Database Users

Device Admin

Hello,
Our school district is looking into getting some Android Powered Tablets for us, the techs to use. We need to be able to lock them down (school policy and if the teachers eventually get them), from app installs to wifi usage. We have iPads restricted using the iPhone configuration tool.
anyways, I found online the Device_Admin code/api but I have no idea how to implement it or get it to work. In Android 2.2 there's the option under Settings/Location and Security to set the Admin but nothing is in there.
I have no idea how to code and neither does the other guy I'm working with on this. Is there an easy way to get this setup and configured so we can manage Android Devices on our Network?
Any help would be appreciated. Thanks.

Do you mean this API: http://developer.android.com/guide/topics/admin/device-admin.html ?
As far as I understand it allows to manage password strength, lock timeout, immediate lock and device wipe only. So no restrictions for "app installs, wifi usage" etc. Maybe I'm wrong.

IF that's all it does then maybe that's not what we want.
Is there software/API..etc... that we can use to "lock" the devices down?

Interesting question, could you specify exactly all features you need?
We're thinking to develop some kind of parent control app for Android, so your request for app is looking very similar.

Correct me if i'm wrong, but isn't locking down an android device pretty much impossible?
You can lock down the ROM (probably) but that wont stop someone flashing a custom recovery image, backing up the data, then flashing a new ROM (provided the tablet can be rooted).
To fully lock it down wouldn't you have to lock the bootloader and recovery image so that they need a password to be used? I'm not sure that's possible.

We're not so much looking to completely lock down the device. Honestly if the Teachers get these I doubt they'll try and mod the Bootloader or load ROM's. But we are looking to, if the teachers get them and even other techs get them to use we want to lock them down in a way that prevents them from install unapproved apps, restrict purchasing apps and accessing Wifi/Marker.
We have 10 or so iPads in our district, they are locked down by a policy we push to the pad when WE set them up. It restricts the App Store, removes Safari Browser and doesn't allow app install. It also uses our LightSpeed browser settings so that they can't get to "naughty" or other such sites.

After quick research it seems that you need custom ROM or at least rooted phone where standard browser, market etc are removed and some configuration parameters are hard coded. Also keep in mind that there's no lightspeed guide browser app for android, only for ipad, iphone. I would say there's a lot of work.

How to uninstall default applications from Archos 70 Internet Tablet

Does anyone know how can I uninstall the default applications like browser,video player,photo viewer..etc on a Archos 70 Internet Tablet?Has already someone tried this before?

You cannot remove them because they are baked into the read only system image.
a) you can hide them, with the +rw rooting package: http://forum.xda-developers.com/showthread.php?t=930197 but it doesn't give you more disk space
b) you can use custom roms like urukdroid
It's your choice.

there is no software which can disassemble the rom from archos to get those out of there?is there a kitchen for archos's rom's?

Nobody has ever written that kitchen software. But this is what Urukdroid was made for

If you are rooted, titanium backup could do the job
-------------------------------
Sent from my HTC Desire S

On a related note: I have several apps installed for experimental purposes. I do not want these apps to be started (= become active) automatically.
The same goes for several standard apps. E.g., I often see tasks running for Gallery, Google services, Archos Firmware Update (pointless since I'm running UrukDroid).
Is there a way to prevent this?

sciurius said:
On a related note: I have several apps installed for experimental purposes. I do not want these apps to be started (= become active) automatically.
The same goes for several standard apps. E.g., I often see tasks running for Gallery, Google services, Archos Firmware Update (pointless since I'm running UrukDroid).
Is there a way to prevent this?
Click to expand...
Click to collapse
Titanium Backup Pro.

Thanks for the suggestion.
As I understand it I can use this to freeze apps (make them temporarily unavailable). What I want is to just prevent automatically starting of an app, while the app is still available in the full app overview and can be started manually. Can this be done as well?

sciurius said:
Thanks for the suggestion.
As I understand it I can use this to freeze apps (make them temporarily unavailable). What I want is to just prevent automatically starting of an app, while the app is still available in the full app overview and can be started manually. Can this be done as well?
Click to expand...
Click to collapse
Sorry, I misunderstood what you wanted to do and I don't know of anything that will do what you want.
Don.

@sciurius:
Android was designed as an OS for mobilephones and they had slow external memory when this started.
So one of the esignes of android is that every sw dev can decide how much of the software should be in memory as long as possible by implementing parts as a so called service.
These get started everytime the device is run.
Other programs get started because they where started by you often, or because they answer to some systemmessages
First get some infos about "Autostart Manager" Apps, some work without root.
Might be interesting to get some infos and you might be able to even write somekind of artikel.
This one is in german, but you just use google translate.

Hi
I use android assistant (available on the market) with an option which may prevent some apps to start

[Q] Virus or Android now Untamed?

Hello Good People of XDA
I have been a i9506 owner for quite long, had a 9100 before,
I am used to root and mess with apps to customize things to my wim,
at the best of my knowledge (I lack android programming skills, but I can do things with terminal and filesystems).
All that before to say I am not totally a noob, but my lack of technical knowledge might bite me there.
System wise, I am under 4.2.2, rooted, unknow sources are not allowed, system check for apps is allowed,
I have an antivirus (more than one, but only one works each day, just to be sure I don't miss things)...
My problem is that I recently found out that some apps, actually system apps, blocked
with Titanium backup, or with gemini app manager, or app quarantine,
were actually running anyway.
They are marked as blocked in my app manager, but can still be force closed,
and they appear in battery displays (most of these under the android system block, in the list of services/apps used),
and in process running when using Ccleaner apps.
Also, my battery display show GPS is activated, while when I go into options, all boxes are off or unticked.
I thus wonder what's happening?
How is it possible to have these schrödinger apps tamed and blocked like I want them.
I want these to shut down and only work when I DO ALLOW these, for them not to suck my battery or do unauthorized chores like tracking me when I don't want.
How is it possible that they even behave like that? In i9100, I never observed that in Android 4.0.
I wonder if Google didn't change the workings for making us unable to disactivate what we don't want to work, which was pissing them off.
They already change the permissions displays in the market so permissions as intrusive as "contacts/sms message/USB stockage" are considered "not relevant/important",
while they are depending on the announced display of the app.
But I don't want to go on the "conspiracy route" (I am not like that, I am a pragmatist and I just observe facts, like these apps, with sensitive access, not being able to be deactivated), so let's focus on the technical part:
such apps were Maps, Samsung sync adapters, NFC service , Google Agenda/Contact synchronisation, sysscope, context provider, etc.
That's a lots of things that are supposed to communicate to cloud or other devices, with feels lot like a gaping flaw in the armor...
I want a phone and a tool, not something that track me or put me at risk of being stolen by somebody with technical knowledge.
Am I alone?
Thanks for any insights.

Blocked apps still working
I don't know if my title was too unclear, so I would like to change the title but am unable to do so?
Is it please possible for a moderator to do it (with the title of this post)?
Thanks by advance.
I feel like it is a true problem not being able to block some apps,
or even more, to believe they are blocked while they perfectly perform in the background,
and display activity only in secondary reports, not under their respective "buttons"/information tabs.
I wonder abourt the technical reason to such behavior.

Then delete those apps or block some of the permissions with an app (eg Privacyguard).
It's my opinion that an antivirus app (at the moment) is a waste of resources. Just think before you install something. Also if you are worried about security, you should always run the latest version of Android. 4.2.2 is an old version.

Lennyz1988 said:
Then delete those apps or block some of the permissions with an app (eg Privacyguard).
It's my opinion that an antivirus app (at the moment) is a waste of resources. Just think before you install something. Also if you are worried about security, you should always run the latest version of Android. 4.2.2 is an old version.
Click to expand...
Click to collapse
Thanks for your answer.
Well I don't want to delete system app when they might be useful at time.
I just want them to behave correctly, that is, not work when they are blocked.
That is not a solution to say "uninstall this", while the true problem is Android general behavior here.
I didn't installed system apps, they came with the thing, and all of them are not bloatware.
"NFC service" is something I want to keep for when I am ready to use it,
but I don't want to let it free and unleashed because of the opening it leaves on my phone.
Same goes for bluetooth, synced backups and so on.
I don't want backups on the cloud, so I deactivated the options, and blocked the apps.
Why are they running? It is not normal!
And my old version is maybe not secure, but actually trying 4.3 hasn't changed anything,
and I only suspect this to be some "new feature".
The antivirus is a waste for scans, I agree, still it has useful firewall features that justifies in itself its uses.

Setting up CyanogenMod with maximum privacy (no more Google)

I'll try to make it as simple as I can.
Here is what I want:
CyanogenMod with root privileges
Full control over which app, service or system component can access my data and the Internet.
(at the moment for instance I can't alter the "network access" privileges of my apps)
Safe to use speech recognition software
Safe to use, sophisticated navigation software
My questions:
Is that even achievable without a ton of work?
Is there a simple way to flash CyanogenMod without pre-installed bloatware? (e.g. Google apps, Skype, Cortana, ...)
Which tools should I use to make sure that apps can only access what I want them to?
Is there speech recognition software for Android that doesn't require Internet access?
Is there a navigation app that is capable of using the offline maps of Google Maps without requiring an Internet connection?
(e.g. Google Maps makes itself useless if you don't update from their servers every 30 days)
From your experience, do apps refuse to work when you deny certain privileges?

ferivon said:
I'll try to make it as simple as I can.
Here is what I want:
CyanogenMod with root privileges
Full control over which app, service or system component can access my data and the Internet.
(at the moment for instance I can't alter the "network access" privileges of my apps)
Safe to use speech recognition software
Safe to use, sophisticated navigation software
My questions:
Is that even achievable without a ton of work?
Is there a simple way to flash CyanogenMod without pre-installed bloatware? (e.g. Google apps, Skype, Cortana, ...)
Which tools should I use to make sure that apps can only access what I want them to?
Is there speech recognition software for Android that doesn't require Internet access?
Is there a navigation app that is capable of using the offline maps of Google Maps without requiring an Internet connection?
(e.g. Google Maps makes itself useless if you don't update from their servers every 30 days)
From your experience, do apps refuse to work when you deny certain privileges?
Click to expand...
Click to collapse
Dude- You should start developing your own rom in this case.
But consfused here and at this point i think you dont know.
CyanogenMod & Cyanogen OS
Assuming- when you said, cortana etc etc--- i think you are on cyanogen OS.. Which is the original OS for 1+1.
1- To achieve, you need to work.
2- Some optimized COS builds in XDA one android dev section- try a search. but not latest 13.1.2-ZNH2KAS3P0. Root using SuperSU. and use system app uninstaller to remove apps you dont need. Some debloater zips also lurking around in XDA. If you install CyanogenMod, then no need of gapps flashing if you dont use google account.
3. you can stop background data for the apps you dont want. Settings in most roms.
4. Speech recognition can be used offline after u download all languages of your choice. Not 100% and dont use it.
5. Try Maps.me. i didnt know google map needed to be force updated every 30 days unless some one restructures the entire landscape and routes.
6. Certain apps refuse to work if you dont grant permission. yes. its like telling some 1 without hands to eat from hand,.
:good:

Thank you so much for your reply. I indeed did not know that there is a difference between Cyanogen OS and CyanogenMod. But if I understood you correctly, CyanogenMod comes without gapps. (I hope it also comes without Google Play Services?)
The offline speech recognition you linked to seems to be from Google. I bet it will require Google Play Services and an Internet connection after some time, just like Google Maps does and I'm really afraid of that.
I might give Maps.me a try, but I think Google Maps still has by far the best most detailed and correct maps especially when it comes to POIs.
I would consider using official Google Maps, if there was a 100% safe way to wipe all the data the app collects before I allow it to update the maps. Alternatively, maybe I could download the apps from a second device and just copy the map data over to my main device every once in a while.
An even more crazy approach might be to spoof the time/date data for Google Maps so that it thinks the 30 days haven't been reached yet.
But I would still be very concerned about Google Play Services. Would microG be sufficient for my purposes to replace Google Play Services?
edit:
Okay, I have a rooted CyanogenMod without gapps now on my OPO.
edit2:
I have Xposed with modules "Xprivacy" and "Per App Hacking" installed now.
Xprivacy is an app permission manager and "Per App Hacking" can be used to spoof the system time an app will see. Hopefully I'll be able to fool Google Maps with it.
edit3:
I have microG installed now. Hopefully this will be enough to run Google Maps.
I really need to make sure I understand Xprivacy before that though.

My recommendations:
1. I recommend full device encryption with long and secure boot password and easy to use pin lock screen password. Here's more info: http://forum.xda-developers.com/general/security/guide-separate-passwords-encrypted-t3048072
2. Get an email address from a provider that respects user privacy i.e. Riseup. https://riseup.net/
This is one the most important things to do if you don't want google / yahoo / microsoft scanning your email for surveillance / marketing purposes.
3. Use apps from F-Droid. It's an app "store" for open source apps.
4. Always use Afwall+ to have control over which apps have access to internet. Even better if you use Afwall with combination of Orbot. This way you can route some apps through tor (need a custom script though). Orwall does the same thing more easily.
5. Instead of closed source Supersu, use open source superuser http://forum.xda-developers.com/android/software-hacking/wip-selinux-capable-superuser-t3216394
6. For maps I recommend openstreetmap. Download Osmand from F-Droid. It has navigation too.
7. For cellbased location provider, use unified location provider found from F-droid. It's connected to microg projects.
8. For encrypted SMS use Silence from F-droid (recipient needs the same app if you use encryption).
9. For encrypted instant messaging use Conversations (XMPP client) from F-DROID. Or Riot (which will soon have strong encryption).

Hey tofu thanks for your answer, I appreciate it!
I'm only really concerned about my phones software spying on me.
About the email thing: I'm running my own email server for that.
But I'm still looking for a way to anonymously creating a google account without providing my phone number.
I'm using F-Droid already and it's great.
I'll never go back to the play store that's for sure.
And for anyone else reading this, please don't touch the amazon app store, it's pure poison.
I'm also using AFWall+ already, but I'm not satisfied at all. The creator doesn't really seem to care about ensuring that no data gets leaked ever. I read a lot of reports that data was being leaked every once in a while, especially during system boots.
This is really scary to me... I'd really like to have a safer firewall.
Blocking Internet/networking permissions directly just causes apps and the system to become extremely unstable. I soft-bricked my phone like 5 times while playing around with it the last few days.
I was not aware supersu was closed source. I'll switch to the open source alternative soon.
I just installed OsmAnd~ and I'm not very satisfied. Navigation was ok, the tts voice was absolutely terrible and I wasn't able to find a single POI, I wouldn't even be surprised if it would fail to find the next McDonald's to my place. Google Maps just seems completely unmatched to me.
And about that: I was actually able to get Google Maps running without Google Play Services installed and I was able to successfully use it offline, spoofing the system time for that app, so that my maps would never become outdated. I notices a few downsides though, for example it only works for car navigation (bicycle mode etc are not available). After completing the installation of all the microG components I wasn't able to get it to work anymore though (I couldn't download the offline maps, because I couldn't enter my google account data anymore...).
But I'll figure out how I did it and go with Google Maps then.
To complete the microG installation I installed unifiedNlp with GSMLocationNlpBackend.
For encrypted messaging I'll probably be forced to stay with WhatsApp, as I can't possibly convince all of my friends to switch. But hey at least WhatsApp claims that your messages are end-to-end encrypted.
But obviously WhatsApp will always know who I know... that problem seems pretty much unfixable to me though...
I have btw also tried to get Google Now (speech recognition) to work offline. But I was unsuccessful. I have read reports of others getting it to work for literal voice to text applications... it won't take voice commands though. So that's not very useful... unless there was a way to define your own voice commands somehow.
But my biggest worry at the moment really is the firewall. I feel like there is nothing that you can really trust to work reliably.
And also the fact that Xprivacy can't restrict file access to certain folders... it's either all or nothing.
The worst of all might actually be IPC though (inter process communication) which a lot of apps require permissions for. And from what I understand any app with that permission could use another app as a sort of proxy to access the Internet.

I'm using a Google-free device with maximum privacy, so maybe I can not answer all your questions but I can give you an idea. First of all - disclaimer: I'm here because my girlfriend has an Oneplus One (OPO), but I do not have one. I use her old Nexus 5 (N5), but you will get the general idea. You already noticed there is a difference between CyanogenOS (COS) and CyanogenMod (CM). It also took me a while to figure out that difference. If you still have a stock Android in your OPO, it should be a COS 13.1 which is based on Android 6.0.1 and comes with alot of bloatware from Google and Microsoft.
1. First step is to find a suitable ROM for your needs. If you are used to COS and have not much experience in chosing custom ROMs, you should give CM a try. Here is the official wiki which includes Download links and installation instructions: https://wiki.cyanogenmod.org/w/Bacon_Info
2. The 2nd step after installing CM is the full device encryption, can be found in Settings > Security. If you do it on a clean phone without any apps and data it only takes a couple of minutes and chances of breaking stuff are low at this step.
3. Now I usually root it (with SuperSU) and install some magic which is called XPOSED framework. It's something which allows you to install modules on your phone on system level, not like an Appstore, but rather like a Tweakstore. There are a lot if chances you break stuff and most of the modules do not work with CM, however, one module to beat them all is the XPRIVACY module. It gives you back full control on everything. You can manage App permissions, you can fake permissions or if apps do not want to run with your set of permissions, you can even feed fake data (like wrong GPS signals, etc.). Read more here. http://repo.xposed.info/module/biz.bokhorst.xprivacy
4. F-Droid, yeah, the one open-source repository for your new apps. I'll install it at this point.
5. Now, that the device is flashed with CM, probably rooted and with a custom recovery, you have to flash a stock recovery again and lock the bootloader. Stock recovery because it does not allow any malicious party (hacker with physical access, police, intelligence services, etc.) to deploy any code to your phone which compromises your privacy. Locked bootloader is important to disallow any malicious party to boot anything they want which also compromises your privacy.
And this is pretty much what you need to get started, a rock solid environment free from Google. Make sure you have a strong PIN, I also use randomized screen locker, so people can not "observe" the way you enter your PIN.
For encrypted calls and SMS there is Signal, but that does not work without Google services and LibreSignal, the Websockets version, was discontinued just recently. For encrypted IM use ChatSecure rather than Conversations. Both are XMPP clients, but Conversations does not allow you to import or export OTR keys, which is very annoying for an Jabber client. For not so sensitive chats, I use telegram.
Finally, not having Google Play and Google Services available, makes the experience a totally different for the android device. Apps like Snapchat which do not require Google, but still do for some unknown reasons checks for Google, wont run. Also, a lot of apps work without Google, but you can't install them without downloading suspicious APKs from dubious websites. Be very carefull from where you download and install software if you can not find what you need in F-Droid.
I hope that helps you for your considerations.
---
Edit, one more final note. I also use OsmAnd and have to say it never let me down on any occasion (except when I forgot to download the maps before going somewhere remote without internet). The geodata quality is excellent in most urban areas, but the interace and usability are a mess. If you find your way around in the interface, the navigation works out pretty well. I sometimes have issues calculating very long routes, but you start to live with that.

Thanks for your input 5chdn! Most of the stuff you mentioned it already on my phone.
I made some progress yesterday and I'd like to share my current configuration:
All the apps I mention in this post are (at the time of writing) available in F-Droid, unless stated otherwise.
Everything I mention in this post is free and open source, unless stated otherwise.
Recovery Image: TWRP
ROM: CyanogenMod
'Apps' that have to be flashed:
SuperUser (this roots your phone which means you can grant root access to apps)
Xposed (provides a lot of important privacy tools)
Apps:
F-Droid (app store that provides free open source apps)
AFWall+ (manage which app can access the Internet)
Autostarts (manage triggers that apps can use to start themselves)
AdAway (can remove ads from apps)
Xposed Modules:
BootManager (manage which apps can start on boot)
Xprivacy (manage/spoof app permissions for privacy)
Safely using Google Maps offline permanently:
Please note: Google Maps is not open source.
Install microG (open source alternative to Google Play Services)
The installation complete installation consists of:
'microG Services Core' (aka 'GsmCore') (app)
At the time of writing this app is NOT available in F-Droid. This app also automatically installs 'µg unifiedNlp (NO GAPPS)' for you.
'microG Services Framework Proxy' (aka 'GsfProxy') (app)
'FakeGapps' (Xposed module)
'FakeStore' (app)
'XposedGmsCoreUnifiedNlp' (Xposed module)
'LocalGsmNlpBackend' (app)
'NominatimNlpBackend' (app)
'µg unifiedNlp (NO GAPPS)' (app) (will be installed automatically!)
Install 'Per App Hacking' (Xposed module)
Use this module to spoof the system time/date that Google Maps sees e.g. to '2016-10-14 10:00' so that offline maps don't become outdated. The feature to spoof the time is called 'time machine'.
I would really like to improve what I got so far and share it with the community.
If you know of anything that could help improve privacy please tell me.
I do not mention things like device encryption, passwords, lock screens etc, as these are a separate issue.

Reasons, Advantages and Disadvantages to unlock/root the G5 Plus

I am asking myself - specifically for the G5 Plus, but probably in a more general sense - where the huge advantages and disadvantages of rooting are, considering that the G5 plus comes with a relativly clean Android 7.XXX and a not an old overloaded android version, which didn't use to have many of the capabilities that Android 7 offers. I know that my questions might particularily overlap with questions in other topics, but for sure not every question, especially specific G5 Plus questions.
Overall I am interested in the topics security and product-experience, if you want to call it like that. I ask myself: Is root still worth losing warranty or is it not? Keywords or keyquestions that cross my mind are:
OTA updates: I guess those won't be possible anymore?
Encryption: Will it still work and increase security if the phone is lost?
Backup functionality, especially in combination with cloud services: Is there something like -backup my whole phone down to the very core on some google server (best proteced with a password and some AES256 encryption)- so that I can restore it some day in an easy manner? How would you backup your phone and settings, etc. with and without root?
Safety: What could happen if I lose my (bootloader unlocked and) rooted phone: Will someone be able to read my passwords (e.g. google...) and other sensitive information directly from the phone, even if it was locked, in the moment I lost it? What is the worst thing that could happen?
Root Functionality: How does the root access / superuser specificly work, e.g. if I'd accidentally install an app or similar, which might contain a virus: Is an app like this instantly capable of messing my whole system or will I be able to manually confirm specific security related changes, especially system changes, that an app might try to do? With other words: Does root mean that the system will be wasted by even the tiniest mistake or is there some security buffer?
Unlock Bootloader only: Is it an option (or make any sense to you) to just unlock the bootloader and install a the G5 Plus TWRP recovery without rooting the phone and does this give any advantages or is this just a totally nonsensical option, which is maybe not even possible? If I got it right, rooting does not necessarily need to reset the phone in any way, while unlocking the bootloader enforces to do a reset, right? In this context I was also asking myself if unlocking the bootloader (now that I don't have wasted precious time on customizing my phone, yet) right now is a useful option (without any disadvantage besides losing the warranty) and if I ever experience the necessity to root, I will only need like 2 commands and it is done - without having to reset my phone again?
Root Must Have: Is there any specific functionality or reason - you would say - one should definitly root the phone for, as it is a must have functionality, which would be locked without root?: I only have virtual examples, e.g. if Nougat would prevent me from changing the volume to a level higher than 50 % and the absolute exclusive possibility to change this was to get root access. Another example , although really not that critical one, could be: I noticed that I am only allowed to install 5 different finger prints... root could give me the possibility to install infinite finger prints?
Feature Loss: Does one lose some other neat features or functionality that is usually provided by Google or Motorola if the phone is not rooted but not possible anymore if it is rooted?
Third Party Trust: How can you people trust the TWRP Backup or custom ROMs? Don't you fear that there might be a virus or trojan horse within?
Best regards and thanks in advance for your patience with a newbie

No response?
172 view, no answers :-/. Guys tell me: Is it due to the length of the text? Is it something else? I could split it up in several questions, but I though that this would be unwanted.
And I will be thankful for every help on either of the bold buzzwords, it is not like you need to comment on everything

Must have for me: correct timestamps when moving or copying files using TC. Only possible with root.
Unlock only: yes makes sense. Unlock is the part where you lose all data, and then you can use fastboot boot to make backup. Rooting itself should not lose any data, so it is advantageous to unlock early. Root has time.
Lost functionality: on most devices using Magisk 12 you can pass SafetyNet, which means you can use Android pay, play Pokemon go etc, but the apps trying to detect root/unlocked devices get changed and may not work anymore at some time. Probably you will have lost this possibility when starting with unlocked bootloader and need to install Magisk to get green SafetyNet. Magisk hides the unlocked bootloader.
OTA: do a backup of boot partition before rooting, do no modifications on other partitions than data, cache and boot and you should be fine restoring boot partition to do OTA. It's easy to overlook some app using root to write system, logo, recovery, something, but backup should help. Or install complete firmware, then OTA is possible again.
Note: I do not have the device, just saw the questions which have the same answers for all current Motorola Android devices - you may search in general forums or forums for similar devices for answers

OTA updates: if you are rooted you have tempered with the system partition and therefore ota are not easily installed
Encryption:it is possible to wipe the phone and use if you are unlocked
Backup functionality Google already does backup some settings natively. you can still do an adb backup even without root
Safety: if they are techies they know how to access files via twrp etc. but worst thing is they just wipe it and use the phone
Root Functionality: root gives some apps access to the system partition which is not possible normaly. if you installe some dubious app which wants access to root to mess with your system you are lost.
Unlock Bootloader only: you need to unlock the phone to root it. by unlocking your phone is wiped clean. than you can root it. the advantage of installing twrp are the "easy backups" and installing custom roms or even root. there are no real advantages or disadvantages anymore. earlier you had to unlock/root/install custom rom to have some extra functionalities but android did mature and has most functions built in
Root Must Have: there may be some system limits which you can bypass with root like headphne volume limit, reading wifi passwords or/and having systemwide adblock. I personally do not see a benefit anymore. I used to root for having system-wide adblock but I can achieve it with rootless apps like adguard.
Feature Loss: you will lose android pay. you can not use some apps like mario run or pokemon go. you will lose OTA feature.
Third Party Trust: actually I dont know. with the custom rom base growing I only trust official lineageOS as it is review by many people before building. therefore the chance is reduced to have some spyware feature in it

I too would like to know, has the source code to ANY custom ROMs been reviewed by third party to verify no malicious code?
Although I worry that some ROMs could violate my data privacy, root is something that I simply cannot willingly go without - if I don't have root access, it's simply not *MY* phone, it's a phone that is configured to someone else's [some company's] desires and priorities.
I'm disappointed that the built in tethering does an "entitlement" check - AFAIK it's actually illegal (or, at least against contracts the companies signed with the FCC) for the cell phone provider to attempt to control what a user does with their allotted amount of cell data. Yes, the cell provider company can decide how MUCH data you are allowed based on what plan you pay for, but they are not supposed to restrict HOW you use YOUR data. Therefore, I demand unrestricted "tethering" from any smart phone that I use.
There are other apps I like to use that require root access: Root file explorers, Titanium Backup, Smarter WiFi Manager, Greenify/Servicely etc., but most of all, I CANNOT STAND the intrusive obnoxious awful ads which seem to be prevalent these days! A good ad blocker is an absolute must! The blame rests squarely on the shoulders of the websites which allow such awful advertisements such as "pop behind" windows and particularly, ads which cause the web page scroll to constantly keep jumping away from what you are trying to read making the site basically unusable. There is also lately a prevalence of "click bait" ads/links which brings you to malicious/obnoxious websites which popup dialogs trying to stop you from closing the web page or navigate away - they put up big flashing red letters and say things like "We have detected a virus on your computer do not close this window or your passwords will be stolen and your data lost" and when you try to close the page it keeps popping up a dialog making it difficult. Sorry, but, such ads simply can't be tolerated - even this [xda] website sometimes has unpleasant ads, or at least there were times when I really regretted turning off my ad blocker when visiting this site in the past, that is for sure!
I usually use a "custom ROM", I miss exposed very much, but, I suspect there are too many malwares in the xposed repository these days? (I'm not sure of this, just suspicious).
I like to be able to change the color of my status bar clock to green and position it in the center as that is easier for me to use (see it quickly when I want). However, the standard launcher is far too limited in how customizable it is, so I use a combination of Nova Prime (requires root for some features) and Chronos Weather/Clock/Calendar widget which puts a larger clock right in the upper middle of my desktop so I turn off the status bar clock (Nova Prime feature, one that requires root).
Oh, and I like to use a custom "System Font", I'm not sure if we can do that without root? It really makes the phone feel like MY phone and look (and operate) how I want it to.

critofur said:
[...]
I'm disappointed that the built in tethering does an "entitlement" check - AFAIK it's actually illegal (or, at least against contracts the companies signed with the FCC) for the cell phone provider to attempt to control what a user does with their allotted amount of cell data. Yes, the cell provider company can decide how MUCH data you are allowed based on what plan you pay for, but they are not supposed to restrict HOW you use YOUR data. Therefore, I demand unrestricted "tethering" from any smart phone that I use.
There are other apps I like to use that require root access: Root file explorers, Titanium Backup, Smarter WiFi Manager, Greenify/Servicely etc., but most of all, I CANNOT STAND the intrusive obnoxious awful ads which seem to be prevalent these days! A good ad blocker is an absolute must! [...]
[...]
Click to expand...
Click to collapse
Could you explain the entitlement check a little further? Does it mean that with the current Android version and an unrooted/locked G5 plus it is impossible to use the Smartphone Mobile data connection, e.g. on a notebook via wifi tethering? This would be a real argument to root.
Did you try adguard, as ckret suggested? Is there a huge difference between an adblocker with root or an adblocker like adguard without root on the phone? I basically assume that with nougat it is possible to grant apps access to almost anything (except for root) - including to block features other apps use, e.g. advertisements. But I am actually not sure.
Maybe ckret knows more on this aspect, as he seems to know both adblock concepts - the rooted and the unrooted one with adguard?

Comparing DNS66 (local DNS server without root) with adaway (root):
+ You can select blocking per app with DNS66, adaway modifies hosts file which always is valid for all apps and system services
- You can not use another VPN while DNS66 is active
- You need to disable VPN under Nougat while using Download Manager (bug in Nougat, for all VPN services)
Personally I have root, but use DNS66. I don't need adblock when connecting to my computer at home (that's when I need to use another VPN) and am using Marshmallow ATM, but probably would continue using DNS66 when on Nougat. For PlayStore there is a workaround implemented, and if some download fails I'd know I need to disable VPN.
This is why I only said Total Commander copying timestamp is my only real killer app (besides Titanium Backup) which makes me need root. Android O is supposed to change the behavior implementing SDCardFS which shall allow setting timestamp without root.

sky-head said:
Could you explain the entitlement check a little further? Does it mean that with the current Android version and an unrooted/locked G5 plus it is impossible to use the Smartphone Mobile data connection, e.g. on a notebook via wifi tethering? This would be a real argument to root.
Did you try adguard, as ckret suggested? Is there a huge difference between an adblocker with root or an adblocker like adguard without root on the phone? I basically assume that with nougat it is possible to grant apps access to almost anything (except for root) - including to block features other apps use, e.g. advertisements. But I am actually not sure.
Maybe ckret knows more on this aspect, as he seems to know both adblock concepts - the rooted and the unrooted one with adguard?
Click to expand...
Click to collapse
adaway:
adaway replaces the hosts file in your system with a custom hosts file which redirects some requests to 127.0.0.1 which results in ads not being shown
since it is deeplevel change of the hosts file the app requires root to change the file
pro:
* ads are blocked when resources are requested
* it is system-wide and everything is checked on demand
con:
* system slows down with big hosts file as every request must be checked everytime a site/app is opened
* if a wrong request is blocked your app/site might not show/work at all since it is a system-wide check
adguard:
this app has two different ways of blocking ads
vpn: a local vpn server is created on the system and all requests are rerouted through it. works the same way as adaway but without a root access.
pro:
* rootless method
* you can create a bypass for different sites/apps
con:
* you can not use a 2nd vpn connection while the app is active
* it may use a bit more battery as it creates a server but this should be negligible
proxy: this is nearly the same as vpn just you should be able to use a vpn connection
so big pro and con for me is that i do not have to reroute all apps through the adblock check
important apps (banking e.g.) are free to use the connection without being rerouted.

I know it might seem like a stupid question, but how often (and for which reason) do you use/need a(nother) VPN connection?
Does this also mean things like tethering or a WLAN access like eduroam - or is this something different?
I am actually not sure if I ever needed VPN on my smartphone

sky-head said:
I know it might seem like a stupid question, but how often (and for which reason) do you use/need a(nother) VPN connection?
Does this also mean things like tethering or a WLAN access like eduroam - or is this something different?
I am actually not sure if I ever needed VPN on my smartphone
Click to expand...
Click to collapse
you need a vpn connection if you want to access the intranet without being physically there
e.g. intranet of a company to access emails or if you are a student and got some special tool/e.g. which can only be accessed through the university connection
most times you will only use vpn on a notebook or pc but I hardly doubt most people will use it on their phones

ckret said:
you need a vpn connection if you want to access the intranet without being physically there
e.g. intranet of a company to access emails or if you are a student and got some special tool/e.g. which can only be accessed through the university connection
most times you will only use vpn on a notebook or pc but I hardly doubt most people will use it on their phones
Click to expand...
Click to collapse
... exactly what I was thinking about it. I've never been needing a VPN on my phone. On the notebook I need it on a regular basis, thats true.
I should have been asking "I know it might seem like a stupid question, but how often (and for which reason) do you use/need a(nother) VPN connection on your smartphone?", to state my question more precisely.

Using AVM Fritzbox as router makes it possible to use the standard phone via SIP. This only does work when you're in your intranet, directly or via VPN. Also I need to access my documents on my computer, my media library at home, to configure the router and more and therefore I use VPN on a regular basis. Yes, I do these things using the smartphone. But when using VPN, I do not need adblock.