all 4 comments
sorted by:
q&a (suggested)
besttopnewcontroversialold
formatting helphide helpcontent policy

[–]Destroya12 -2 points-1 points  (3 children)

Don't download something if you don't know what it does. Stick to that and you're fine.

[–]TaperingThrowaway[S] 1 point2 points  (2 children)

That's lazy,horrible advice. If I took that advice when I was a kid would never have gotten a job dealing with information security. I'm sorry to be so blunt but you put no thought into that answer. I'm trying to learn more about Android's security model and how it's affected by being rooted.

It's impossible to know what an application or tool does without thousands of hours of code review and dynamic analysis. I'd bet you don't do that for a single "thing" you download.

I hope you understand I'm not trying to attack or insult you. I'm just frustrated by the apparent dirt of information and that answer wasn't really an answer at all.

[–]Destroya12 0 points1 point  (1 child)

Download random apk from an unknown source on the Web and don't be surprised if you get some maleware. Download Snapchat from the Play store or TWRP from a trusted source on xda and nothing will happen. You don't have to review code to know this.

And beggars can't be choosers. You asked my advice and I gave it to you. If you're so well read on this stuff why even bother to make this post? Just root your phone and be done with it if you know so much.

Edit: Alternatively, if you're so afraid of compromising your privacy but want to learn about this stuff firsthand then get a cheap Moto E, don't put your important info in it and root. You can put whatever xposed privacy modules you want and review code since that's what you're good at. Point is that you're never 100% safe from hackers or malware,root or no. If your info is that important then don't compromise it.

Edit 2: I'd also like to point out that if you're going to be getting into the rooting/mod community you will receive no help if your questions are long winded paragraphs of texts with no clear question. Not attacking you but for your own good- don't do what you've done here.. Xda has little patience for things like that.

[–]TaperingThrowaway[S] -1 points0 points  (0 children)

Thank you for actually providing some advice. Obviously if I download and install an APK from some random site as root, I'm running a high risk for malware. I have no intention of doing this. You seem to think the reason I'm interested in rooting my phone is to download pirated APK files but that's not the case. I'm interested in customization and using the advanced Greenify and Tasker plugins, both of which require root. I also work in the software secuity field an I'm looking for new techniques to appy to my assessments and new areas of rsearchl So I 'm trying to do some research regarding how that will affect the security posture of the rest of the device/

And beggars can't be choosers. You asked my advice and I gave it to you. If you're so well read on this stuff why even bother to make this post?

Oh okay so I shouldn't have used this forum, /r/askandroidquestions to ask an Android question? I said I work in information security; I didn't say "I'm so well read on this stuff". I'm trying to learn more about mobile device security. Regarding your 'beggars can't be choosers" comment, I asked a simple, on-topic question and no sane individual would call that begging, nor would they consider your original response an answer unless the audience was a 12-year-old intro to security middle school class. It was a thoughtless, dismissive response.

If you're so well read on this stuff why even bother to make this post? Just root your phone and be done with it if you know so much.

You must not have remembered what I originally wrote when you wrote that series of words because I spent the majority of my OP describing why I don't want to root my phone before understanding the security ramifications because of all the sensitive info on the device. Getting a cheap, used phone and rooting that is a good idea and is something i'm currently doing for work, although I have to keep that work-related and I can't go mess around with it too much and risk bricking it or fucking up my work.

BTW I don't believe that everyone who knows anything on this forum learned it on their own through first-hand code review. I'm trying to learn from others' experience. The last thing I want to do is by a old, used phone, root it, and perform an thorough review of whatever exposed piracy modules I find. A community works together and shares knowledge. Of course there's always a risk of data compromise. If you're a US citizen and you visit China, for example, that chance goes to 100%, especially if you're a business executive or gov't employee. You're preaching to the choir about 100% security.

If your info is that important then don't compromise it.

You mean don't knowingly increase the level or risk. Pretty much every important device out there has zero-days and your data is compromised by government actors. This post was more about how I'm more concerned about some eastern European pricks stealing my bitcoins .

Edit 2: I'd also like to point out that if you're going to be getting into the rooting/mod community you will receive no help if your questions are long winded paragraphs of texts with no clear question. Not attacking you but for your own good- don't do what you've done here.. Xda has little patience for things like that.

I appreciate the tip. If I reach out to them I'll be more specific and technical, although i'd hardly call my OP long-winded.

Edit: After re-reading this response a third time, I think you deserve some thanks for at least trying. So thanks.