Interesting security flaw. - Verizon Galaxy S 5 Q&A, Help & Troubleshooting

While working on a init hack for attaining root for the S5 past OE1, I decided to look around for information while I was taking a break.
I've been looking into old exploits, to learn as much as possible. That, and it is very interesting reading material.
I figured I should look into android security news as well.
That is when I found a vulnerability post that SEARCH-LAB Ltd. has discovered in ADB.
"...discovered a vulnerability in the design of the Android
backup mechanism: the backup manager, which invokes the custom
BackupAgent does not filter the data stream returned by the
applications. A malicious BackupAgent (without any Android permissions)
is able to inject additional applications (APKs) through reflection into
the backup archive without the user's consent. Upon restoration of the
backup archive, the system installs the injected, additional application
(since it is already part of the backup archive). The installed malware
could gain any (non-system) permissions it wanted without any
confirmation dialogs."
While this means that applications can be pushed to the phone, they won't be able to achieve system permissions.
What do you guys think would happen if we took a backup of an application with root permissions from a different S5 and used this injection method to place them onto our devices. I'm sure the signature wouldn't allow root to carry from a non-identical device. It is fun to play around though. Experimentation always leads to fun knowledge.
Anyway, I figured you guys might be interested in this. Have fun playing around!

Related

Rooting My TMo Vibrant Using Super Oneclick (A Full Guide)

And every other step you need to transform and gain control of your stock ROM!
Given the fact that T-Mobile and Samsung have made it clear that the Galaxy S Vibrant will not receive Gingerbread, Honeycomb, ICS, or any other functionality update, I made the decision that it was finally time to root my beloved phone.
I didn't want to root for the purpose of trying a ROM for any of the above OS's. I merely figured that since there are not going to be any future updates to my phone, I'm basically on my own. And if I'm on my own then I can and should get rid of the TMo crap software that came pre-installed on my phone (and which can't be uninstalled by any normal means).
Hopefully this process might also help make my phone operate a little faster and cleaner. And in general, the rooting process would give me full control over my own phone. But if you have ever rooted a device the experience can sometimes be challenging, even for tech-savvy folks like me.
There are lots of sites for advice and how-to’s on rooting your Android device, but most of these sites run you through the process in a way that assumes all will work perfectly the first time. There aren't a lot that take you through the root process with at-hand solutions to many of the commonly reported errors.
I've just finished rooting my stock TMo Vibrant, fixing signature/Multi-CSC issues from the root process, installing and using Titanium Backup (TB) PRO to handle bloatware, and finally installing ROM Manager for the purpose of installing ClockworkMod Recovery (for creating and restoring backups of my current ROM). WHEW! And while it's all fresh in my mind, I'm writing it all down to share the process with you so that it's all in one convenient place.
Let’s Start With Rooting The Phone By Using Super Oneclick
After doing some reading in the XDA forums and a few other places, I wanted to try rooting with a one click option. There are many out there that are available for use. But the very first issue that plagued my rooting process was the incompatibility of many of these root installers with my home Win7 64bit pc.
I tried downloading and extracting various recommended solutions that use the "one click" functionality (Super Oneclick--various versions with and without drivers, Galaxy S One Click Root, and Vibrant One Click Root). I also downloaded and installed AIO Vibrant Toolbox, a program which also features a “one click” method for rooting a Vibrant once it has been installed on your pc.
What many posts on rooting never really mention with these methodologies is that you might have issues running the programs on a Win7 machine, which was my issue. Not all Win7 machines, but some. I downloaded the zip file for each with generally with no issue. * But once I tried to run the exe (best done via "Run As Administrator"), I got the following error message on virtually all of them:
"CLR Error: 80004005 The program will now terminate"
AIO Vibrant Toolbox wasn’t any better even though it was an installed program. It terminated as well.
(*NOTE: Anti-virus programs will mistake parts of the root zip files for Trojans, usually quarantining them after download. You are then left with the uncomfortable choice of turning off your anti-virus and taking that chance, or looking for another zip solution. I opted for the latter. Never take a chance with a Trojan!)
These errors messages did not show up on my work pc which is also Win7 64-bit. But that was no comfort as most of my root work was going to be done at home. After much searching on the internet, I read a random post that mentioned two helpful suggestions:
Use a rear or powered USB port, not a front port (because they often can’t power the root install sufficiently)
Use Super Oneclick v1.7 as opposed to any newer versions. The newer versions can cause problems with this particular Galaxy S root.
Two simple suggestions that made a world of difference! The root process worked smoothly afterward, and was finally a "success".
Reminder - Remember to put your phone into USB Debugging mode for the root process, and don’t mount the external SD card when attached.
Along the way to “rooting” you might be confronted with messages about your Samsung drivers for your phone. You may see messages like these:
Device drivers not found
Samsung android USB composite device failed
A quick search on these forums will yield updated drivers for your phone. The successful install of these drivers can also be a function of using the proper USB ports, as in the situation above. The installation of Samsung drivers failed on the front USB ports of my Dell. Success was again found using the rear ports. The main point here: use the rear ports (or powered USB ports) no matter how much of a pain it is maneuvering under your desk and behind your pc!
You’re Almost There…Kinda!
You can check to see if you are successfully rooted by checking to see if Superuser is installed in your apps. It was there… whew. The next step was to install Titanium Backup so that I could have root control over my apps, allowing me to delete bloatware that was slowing my phone. I downloaded TB from the Market, opened it, tried to give it Superuser permissions, and was notified with an error message that permissions were unsuccessful because the phone was not rooted. WHAT???
More online research revealed that I had achieved a “soft root”, whereby you have successfully rooted your phone but you don’t have all root permissions because the install wasn’t complete. The solution? Basically you just have to keep doing it more than once. All steps of this process seem like they will take the first time if you do what you are supposed to do. But more often than not, you have to repeat your steps over and over to make sure that it takes. After two more Super Oneclick rooting attempts, TB finally gave me the thumbs up for root.
Some may say it’s not necessary, but I upgraded to TB PRO. It allows for more options and better functionality with the apps and system data on the phone. And really, at about 6 dollars it is more than worth the price. Heck, two Starbucks lattes will run you more than 8 or 9 bucks. So if I can get piece of mind with respect to app management on my newly-rooted phone, 6 bucks is more than worth it.
I immediately wanted to learn how to remove bloatware -- and it’s amazingly difficult to find clear directions on doing so. After my backup of all apps and data, I went to the backup/restore tab and found the programs I wanted to get rid of. Many online users recommend “freezing” an app first to make sure that removing it won’t make your phone all wonky. So after “freezing” the offending apps (by pressing the menu button, selection batch, and then scrolling down to the appropriate section on freezing apps), I long-pressed the desired app and only saw one option for uninstalling via an exploit. I selected it and long story short, it failed. As the phone boots to stock recovery, this message popped up:
E:failed to verify whole-file signature
E:signature verification failed
Applying Multi-CSC Installing
Multi-CSC Installation Aborted​
In simple terms, the rooting tool (Super Oneclick) doesn’t contain all of the necessary items for a complete root. A fix is needed for the invalid signature problem that will help you get to a full root state. Fortunately there are fixes out there you can find for this particular fix.
Here are some helpful links:
http://androidforums.com/galaxy-s-a...iled-installation-aborted-one-click-root.html
http://forum.xda-developers.com/showthread.php?t=1052991
Read the instructions for the fix on the first page, but get the correct file from the second page as the link for the fix from Dropbox is a little messed up in the first URL. The second URL has the correct link. Use the automatic method so that you don’t have to use the terminal emulator. If you are like me, this process has already given you more gray hairs than you would really like to admit. So take the easy route.
Run the install.bat file and you will be fine. When you reach stock recovery again remember to reinstall all packages. This will make sure that the fix is installed properly. I didn’t know that was needed and was wondering why the fix wasn’t taking initially. So I’m sharing this with you to head off your frustrations at the pass. ;-)
Getting Rid Of The Bloat
Check to make sure that you are fully rooted by opening TB. It will automatically take Superuser permissions from the first time you allowed it IF you are rooted. If not, it will tell you. And by now you should be rooted. Heading back to the bloatware, I was able to figure out that the “long press method” was not the correct one for uninstalling apps.
Once again, press the menu button (bottom left) and select batch. Scroll down and you will see a section for uninstalling apps. Select uninstall user and system apps, and make sure to DESELECT ALL before you do anything else. From there you can pick and choose the apps to uninstall, then “run the batch operation” to complete the task. Bye bye bloatware!
The last crucial step to complete now that your phone is rooted is to make sure that you have a backup of your current ROM and configuration. The backup you created using TB is only for apps and data. It is not a backup of your current stock ROM.
Nandroid backup works best for the purpose of backing up and restoring ROMs. And if you have done any previous rooting on an Android device, you will recognize that Nandroid is a function of ClockworkMod Recovery. Sigh. I know... frustration starts to set in as you realize that there is yet another necessary install needed for a totally successful root process ON TOP OF and AFTER everything else you have had to do. So what is the next step?
ROM Manager To The Rescue
Install the free ROM Manager from the Market and you will be good to go. This app allows you to flash CWM Recovery as well as mount various ROMs on your phone. After installing the app (and declining the various offers that pop up), press “Flash ClockworkMod Recovery” at the top of the menu. It will cause the phone to reboot. And CWM will be downloaded…but not installed. To install after reboot, open ROM Manager and now select Reboot into Recovery. It will challenge you with a question on whether you really want to do this or not. Say Yes.
Important: This is another one of those places where it’s not intuitively obvious what to do for CWM Recovery.
When I first rebooted into recovery I didn’t see any changes from my stock recovery menu…because there were none. What I needed to do (which I found in yet another forum posting) was again to select Reinstall all packages. CWM had been downloaded and was ready to install… this would do so.
Happily, the phone went into Clockwork recovery*immediately after "Reinstall all packages" . If it wasn't clear earlier, use the volume buttons toggle up (or down) to select backup/restore. *You can then implement your selection by pressing the power button on the right side of the phone. On the next screen select backup, and then let it do its’ thing. It may take a while to complete, but will be well worth the time and effort if you have any future problems.
The Entire Process Is Finally Complete
So there you have it. In a nutshell, here were my steps:
1. Samsung drivers
2. Super Oneclick v 1.7
3. E. Signature fix
4. Titanium Backup PRO
5. ROM Manager (free version)​
Use the rear USB ports or powered USB ports for the phone connection. Phone should be in USB debugging mode, and external SD card should not be mounted. For each process, it may take up to 2 or 3 attempts for successful completion. So keep trying after the first FAIL message. When applicable, “Reinstall All Packages” to make sure that downloaded files are actually installed.
And lastly, if absolutely nothing works correctly for you, PLEASE PLEASE PLEASE use Google for help. Many others have successfully worked through all of the problems you might encounter that aren’t listed here. Actively use Google to help find solutions to any problems, using the exact error messages shown and adding in your phone type. You will be amazed by the depth of experience out there that can help you.
Above all else, keep up a good attitude. Rooting might be a pain in the ass while you are doing it, but it’s for a greater purpose. My four days of rooting have now given me a phone that is FREE from all the bloatware that bugged me for the past two years. And soon I’m sure I will experiment with a different ROM. But for now I’m just happy that I have my phone, my way. After all, if they (TMo and Samsung) aren’t going to make our phones better, we can do so for ourselves.
Good luck, and I hope this complete set of instructions from my own past 4 days of experience will help someone else!
A good read. A few things though with the Titanium part.
First I whole-heartedly agree to kick down the $ for the Pro. It really ups the functionality of the app and what all it can do.
The part about "freezing". This part is tricky b/c you need to make sure he apps that you are freezing are indeed bloat and not something that is needed for something else (i.e. did you know that GTalk directly effects the market on some ROMS). I don't use Gtalk but I still have it installed and frozen so I can defrost at will. This is the reason for Freeze. It lets you know of any adverse effects on your ROM, other apps,...then you have the option to defrost if need be. I also always avoid doing anything in "Batches" on TBPro, as it can sometimes be a little wonky, especially when restoring batches, causes reboot and freezes resulting in batterty pull.
I freeze for at least a week on new ROMs so that I get the full experience with daily life to make my determination on uninstall, defrost or wait longer.
Another way to do it is once you know the apps that are frozen do not effect any other parts of your ROM, you can back them up with TBpro for later use and uninstall or you can do it this way. Since you have root, go into /system/app or and pull the APK out and put it in a folder or something like that on your SD card. You would do this to some of the /system apps that TB shows as only haveing a checkmark next to and not the yellow/orange circle with the M in it. If you uninstall these with the checkmark you will not be able to restore them b/c part of the executable portion of the APK is not able to be backed up. This is the reason to pull the app out of /system/app and put it on your SD card. Hit menu, more, Clean up Dalvik cache and viola!! you have some free space on /system and the offending APK's dex will be deleted too.
Sidenote: I have never been able to get SuperOneClick to work on any phone I have ever tried. Maybe I'll unroot and try again but the SU exploit is a flashable zip located here. Option A. Put it on your SD card, boot into recovery and Bam!!! you are rooted
Nice work though.
Where can we still get Super Oneclick v 1.7?
http://forum.xda-developers.com/showthread.php?t=739300 make sure you have ADB turned on and use the USB ports from the back not front
too lengthy.
Just got vibrant
Sent from my SGH-T769 using xda app-developers app
Sent from my SAMSUNG-SGH-I317 using Tapatalk
Delete..

Galaxy Tab 2 7" - Education Use

Hey all,
So I've got a couple Galaxy Tabs for an elementary school. I am trying to find a way to manage custom "images" so we can quickly re-deploy for multiple functions (reader device for children, travel device for teachers, etc). If I could root the devices, I could simply create custom ROM backups with all the needed apps for each function and then simply install the needed ROM... but rooting isn't really an option for me at this point. Since these are business machines, we need to keep the warranty intact.
I'm thinking I need a way to quickly deploy app packages after a stock wipe, this way I can push all apps at once for each function. Does anyone have/know of a way I could achieve this functionality using a stock device without root access? I am currently pursuing "APK Multi-Tool", formerly "APK Manager", but have yet to determine if this requires root. Also, I think modifying the APKs is out of the scope of what I need.
Any help would be greatly appreciated!
Tryp
TrypWyr said:
Hey all,
So I've got a couple Galaxy Tabs for an elementary school. I am trying to find a way to manage custom "images" so we can quickly re-deploy for multiple functions (reader device for children, travel device for teachers, etc). If I could root the devices, I could simply create custom ROM backups with all the needed apps for each function and then simply install the needed ROM... but rooting isn't really an option for me at this point. Since these are business machines, we need to keep the warranty intact.
I'm thinking I need a way to quickly deploy app packages after a stock wipe, this way I can push all apps at once for each function. Does anyone have/know of a way I could achieve this functionality using a stock device without root access? I am currently pursuing "APK Multi-Tool", formerly "APK Manager", but have yet to determine if this requires root. Also, I think modifying the APKs is out of the scope of what I need.
Any help would be greatly appreciated!
Tryp
Click to expand...
Click to collapse
App Backup & Restore doesn't use root and can backup apps to the SD card. As this isn't root, it won't backup data, but can batch back-up/restore apps.
Thanks Shakatu, I am looking into that app manager right now...
Along these lines, would anyone perhaps know of a Windows-based app manager/installer which does not require root?
Thanks for the assistance!

Downgraded to Kitkat and rooted ...... housecleaning time.

So ...... I bought a copy of Titanium Backup to backup/freeze/erase the unneeded stuff. Installed Sdfix and backed up everything to SDcard. Is there a list or easy method for determining what I can freeze/wipe?
Think I'm gonna leave it at Kitkat for now. It appears to work and does what I need it to do. How long do you think I can get away without upgrading for new mainstream features, etc?
Edit to add: Reading on XDA, I found info on some really interesting privacy apps called "Xprivacy" and AFWall+. Xprivacy allows you to restrict individual permissions on apps and AFWall+ is a really simple firewall. It's worth your time for a look if you value your privacy and security.
github.com/M66B/XPrivacy (prefix is https)

Life without root

In preparation for the impending upgrade to Android 6 Marshmallow, I'm trying an experiment on my Android 5 based Zenfone 2. I'm going to see how annoying it is to give up root. The first thing I did on my first android phone was root it, so I've only every used rooted Android devices.
Prologue:
Root on Android 6 (usually) requires an unlocked bootloader, because root is achieved by modifying the boot image to inject su into the system. That way the system image is left unmodified and can continue to pass dm-verity checks.
At the moment, there does not appear to be anyway on the Zenfone 2 to unlock the Marshmallow beta bootloader, and it also appears to relock any unlocked bootloader. In fact, the droidboot binary in the droidboot.img of the Marshmallow beta contains the strings rm -rf /factory/asuskey and rm -rf /factory/asussignature. droidboot also contains the strings unlock successfully...reboot after 5 seconds and **** Unlock bootloader? **** as well as other strings referring to unlock (droidboot from the .184 Lollipop also has those strings). So, my hope is that there is a simple way to unlock the bootloader, which will be revealed by Asus, or discovered by somebody.
My thought is that worst case those of us who want root will use an unlockable Lollipop bootloader with a Cyanogenmod 13.1 based ROM created with updates from the Asus Marshmallow source code.
Experiment:
I've removed Xposed and SuperSU from my phone. Making it stock Android 5. I'm documenting here the functionality that I lose. The first goal is for my own amusement to keep a log of what I'm giving up.
The second goal, and probably the major one, is to solicit suggestions on what can be done to replace the functionality I'm losing.
What I'm giving up:
AdAway - No system wide ad blocking. Firefox with uBlock Origin should cover blocking ads on the web. I usually buy apps I use frequently, but I'll have to see which ones are annoying with ads. I'm aware of the VPN based ad blocking methods, but I'll have to wait and see if it comes to that.
AFWall+ - Using root to improve security... I mostly use this to prevent some apps from using mobile data, and to prevent some apps from gaining network access at all.
BetterBatteryStatus - It works in non-root mode, but not as well.
BusyBox - Without root, there isn't much need for this anyway.
Cryptfs Password - Once again, security is harmed by removing root. This allowed my encryption pin to be different (and much longer) than my screen lock pin. I don't want to type 10 digits to unlock my screen, but it's fine for booting.
Greenify - This definitely kept some aps in check, but perhaps Asus' Auto-Start Manager will be able to replace it.
GSam Battery Monitor - Like BetterBatteryStatus, this had a root component to provide more information.
Kernel Adiutor - For some reason my phone seemed to only go to 1.8ghz instead of 2.3ghz, so I used this to fix it.
Linux Deploy - I never used the Linux chroot image for much, but it was a cute toy.
Secure Settings - This let tasker automate adjusting some things which require root to change.
Titanium Backup - This is a massive loss in functionality. Simply having backups is tremendously important. The ability to freeze unwanted system apps is also nice. I can reload many of my apps from Google, but not all of them bother to save their settings in the Google backup. Ohh, the bloat!
Trimmer (fstrim) - Probably not really necessary, anyway.
Xposed
Amplify - It saved me lots of wakeups, but I don't know if it really did much to increase battery life.
Fix Lollipop Memory Leak - I don't know if this did anything, either.
GravityBox [LP] - I didn't tweak too much, but what I did change was really useful.
NetStrength - I like replacing my wifi bars with useful information.
ProtectMyPrivacy - The permission settings in Marshmallow would make this obsolete anyway.
YouTube AdAway - Nice, but not required.
What I'm gaining:
Android Pay - I guess I can play with this now.
AFWall+ - Using root to improve security... I mostly use this to prevent some apps from using mobile data, and to prevent some apps from gaining network access at all.
Click to expand...
Click to collapse
Asus has integrated a firewall iptables recent months.
Asus mobile manager -> User Data -> Restrict (bottom of screen)
For the rest, no root is to accept to take along twice monitoring tools of an advertising billboard.
Keep in mind that Google is an advertising agency that is desperate to earn money, including harassment to get the maximum information.
Its purpose, despite what he claims, is not to improve people's lives, but his bank account.
Android is a disguised tools for Google, not for the people who is a commodity to be exploited.
I'm gonna miss Adaway and Afwall+ the most. Afwall+ is much better than the Asus built in firewall. You can disable net access by default for newly installed app. You are notified to set firewall rules when you install an app. You can filter apps to be set. If only Asus could provide a such a bunch of feature for their firewall, I won't miss root so much.
Sent from my Asus Zenfone 2 using XDA Labs
IDEDALE said:
Asus has integrated a firewall iptables recent months.
Asus mobile manager -> User Data -> Restrict (bottom of screen)
Click to expand...
Click to collapse
Thanks for the info about the functionality in Asus Mobile Manager, I didn't know that.
As far as Adaway goes, try this https://block-this.com
Sent from my ASUS_Z00A using Tapatalk
IDEDALE said:
Asus has integrated a firewall iptables recent months.
Asus mobile manager -> User Data -> Restrict (bottom of screen)
For the rest, no root is to accept to take along twice monitoring tools of an advertising billboard.
Keep in mind that Google is an advertising agency that is desperate to earn money, including harassment to get the maximum information.
Its purpose, despite what he claims, is not to improve people's lives, but his bank account.
Android is a disguised tools for Google, not for the people who is a commodity to be exploited.
Click to expand...
Click to collapse
Agree with most of that... unfortunately the ASUS mobile manager "firewall" doesn't work any more on the current marshmallow beta.
It's still there, but it seems not to work for blocking apps.
The new app permission system in MM may be used to prevent apps from connecting around, in theory at least, but I'm not sure how effective that is.
This phone without root absolutely sucks. There's a thread on the ASUS forum, guy has links to pre rooted system images but I haven't tried it.
http://www.asus.com/zentalk/thread-39487-1-1.html
Sent from my ASUS_Z00AD using XDA-Developers mobile app
The thread mentioned was opened in September '15... Didn't try downloading the files but can't imagine that there's a pre-rooted file out there already. Somebody would have known and told us, I guess
If anyone tried and it works, may you leave a line!
sent from my Binford Z00AD using tapatalk
nfc expert said:
if you want stop ad without root, you can try this : https://block-this.com/
Click to expand...
Click to collapse
kenbo111 said:
As far as Adaway goes, try this https://block-this.com
Click to expand...
Click to collapse
There are several other VPN based ad blockers as well. AdClear, AdGuard, and I think some more.
I played with some of them when they first started coming out, but always returned to the host file based blocker, because it was easy and worked fine with root. I think the phone has plenty of RAM and CPU to run these VPN ones, but I haven't been annoyed to try them again. So far uBlock Origin in Firefox has been fine. In the almost two days since unrooting I've used one app which shows me ads.
IDEDALE said:
Asus has integrated a firewall iptables recent months.
Asus mobile manager -> User Data -> Restrict (bottom of screen)
Click to expand...
Click to collapse
Thanks for the tip, I didn't know about it. This was easy enough to setup, even if it doesn't have as many features as AFWall+. I haven't tested to make sure it works.
My idea to get root on Asus' Marshmallow release is to install just the system, but keep the unlocked bootloader and ifwi from Lollipop. It should be easy enough to modify the updater script to only flash the system and boot image, while leaving the bootloader and ifwi alone. I don't know if that will work, or if the system will crash when it finds an old ifwi, or if the bootloader will fail to load the new system. With an unlocked bootloader, root is trivial.
As long as the bootloader is in place, it should be easy to recover from a broken system.
Don't take my word for it though, these are just ideas, and I'm not ready to try them yet. My warranty is over at the end of the month, so I'll unlock my bootloader then.

SafetyNet reports no problem after switching off root access in developer settings

I do not know if a lot op people know this:
I just checked on a Moto Z if the app "SafetyNet Test" reports an issue after I switch off "root access for apps and adb" in developer settings. It does not, it reports a safe device!
Switching root access on, "SafetyNet Test" recognizes immediately a problem.
I always thought, switching off root access would still case a problem.
Congratulation LOS team!
For root access I am using the addonsu-16.0-arm64-signed from LOS.
So, my question, what is the advantage of Magisk?
ischninet said:
I do not know if a lot op people know this:
I just checked on a Moto Z if the app "SafetyNet Test" reports an issue after I switch off "root access for apps and adb" in developer settings. It does not, it reports a safe device!
Switching root access on, "SafetyNet Test" recognizes immediately a problem.
I always thought, switching off root access would still case a problem.
Congratulation LOS team!
For root access I am using the addonsu-16.0-arm64-signed from LOS.
So, my question, what is the advantage of Magisk?
Click to expand...
Click to collapse
For LOS users who simply want superuser access (root) of the OS, the su add-on will certainly suffice. Magisk allows users to implement a fully systemless environment with which to manage & utilize root access. Magisk includes a myriad of systemless modules such as XPosed, BusyBox, audio mods, etc. These modules can be applied and used without touching the /system partition, which comes in handy for users who plan on installing future OTAs without breaking root. Magisk also includes a nifty feature known as "su hide" (Magisk Hide), which has the ability to hide root from certain apps that check for it (Netflix, Google Pay, etc), allowing these apps to run normally on rooted devices. And, as you've already noted, Magisk root can pass both basicIntegrity & ctsProfile within Google's proprietary SafetyNet protocol.
When deciding between the LOS root add-on and Magisk systemless interface, it comes down to personal preference and the individual needs and expectations of the user.
Viva La Android said:
For LOS users who simply want superuser access (root) of the OS, the su add-on will certainly suffice. Magisk allows users to implement a fully systemless environment with which to manage & utilize root access. Magisk includes a myriad of systemless modules such as XPosed, BusyBox, audio mods, etc. These modules can be applied and used without touching the /system partition, which comes in handy for users who plan on installing future OTAs without breaking root. Magisk also includes a nifty feature known as "su hide" (Magisk Hide), which has the ability to hide root from certain apps that check for it (Netflix, Google Pay, etc), allowing these apps to run normally on rooted devices. And, as you've already noted, Magisk root can pass both basicIntegrity & ctsProfile within Google's proprietary SafetyNet protocol.
When deciding between the LOS root add-on and Magisk systemless interface, it comes down to personal preference and the individual needs and expectations of the user.
Click to expand...
Click to collapse
Nice explanation. I've always used true root and not systemless and have never tried magisk. I am delighted by how easy lineage makes it to add root and that it's own privacy guard software handles the su permission. To me from outside looking in magisk just adds a ton of complications to simple access to the modify system files to which it doesn't actually modify because it's systemless. I definitely prefer traditional root access that lineage allows. In a perfect world Google would allow root access how lineage implements it. You have to flash a file and turn it on and assume all responsibility. I don't know what Google is so afraid of. People use the argument that people would be bricking their phones left and right but some how Microsoft and every Linux distro has allowed access to system files without issue.
Joe333x said:
Nice explanation. I've always used true root and not systemless and have never tried magisk. I am delighted by how easy lineage makes it to add root and that it's own privacy guard software handles the su permission. To me from outside looking in magisk just adds a ton of complications to simple access to the modify system files to which it doesn't actually modify because it's systemless. I definitely prefer traditional root access that lineage allows. In a perfect world Google would allow root access how lineage implements it. You have to flash a file and turn it on and assume all responsibility. I don't know what Google is so afraid of. People use the argument that people would be bricking their phones left and right but some how Microsoft and every Linux distro has allowed access to system files without issue.
Click to expand...
Click to collapse
It's a common misconception, but systemless root is "true" root in a sense that /system can be mounted as r/w, and can be modified if the user so chooses. It's really just a matter of preference. Root can be hidden from apps far easier in a systemless scenario. To my understanding, the biggest difference between system-wide root and systemless -- in terms of implementation -- is that the root binaries are introduced into the OS in two different manners -- one by modifying the /system partition directly and the other by way of the boot image. Both methods allow for system level modifications, and give the user full and unfettered access to the core of the OS. It's more about the method of achieving root than it is the final result. In sum, the term "systemless" root in no way means that the /system partition cannot be modified. Rather, it implies that the Android OS was rooted without the /system partition being modified or mounted r/w. This is especially necessary these days, with so many devices having dm-verity, Android Verified Boot (AVB 1.0, AVB 2.0), etc.

Categories

Resources