/stacktrace of not only every running process but every running thread
list of installed apps, including permissions used, user ids, versions, and more
system properties/variables
currently active broadcast listeners and history of past broadcasts received
currently active content providers
battery info and status, including charging/wake lock history
and more
Let me put it another way. By using only the INTERNET permission, any app can also gain at least the following:
ACCESS_COARSE_LOCATION Allows an application to access coarse (e.g., Cell-ID, WiFi) location
ACCESS_FINE_LOCATION Allows an application to access fine (e.g., GPS) location
ACCESS_LOCATION_EXTRA_COMMANDS Allows an application to access extra location provider commands
ACCESS_WIFI_STATE Allows applications to access information about Wi-Fi networks
BATTERY_STATS Allows an application to collect battery statistics
DUMP Allows an application to retrieve state dump information from system services.
GET_ACCOUNTS Allows access to the list of accounts in the Accounts Service
GET_PACKAGE_SIZE Allows an application to find out the space used by any package.
GET_TASKS Allows an application to get information about the currently or recently running tasks: a thumbnail representation of the tasks, what activities are running in it, etc.
READ_LOGS Allows an application to read the low-level system log files.
READ_SYNC_SETTINGS Allows applications to read the sync settings
READ_SYNC_STATS Allows applications to read the sync stats
Theoretically, it may be possible to clone a device using only a small subset of the information leaked here.
I'd like to reiterate that the only reason the data is leaking left and right is because HTC set their snooping environment up this way. It's like leaving your keys under the mat and expecting nobody who finds them to unlock the door. For a more technical explanation, see the section below.
Additionally, and the implications of this could end up being insignificant, yet still very suspicious, HTC also decided to add an app called androidvncserver.apk to their Android OS installations. If you're not familiar with the definition of VNC, it is basically a remote access server. On the EVO 3D, it was present from the start and updated in the latest OTA. The app doesn't get started by default, but who knows what and who can trigger it and potentially get access to your phone remotely? I'm sure we'll know soon enough - HTC, care to tell us what it's doing here?
Technical Details
In addition to Carrier IQ (CIQ) that was planted by HTC/Sprint and prompted all kinds of questions a while ago, HTC also included another app called HtcLoggers.apk. This app is capable of collecting all kinds of data, as I mentioned above, and then... provide it to anyone who asks for it by opening a local port. Yup, not just HTC, but anyone who connects to it, which happens to be any app with the INTERNET permission. Ironically, because a given app has the INTERNET permission, it can also send all the data off to a remote server, killing 2 birds with one stone permission.
In fact, HtcLogger has a whole interface which accepts a variety of commands (such as the handy :help: that shows all available commands). Oh yeah - and no login/password are required to access said interface.
Furthermore, it's worth noting that HtcLogger tries to use root to dump even more data, such as WiMax state, and may attempt to run something called htcserviced - at least this code is present in the source:
/system/xbin/su 0 /data/data/com.htc.loggers/bin/htcserviced
HtcLoggers is only one of the services that is collecting data, and we haven't even gotten to the bottom of what else it can do, let alone what the other services are capable of doing. But hey - I think you'll agree that this is already more than enough.
Patching The Vulnerability
... is not possible without either root or an update from HTC. If you do root, we recommend immediate removal of Htcloggers (you can find it at /system/app/HtcLoggers.apk).
Stay safe and don't download suspicious apps. Of course, even quality-looking apps can silently capture and send off this data, but the chance of that is lower.
Affected Phones
Note: Only stock Sense firmware is affected - if you're running an AOSP-based ROM like CyanogenMod, you are safe.
EVO 4G
EVO 3D
Thunderbolt
EVO Shift 4G? (thanks, pm)
MyTouch 4G Slide? (thanks, Michael)
the upcoming Vigor? (thanks, bjn714)
some Sensations? (thanks, Nick)
View 4G? (thanks, Pat)
the upcoming Kingdom? (thanks, Pat)
most likely others - we haven't verified them yet, but you can help us by downloading the proof of concept above and running the APK
HTC's Response
After finding the vulnerability, Trevor contacted HTC on September 24th and received no real response for five business days, after which he released this information to the public (as per RF full disclosure Policy). In my experience, lighting fire under someone's ass in public makes things move a whole lot faster, which is why responsible disclosure is a norm in the security industry. (This is where we come in.)
As far as we know, HTC is now looking into the issue, but no statement has been issued yet.
HTC, you got yourself into this mess, and it's now up to you to climb out of the hole as fast as possible, in your own interest.
The ball is in your court.
Credit
ANDROID POLICE
Huge thank you to Trevor Eckhart who found the vulnerability and Justin Case for working with us today digging deeper.
Hi there, I need help, someone is consistently hacking into my phone, htc evo 4g, they are penetration testers and pc savvy, currently I cant login to the phn for trying to do a factory reset. They kept intercepting me and now my password does not work. Who knows maybe they changed it on their side. I wrote down everything I saw. I was seeing all these process running for the same app. in my applications. My phone was getting hot, freezes but its people that live in my apt complex and at work. can you help?
zzm5 said:
Hi there, I need help, someone is consistently hacking into my phone, htc evo 4g, they are penetration testers and pc savvy, currently I cant login to the phn for trying to do a factory reset. They kept intercepting me and now my password does not work. Who knows maybe they changed it on their side. I wrote down everything I saw. I was seeing all these process running for the same app. in my applications. My phone was getting hot, freezes but its people that live in my apt complex and at work. can you help?
Click to expand...
Click to collapse
Is your device rooted?
I used root explorer and removed the HtcLoggers.apk and other than the forced close loop that removing it caused (requiring me to remove the battery), after rebooting all seems to be working fine.
EDIT: Actually I didn't just delete HtcLoggers.apk but moved it to a safe location on the SD Card in case there was a problem and it needed to be restored. I highly suggest you do this instead of just deleting it, or better yet, a nandroid backup.
there are a few good ROMS out there that have the ICQ loggers removed already.
Do we really need three threads on the front page about the same thing?
I'm monitoring my data usage on my phone because I have al limited data subscription. Now I see Android System Using alot of data (background) when the phone is in standby. I dunno what for, when I press to look at the stats it just says Android System. I don't backup, only sync my contacts, gmail and agenda. Is there someting I'm overlooking that uses data through the android system. Its frustrating because its eating my data away without the knowledge on what or which program is using.
Maybe someone can inform me what to do? Used 90 MB in the last five days only on Android System.
SOLVED: It was a app called Dumpert.nl (dutch app for funny movies) everytime I played a movie it was loading as Android System. I noticed it when Dumpert wasn't showing any big data usage while using 3G.
Duveldg said:
I'm monitoring my data usage on my phone because I have al limited data subscription. Now I see Android System Using alot of data (background) when the phone is in standby. I dunno what for, when I press to look at the stats it just says Android System. I don't backup, only sync my contacts, gmail and agenda. Is there someting I'm overlooking that uses data through the android system. Its frustrating because its eating my data away without the knowledge on what or which program is using.
Maybe someone can inform me what to do? Used 90 MB in the last five days only on Android System.
Click to expand...
Click to collapse
restrict background data in data usage in setting
I have similar problem, but it is still within my data plan limit, so I just ignore it!
What I hate are these general terms in the data monitor app. Android system! Please google try to break it down to something more detailed for a normal user!
I also have quite a lot of data used by the play store, although I never download or update apps except on WIFI! I'm not sure how I got this data used!
Sent from my SGS IV using Tapatalk 2
Restricting the background data isn't possible with Android-System. It's bugging the hell out of me. I come from iPhone and if this isn't going to be sorted out soon. I will get a iPhone because this is not normal. I want to be the one who is using data and not the system alone. Google needs te be more specific on this subject. Nobody knows what "Android-System is doing. All the information is blocked.
Hi Guys,
I am trying to get Android not to track data usage of an specif app, but the only option I could found was to shut down app data usage at all.
But I dont want that, I just want that android do not consider this app's data usage in the total count.
This happens because my carrier offers me some free data usage on certain apps (whatsapp and deezer), so I dont want them to be on the systems data usage statistics...
Is it possible?
ps: I know I can probably download an data control app to get this like I want, but I wanted to keep using Android native data control.
Thank very much!
I know most of the things to improve battery but I want to know if anyone knows of other ways to improve battery. I have a s7 edge now on G935U. I know rooting can improve battery life but I can't find a root method for my phone on 6.0.1 and I don't want to risk bricking it unless I know for sure it would work.
What I do to Improve battery
Disabled auto sync
Disabled auto update
Disabled all bloatware with package disabler
AOD is off
Never keep WiFi on during sleep
I know about black screen or dark themes
Adjusting brightness
Turning off location
Turning off Bluetooth
Turning off WiFi
But really what else can I really do? I feel like my battery life on my s7 edge sucks. Any help?
I always logout of facebook, no matter what phone I have, seems to help keep that battery muncher of an app under control. Auto display brightness, pocket detection and dark themes. I get about 22 hours out of my phone on a charge with medium use. 3 to 4 hours screen on.
I always use AoD, have never noticed much of a difference in battery with or without it.
Sent from my SAMSUNG-SM-G935A using XDA-Developers mobile app
Download Package Disabler Pro from the play store.
Use it to disable any system apps you don't use. Focus on the ones that are in "pink text" Also Don't ever use any Facebook apps. (Facebook, FB messenger, FB Page Manager, FB contacts etc) I delete the data from all of them force stop them and disable them first thing. They do a ton of shady stuff in the background that eats your battery and disguises itself as "Android System" on your battery usage page.
I wish Samsung would stop including them in the Firmware all together. If you have to use Facebook just go to the website usering the Samsung browser app with Crystal ad blocking on and block the cookies. Facebook is a shady company even just going to the website from your phone can drastically impact its performance from all of the trackers they install on your device. IMO the entire Facebook app suite should be flagged as spyware by Google.
Next look for AT&T software. There is a tone of it. You can just search for att in the search bar and it will pull it all up. AT&T like to gather a TON of your information and usage stats in the background as well. This too is disguised as "Android System" battery drain even though it is not. Any apps branded AT&T that you don't use get rid of them.
Also in the case of this device, there is No REAL root process. There is an ENG BOOT root, but its super buggy and generally terrible for battery life.
ShrekOpher said:
Download Package Disabler Pro from the play store.
Use it to disable any system apps you don't use. Focus on the ones that are in "pink text" Also Don't ever use any Facebook apps. (Facebook, FB messenger, FB Page Manager, FB contacts etc) I delete the data from all of them force stop them and disable them first thing. They do a ton of shady stuff in the background that eats your battery and disguises itself as "Android System" on your battery usage page.
I wish Samsung would stop including them in the Firmware all together. If you have to use Facebook just go to the website usering the Samsung browser app with Crystal ad blocking on and block the cookies. Facebook is a shady company even just going to the website from your phone can drastically impact its performance from all of the trackers they install on your device. IMO the entire Facebook app suite should be flagged as spyware by Google.
Next look for AT&T software. There is a tone of it. You can just search for att in the search bar and it will pull it all up. AT&T like to gather a TON of your information and usage stats in the background as well. This too is disguised as "Android System" battery drain even though it is not. Any apps branded AT&T that you don't use get rid of them.
Also in the case of this device, there is No REAL root process. There is an ENG BOOT root, but its super buggy and generally terrible for battery life.
Click to expand...
Click to collapse
I just unlocked my phone no more att. Unless there I still other stuff? Any other suggestions?
Krazie99 said:
I just unlocked my phone no more att. Unless there I still other stuff? Any other suggestions?
Click to expand...
Click to collapse
FACEBOOK All Facebook apps (FB Pages, FB Messenger, FB app, FB System setting, etc.)
ShrekOpher said:
FACEBOOK All Facebook apps (FB Pages, FB Messenger, FB app, FB System setting, etc.)
Click to expand...
Click to collapse
How can use messenger on the Internet without downloading the app?
Good battery life or? How can I check my SOT?
Krazie99 said:
How can use messenger on the Internet without downloading the app?
Click to expand...
Click to collapse
Use an Android browser that allows you to "request the desktop page" and you can get to FB Messages w/o the app.
I prefer Firefox with suitable blocker plugins installed, optionally in Private mode.
Krazie99 said:
How can use messenger on the Internet without downloading the app?
Click to expand...
Click to collapse
Use the chrome app and "request desktop site" from settings.
Anyone know why my stand by time is taking 20%?
C0derbear said:
Use an Android browser that allows you to "request the desktop page" and you can get to FB Messages w/o the app.
I prefer Firefox with suitable blocker plugins installed, optionally in Private mode.
Click to expand...
Click to collapse
Swipe Pro for Facebook found in Google Play Store is another good alternative to using FB apps
---------- Post added at 09:08 PM ---------- Previous post was at 08:54 PM ----------
My biggest tip for improving battery life is staying off of large Wifi networks (i.e. school, airports, work) . The constant LAN wakeups will kill your battery.
-Turn off location when not in use (I use tasker to auto turn on/off locstion when bluetooth connects/disconnects in my car)
- i disabled carrierIQ using System Tuner, which seems to have helped (requires root). The EZ Package Disabler Rootless method did not disable carrierIQ for me.
Disabling "bloat" apps didnt really help much with battery life IMHO
I get about 4.5-6hrs SOT. The eng_boot root method is really not as bad as everyone says it is after you apply all the fixes that are floating around. (V15 fix zip, L speed, govtuner)
Krazie99 said:
Anyone know why my stand by time is taking 20%?
Click to expand...
Click to collapse
Poor cell reception or there is an app constantly pinging your location.
If you have Facebook installed and allow it Location access that could be it.
Also sometimes Google Play services gets hung up for the same reason. A reboot will fix the Google issue.
Lastly it could be at&t. If they are working on towers near you it can cause this drain, or if you have not disabled the AT&T apps that track your phone.
ShrekOpher said:
Poor cell reception or there is an app constantly pinging your location.
If you have Facebook installed and allow it Location access that could be it.
Also sometimes Google Play services gets hung up for the same reason. A reboot will fix the Google issue.
Lastly it could be at&t. If they are working on towers near you it can cause this drain, or if you have not disabled the AT&T apps that track your phone.
Click to expand...
Click to collapse
I deleted Facebook and pretty sure turned off location on everything. I unlocked my phone so I don't att apps. I get 2 or 3 bars now I unlocked my phone so it's not terrible
FWIW, you can use the Edge "My Places" panel to automatically manage wifi on/off based upon geolocation or bluetooth, and some other ways. I use it to automatically force wifi off whenever in my car (because of bluetooth connect) or at work (via gofence, no wifi available), and that helps. It's also standard on the GS7edge.
The battery life has very little to do with Facebook or Messenger if you have the settings for the apps tweaked to not notify on every little thing. Also, you can limit background data inherently in Android, thus using less power to get real-time updates from either app. You can limit Messenger's notifications, including eliminating chat heads, etc. If Facebook were solely responsible for poor battery life on this device, it'd be the same on very device. That just isn't the case. It definitely is a resource hog as-is, but not if you contain it.
That said, I'm a big advocate for limiting background data for any social networking apps: FB, Snapchat, etc. I would rather have to open an app to see what I've missed than have dozens of notifications throughout my day. I save real-time updates for things like email, Amazon, and the like. You can also set wifi settings to not be so aggressive (I believe mentioned earlier in the thread). Beyond that....root the device and set up custom power settings and profiles for CPU, etc. Your performance will potentially suffer for it, and the eng kernel has the worst battery life of any I've ever used, but there are ways to fine tune it that you simply can't achieve without root.
disturbd1 said:
The battery life has very little to do with Facebook or Messenger if you have the settings for the apps tweaked to not notify on every little thing. Also, you can limit background data inherently in Android, thus using less power to get real-time updates from either app. You can limit Messenger's notifications, including eliminating chat heads, etc. If Facebook were solely responsible for poor battery life on this device, it'd be the same on very device. That just isn't the case. It definitely is a resource hog as-is, but not if you contain it.
That said, I'm a big advocate for limiting background data for any social networking apps: FB, Snapchat, etc. I would rather have to open an app to see what I've missed than have dozens of notifications throughout my day. I save real-time updates for things like email, Amazon, and the like. You can also set wifi settings to not be so aggressive (I believe mentioned earlier in the thread). Beyond that....root the device and set up custom power settings and profiles for CPU, etc. Your performance will potentially suffer for it, and the eng kernel has the worst battery life of any I've ever used, but there are ways to fine tune it that you simply can't achieve without root.
Click to expand...
Click to collapse
Have you actually done any research into what the Facebook app does? It's a system app, doing the thing you mention above without root will not effect its ability to use your data and drain your battery. It's not about the core features of the app its about all the spying it does. FB Messenger keeps a log of every messenger you send whether or not it's sent through the APP or not.
Facebook installs trackers on your phone that read your credit card and banking apps data to track purchases. It also pings your location to know where you shop and what you eat. Then feeds you ads related to it and tells the companies you bought something because you saw the ad. All of that data is bundled up and sent out to be resold to any company that wants it.
Any phone iPhone or Android that comes with the Facebook apps pre installed on it the apps are the main culprit of battery drain and random data usage. There is even a lawsuit filed in California against Facebook saying it is illegally using both data and power and disguising it as normal system usage so end users don't know that it is their apps to blame.
If you know anyone who works in advertising at a fortune 500 company that has bought ads for Facebook they will tell you the same. And if you do any real research into Facebook apps programing you will see it is true. Their are MANY people who have tore apart the apks to find exactly what I am talking about and shared it all over the Internet. Facebook spends millions with PR companies to keep it quiet, because the only way for them to monetize their app is to offer highly targeted ads and purchase tracking.
As for rooting the S7E its garbage, not what I consider REAL root and a waste of time. Also it kills the performance of the device.
Particularly this app.
Trust me if you like your battery life and/or your privacy disabling Facebook is the most important thing to do to any device you get.
ShrekOpher said:
Have you actually done any research into what the Facebook app does? It's a system app, doing the thing you mention above without root will not effect its ability to use your data and drain your battery. It's not about the core features of the app its about all the spying it does. FB Messenger keeps a log of every messenger you send whether or not it's sent through the APP or not.
Facebook installs trackers on your phone that read your credit card and banking apps data to track purchases. It also pings your location to know where you shop and what you eat. Then feeds you ads related to it and tells the companies you bought something because you saw the ad. All of that data is bundled up and sent out to be resold to any company that wants it.
Any phone iPhone or Android that comes with the Facebook apps pre installed on it the apps are the main culprit of battery drain and random data usage. There is even a lawsuit filed in California against Facebook saying it is illegally using both data and power and disguising it as normal system usage so end users don't know that it is their apps to blame.
If you know anyone who works in advertising at a fortune 500 company that has bought ads for Facebook they will tell you the same. And if you do any real research into Facebook apps programing you will see it is true. Their are MANY people who have tore apart the apks to find exactly what I am talking about and shared it all over the Internet. Facebook spends millions with PR companies to keep it quiet, because the only way for them to monetize their app is to offer highly targeted ads and purchase tracking.
As for rooting the S7E its garbage, not what I consider REAL root and a waste of time. Also it kills the performance of the device.
Click to expand...
Click to collapse
Facebook is not a system app when it's obtained through the Play Store. Here's a screen shot illustrating that; I have a backup of the system app, but it is not currently installed. I've installed from the Play Store, and it is not installed as a system app. Permissions are in my full control, and even if I weren't rooted, I could disable the default Facebook app and install anew from the Play Store.
You made quite a few claims with zero citations, criticizing me for not knowing the depth of the Facebook advertising conspiracy. Facebook is pretty transparent about what it does with your data and who it is allowed to share that with. It's all accessible for the curious minds of conspiracy theorists. All of which derails the topic of this thread, which is battery life.
Clearly, you don't use Facebook in the form of an app, and I do. That said, I can attest to having considerably better battery life when I tweak the permissions, data consumption allowance, and notification settings.
Let's keep this thread on topic
disturbd1 said:
Facebook is not a system app when it's obtained through the Play Store.
Click to expand...
Click to collapse
On some GS7E variants it comes as a pre-installed system app (AT&T for example) and you can't undo that w/o root.
I uninstalled package disabler pro and battery life got better, and system ui is much faster, am also using adguard, it uses a lot of battery but also prevents all those ads to use battery as well.
---------- Post added at 10:05 PM ---------- Previous post was at 10:04 PM ----------
I uninstalled all that because my phones battery was dying over night
I am asking myself - specifically for the G5 Plus, but probably in a more general sense - where the huge advantages and disadvantages of rooting are, considering that the G5 plus comes with a relativly clean Android 7.XXX and a not an old overloaded android version, which didn't use to have many of the capabilities that Android 7 offers. I know that my questions might particularily overlap with questions in other topics, but for sure not every question, especially specific G5 Plus questions.
Overall I am interested in the topics security and product-experience, if you want to call it like that. I ask myself: Is root still worth losing warranty or is it not? Keywords or keyquestions that cross my mind are:
OTA updates: I guess those won't be possible anymore?
Encryption: Will it still work and increase security if the phone is lost?
Backup functionality, especially in combination with cloud services: Is there something like -backup my whole phone down to the very core on some google server (best proteced with a password and some AES256 encryption)- so that I can restore it some day in an easy manner? How would you backup your phone and settings, etc. with and without root?
Safety: What could happen if I lose my (bootloader unlocked and) rooted phone: Will someone be able to read my passwords (e.g. google...) and other sensitive information directly from the phone, even if it was locked, in the moment I lost it? What is the worst thing that could happen?
Root Functionality: How does the root access / superuser specificly work, e.g. if I'd accidentally install an app or similar, which might contain a virus: Is an app like this instantly capable of messing my whole system or will I be able to manually confirm specific security related changes, especially system changes, that an app might try to do? With other words: Does root mean that the system will be wasted by even the tiniest mistake or is there some security buffer?
Unlock Bootloader only: Is it an option (or make any sense to you) to just unlock the bootloader and install a the G5 Plus TWRP recovery without rooting the phone and does this give any advantages or is this just a totally nonsensical option, which is maybe not even possible? If I got it right, rooting does not necessarily need to reset the phone in any way, while unlocking the bootloader enforces to do a reset, right? In this context I was also asking myself if unlocking the bootloader (now that I don't have wasted precious time on customizing my phone, yet) right now is a useful option (without any disadvantage besides losing the warranty) and if I ever experience the necessity to root, I will only need like 2 commands and it is done - without having to reset my phone again?
Root Must Have: Is there any specific functionality or reason - you would say - one should definitly root the phone for, as it is a must have functionality, which would be locked without root?: I only have virtual examples, e.g. if Nougat would prevent me from changing the volume to a level higher than 50 % and the absolute exclusive possibility to change this was to get root access. Another example , although really not that critical one, could be: I noticed that I am only allowed to install 5 different finger prints... root could give me the possibility to install infinite finger prints?
Feature Loss: Does one lose some other neat features or functionality that is usually provided by Google or Motorola if the phone is not rooted but not possible anymore if it is rooted?
Third Party Trust: How can you people trust the TWRP Backup or custom ROMs? Don't you fear that there might be a virus or trojan horse within?
Best regards and thanks in advance for your patience with a newbie
No response?
172 view, no answers :-/. Guys tell me: Is it due to the length of the text? Is it something else? I could split it up in several questions, but I though that this would be unwanted.
And I will be thankful for every help on either of the bold buzzwords, it is not like you need to comment on everything
Must have for me: correct timestamps when moving or copying files using TC. Only possible with root.
Unlock only: yes makes sense. Unlock is the part where you lose all data, and then you can use fastboot boot to make backup. Rooting itself should not lose any data, so it is advantageous to unlock early. Root has time.
Lost functionality: on most devices using Magisk 12 you can pass SafetyNet, which means you can use Android pay, play Pokemon go etc, but the apps trying to detect root/unlocked devices get changed and may not work anymore at some time. Probably you will have lost this possibility when starting with unlocked bootloader and need to install Magisk to get green SafetyNet. Magisk hides the unlocked bootloader.
OTA: do a backup of boot partition before rooting, do no modifications on other partitions than data, cache and boot and you should be fine restoring boot partition to do OTA. It's easy to overlook some app using root to write system, logo, recovery, something, but backup should help. Or install complete firmware, then OTA is possible again.
Note: I do not have the device, just saw the questions which have the same answers for all current Motorola Android devices - you may search in general forums or forums for similar devices for answers
OTA updates: if you are rooted you have tempered with the system partition and therefore ota are not easily installed
Encryption:it is possible to wipe the phone and use if you are unlocked
Backup functionality Google already does backup some settings natively. you can still do an adb backup even without root
Safety: if they are techies they know how to access files via twrp etc. but worst thing is they just wipe it and use the phone
Root Functionality: root gives some apps access to the system partition which is not possible normaly. if you installe some dubious app which wants access to root to mess with your system you are lost.
Unlock Bootloader only: you need to unlock the phone to root it. by unlocking your phone is wiped clean. than you can root it. the advantage of installing twrp are the "easy backups" and installing custom roms or even root. there are no real advantages or disadvantages anymore. earlier you had to unlock/root/install custom rom to have some extra functionalities but android did mature and has most functions built in
Root Must Have: there may be some system limits which you can bypass with root like headphne volume limit, reading wifi passwords or/and having systemwide adblock. I personally do not see a benefit anymore. I used to root for having system-wide adblock but I can achieve it with rootless apps like adguard.
Feature Loss: you will lose android pay. you can not use some apps like mario run or pokemon go. you will lose OTA feature.
Third Party Trust: actually I dont know. with the custom rom base growing I only trust official lineageOS as it is review by many people before building. therefore the chance is reduced to have some spyware feature in it
I too would like to know, has the source code to ANY custom ROMs been reviewed by third party to verify no malicious code?
Although I worry that some ROMs could violate my data privacy, root is something that I simply cannot willingly go without - if I don't have root access, it's simply not *MY* phone, it's a phone that is configured to someone else's [some company's] desires and priorities.
I'm disappointed that the built in tethering does an "entitlement" check - AFAIK it's actually illegal (or, at least against contracts the companies signed with the FCC) for the cell phone provider to attempt to control what a user does with their allotted amount of cell data. Yes, the cell provider company can decide how MUCH data you are allowed based on what plan you pay for, but they are not supposed to restrict HOW you use YOUR data. Therefore, I demand unrestricted "tethering" from any smart phone that I use.
There are other apps I like to use that require root access: Root file explorers, Titanium Backup, Smarter WiFi Manager, Greenify/Servicely etc., but most of all, I CANNOT STAND the intrusive obnoxious awful ads which seem to be prevalent these days! A good ad blocker is an absolute must! The blame rests squarely on the shoulders of the websites which allow such awful advertisements such as "pop behind" windows and particularly, ads which cause the web page scroll to constantly keep jumping away from what you are trying to read making the site basically unusable. There is also lately a prevalence of "click bait" ads/links which brings you to malicious/obnoxious websites which popup dialogs trying to stop you from closing the web page or navigate away - they put up big flashing red letters and say things like "We have detected a virus on your computer do not close this window or your passwords will be stolen and your data lost" and when you try to close the page it keeps popping up a dialog making it difficult. Sorry, but, such ads simply can't be tolerated - even this [xda] website sometimes has unpleasant ads, or at least there were times when I really regretted turning off my ad blocker when visiting this site in the past, that is for sure!
I usually use a "custom ROM", I miss exposed very much, but, I suspect there are too many malwares in the xposed repository these days? (I'm not sure of this, just suspicious).
I like to be able to change the color of my status bar clock to green and position it in the center as that is easier for me to use (see it quickly when I want). However, the standard launcher is far too limited in how customizable it is, so I use a combination of Nova Prime (requires root for some features) and Chronos Weather/Clock/Calendar widget which puts a larger clock right in the upper middle of my desktop so I turn off the status bar clock (Nova Prime feature, one that requires root).
Oh, and I like to use a custom "System Font", I'm not sure if we can do that without root? It really makes the phone feel like MY phone and look (and operate) how I want it to.
critofur said:
[...]
I'm disappointed that the built in tethering does an "entitlement" check - AFAIK it's actually illegal (or, at least against contracts the companies signed with the FCC) for the cell phone provider to attempt to control what a user does with their allotted amount of cell data. Yes, the cell provider company can decide how MUCH data you are allowed based on what plan you pay for, but they are not supposed to restrict HOW you use YOUR data. Therefore, I demand unrestricted "tethering" from any smart phone that I use.
There are other apps I like to use that require root access: Root file explorers, Titanium Backup, Smarter WiFi Manager, Greenify/Servicely etc., but most of all, I CANNOT STAND the intrusive obnoxious awful ads which seem to be prevalent these days! A good ad blocker is an absolute must! [...]
[...]
Click to expand...
Click to collapse
Could you explain the entitlement check a little further? Does it mean that with the current Android version and an unrooted/locked G5 plus it is impossible to use the Smartphone Mobile data connection, e.g. on a notebook via wifi tethering? This would be a real argument to root.
Did you try adguard, as ckret suggested? Is there a huge difference between an adblocker with root or an adblocker like adguard without root on the phone? I basically assume that with nougat it is possible to grant apps access to almost anything (except for root) - including to block features other apps use, e.g. advertisements. But I am actually not sure.
Maybe ckret knows more on this aspect, as he seems to know both adblock concepts - the rooted and the unrooted one with adguard?
Comparing DNS66 (local DNS server without root) with adaway (root):
+ You can select blocking per app with DNS66, adaway modifies hosts file which always is valid for all apps and system services
- You can not use another VPN while DNS66 is active
- You need to disable VPN under Nougat while using Download Manager (bug in Nougat, for all VPN services)
Personally I have root, but use DNS66. I don't need adblock when connecting to my computer at home (that's when I need to use another VPN) and am using Marshmallow ATM, but probably would continue using DNS66 when on Nougat. For PlayStore there is a workaround implemented, and if some download fails I'd know I need to disable VPN.
This is why I only said Total Commander copying timestamp is my only real killer app (besides Titanium Backup) which makes me need root. Android O is supposed to change the behavior implementing SDCardFS which shall allow setting timestamp without root.
sky-head said:
Could you explain the entitlement check a little further? Does it mean that with the current Android version and an unrooted/locked G5 plus it is impossible to use the Smartphone Mobile data connection, e.g. on a notebook via wifi tethering? This would be a real argument to root.
Did you try adguard, as ckret suggested? Is there a huge difference between an adblocker with root or an adblocker like adguard without root on the phone? I basically assume that with nougat it is possible to grant apps access to almost anything (except for root) - including to block features other apps use, e.g. advertisements. But I am actually not sure.
Maybe ckret knows more on this aspect, as he seems to know both adblock concepts - the rooted and the unrooted one with adguard?
Click to expand...
Click to collapse
adaway:
adaway replaces the hosts file in your system with a custom hosts file which redirects some requests to 127.0.0.1 which results in ads not being shown
since it is deeplevel change of the hosts file the app requires root to change the file
pro:
* ads are blocked when resources are requested
* it is system-wide and everything is checked on demand
con:
* system slows down with big hosts file as every request must be checked everytime a site/app is opened
* if a wrong request is blocked your app/site might not show/work at all since it is a system-wide check
adguard:
this app has two different ways of blocking ads
vpn: a local vpn server is created on the system and all requests are rerouted through it. works the same way as adaway but without a root access.
pro:
* rootless method
* you can create a bypass for different sites/apps
con:
* you can not use a 2nd vpn connection while the app is active
* it may use a bit more battery as it creates a server but this should be negligible
proxy: this is nearly the same as vpn just you should be able to use a vpn connection
so big pro and con for me is that i do not have to reroute all apps through the adblock check
important apps (banking e.g.) are free to use the connection without being rerouted.
I know it might seem like a stupid question, but how often (and for which reason) do you use/need a(nother) VPN connection?
Does this also mean things like tethering or a WLAN access like eduroam - or is this something different?
I am actually not sure if I ever needed VPN on my smartphone
sky-head said:
I know it might seem like a stupid question, but how often (and for which reason) do you use/need a(nother) VPN connection?
Does this also mean things like tethering or a WLAN access like eduroam - or is this something different?
I am actually not sure if I ever needed VPN on my smartphone
Click to expand...
Click to collapse
you need a vpn connection if you want to access the intranet without being physically there
e.g. intranet of a company to access emails or if you are a student and got some special tool/e.g. which can only be accessed through the university connection
most times you will only use vpn on a notebook or pc but I hardly doubt most people will use it on their phones
ckret said:
you need a vpn connection if you want to access the intranet without being physically there
e.g. intranet of a company to access emails or if you are a student and got some special tool/e.g. which can only be accessed through the university connection
most times you will only use vpn on a notebook or pc but I hardly doubt most people will use it on their phones
Click to expand...
Click to collapse
... exactly what I was thinking about it. I've never been needing a VPN on my phone. On the notebook I need it on a regular basis, thats true.
I should have been asking "I know it might seem like a stupid question, but how often (and for which reason) do you use/need a(nother) VPN connection on your smartphone?", to state my question more precisely.
Using AVM Fritzbox as router makes it possible to use the standard phone via SIP. This only does work when you're in your intranet, directly or via VPN. Also I need to access my documents on my computer, my media library at home, to configure the router and more and therefore I use VPN on a regular basis. Yes, I do these things using the smartphone. But when using VPN, I do not need adblock.