[Soulstream]

Rooting of cellphones is good. Just let us know how it goes. (if you ever find out).

Posted via my STL100-2 | Waiting for the mighty Squircle to return

I am not advocating the current Android model , I am advocating for the linux model to be "ported" onto mobile.

[akavbb]

I am not advocating the current Android model , I am advocating for the linux model to be "ported" onto mobile.

I disagree but I respect your opinion.


Posted via my STL100-2 | Waiting for the mighty Squircle to return

[Bishkin]

I know enough to get by, plus my job gives me an opportunity to work with folks who specialize in mobile security.

I also get "pure" devices directly from OEMs to mess around with and such.

I feel fairly comfortable using a rooted device, and consider the ability to do so an anchor feature.

It's not for everyone, obviously. I do believe everyone needs to find their own security comfort level, so to speak.

As per my encounter with posts in this forum, rooting an Android phone was to make it less secured, same goes for jail breaking where the intent is to harp on the overrated and hyped security of Blackberry. The assumption was that the user root his phone in order to make it less secure, as if that makes any sense.

However in my case, I rooted a few Androids where the main purpose was to secure them. I can control what goes in and out of the phone more than Android is capable off. I would not use an Android if it cannot be rooted. As to how I do it, I will not go into it because it is off topic and the least of my concerns.

And as to third party controlling a rooted phone, that is just selling snake oil. If the user do not trust his firewall and anti-virus on his desktop, would he feel more secure if he disabled them altogether.

This is 2015 and consumers have already dispense with the Blackberry security nonsense.

[Richard Buckley]

The security issue with rooting or jail breaking a phone isn't necessarily that it has been done, but that it can be done. Unless the phone comes with the ability for the user to access root, as some of the Nexus models do, the rooting method has to have a vulnerability to exploit to get root. The fact that the vulnerability exists can sometimes be used to build an exploit into maleware that roots the phone for its own purposes unknown to the user. This is similar to the principle that if a locksmith can pick your lock, so can any number of criminals. Some locks are way more difficult to pick than others. Some phone OSs are way more difficult to root than others. Android seems to be the easiest.



Z10STL100-3/10.3.2.2252 SR 10.3.2.2168

[Soulstream]

I disagree but I respect your opinion.


Posted via my STL100-2 | Waiting for the mighty Squircle to return

I would like you hear your opinion why such a model (root access behind a password) that works for all OSs on PC would not work on mobile? Or you advocate a non-root model on PC as well?

[quimbydogg]

Rooted devices become untrustworthy. There is a reason they don't come with root access (and no root password) by default.

As soon as you root your device you are opening an entire slew of potential vulnerabilities that would not exist without it. Before if you ran a malicious app that required root access to make huge system changes - it would be impossible. Once rooted you only need to run the app - and we all know people love running apps without reading permissions or thinking about it ahead of time. No, that flash light app doesn't need to read your contact list.

If you decide to root to install a custom firmware then you are placing trust in a random team of coders working out of their basement more than a reputable manufacturer. Maybe you can trust them more - but for a phone that will handle tons of personal/sensitive issues you would think there would be a stronger thought process between rooting or not.

Just because you CAN do something doesn't mean you SHOULD. It's all going to vary person to person but general security like that is a core reason many use a BlackBerry. If phones were able to be rooted it would be a massive security vulnerability.

Posted via CB10

[extisis]

Secure enough for BlackBerry to adopt.

I guess it's a "secure enough" works we live in.

the adopting part is still suspect. i think miscarriage would be a better term.

[Bishkin]

Just because you CAN do something doesn't mean you SHOULD. It's all going to vary person to person but general security like that is a core reason many use a BlackBerry. If phones were able to be rooted it would be a massive security vulnerability.

You miss out a word, it should be NOT many.

And phones are rooted without massive security vulnerability.

[Soulstream]

Just because you CAN do something doesn't mean you SHOULD. It's all going to vary person to person but general security like that is a core reason many use a BlackBerry. If phones were able to be rooted it would be a massive security vulnerability.

Posted via CB10

But by the same logic all PCs are vulnerable. And nobody changed the way desktop OSs behave regarding root access for 20 years now. ANd guess what, everybody still used PCs.

[quimbydogg]

My point is merely that rooting a device should actually be a well thought out decision by someone who understands the implications.

In reality most teenagers get a phone and instantly install custom firmware and run any app the can regardless of where it came fromm.

Different strokes for different folks.

As mentioned earlier in the thread - rooting could actually increase security if you use the right tools/knowledge.

Posted via CB10

[Richard Buckley]

But by the same logic all PCs are vulnerable. And nobody changed the way desktop OSs behave regarding root access for 20 years now. ANd guess what, everybody still used PCs.

And millions of them are in bot nets sending spam, participating in DDoS attacks, holding user data for ransom or leaking customer data. But nobody cares enough to do anything about that either.

Z10STL100-3/10.3.2.2252 SR 10.3.2.2168

[BCITMike]

But by the same logic all PCs are vulnerable. And nobody changed the way desktop OSs behave regarding root access for 20 years now. ANd guess what, everybody still used PCs.

Yes, they do.

Some don't set root password, some don't allow root login, etc. The default use of root is different on every major distro.

All the experienced admins advocate doing everything as regular user and only root as needed. So I'm not clear on your idea of root use in linux.

Basically, you limit stuff to limited users so that if one of those services or users are compromised, the damage that can be done is limited.

It's also meant to prevent you from doing accidental bad stuff (ie, typos, not understanding what you're doing, etc). Windows has a recycle bin. Most people new to linux learn this the hard way.

Posted via CB10

[Soulstream]

Yes, they do.

Some don't set root password, some don't allow root login, etc. The default use of root is different on every major distro.

All the experienced admins advocate doing everything as regular user and only root as needed. So I'm not clear on your idea of root use in linux.

Basically, you limit stuff to limited users so that if one of those services or users are compromised, the damage that can be done is limited.

It's also meant to prevent you from doing accidental bad stuff (ie, typos, not understanding what you're doing, etc). Windows has a recycle bin. Most people new to linux learn this the hard way.

Posted via CB10

That's exactly what I am advocating for mobile. Use normal priviliges for most tasks, but allow root access when needed (of course to gain root access you will need a password). I don't really like the Android way (all or nothing) or the BB way (root is "evil" and we will not allow it).

[BCITMike]

And millions of them are in bot nets sending spam, participating in DDoS attacks, holding user data for ransom or leaking customer data. But nobody cares enough to do anything about that either.

Z10STL100-3/10.3.2.2252 SR 10.3.2.2168

We had to run JBoss as root a few years ago. An exploit in JBoss lead to pwning the server.

Aholes leveraged Google search to scan the internet, find servers with this exploit, and email the Aholes with the server address. This was trivial and very fruitful and scaled like a mofo.

Mobile devices have crap like this to deal with.

Posted via CB10

[ZeroBarrier]

But by the same logic all PCs are vulnerable. And nobody changed the way desktop OSs behave regarding root access for 20 years now. ANd guess what, everybody still used PCs.

Where have you been this entire time?

What do you think User Account Control is in Windows nowadays? It's Microsoft trying to change the way desktop OS behaves in regards to regular user accounts and administrator accounts.



Posted via CB10

[kgbbz10]

Rooting your phone opens your phone up to the outside world. You are giving complete control of your open phone to a third party coampany that you don't know. Who are they? Are they owned by a bigger Corporation (most of the time they are and you'd never even know it)? Do they data mine your phone? Do they save everything in their servers? Are they spying on you? Do they keep your dirty naked pictures? Do they share information with the NSA or other ABC group either openly or by accident? Do you honestly know anything about the company that made your third party hack app that you allowed 100% complete and utter control of your phone to? Do ya, did you really research them at all? These are questions nobody bothers to think about. Considering 70% of the world is still in ignorant bliss to the out right corruption by global Corporations and Government agencies I wouldn't be far off thinking nobody cares or thinks about it.

BBClassic10.3.2.2639

[6stringriffs]

Here's my theory on why you can't take (complete) root control of a phone the way you could in PC's from the old days (i.e., rwx|r--|r--):

The communication protocol(s) is controlled by the phone companies. A smart programmer can embed their own communication protocol and bypass the carrier's billing and data counting algorithms. The telephone and data receiving/transmitting is just software. Hardware is already on the phone itself obviously. Essentially an alternative SW program can just piggy back on the carrier towers & equipment and use it without being billed. When you think about it, the telephony is the only thing that's significantly different between a smartphone vs. a PC/Mac.

[Tre Lawrence]

As long as there's a method to root, and I feel comfortable with the options thereafter, I will take that option.

It really isn't scary.

Specifically with Android, I don't feel like I need to anymore, but I still do as a matter of preference.

[ZeroBarrier]

Rooting your phone opens your phone up to the outside world. You are giving complete control of your open phone to a third party coampany that you don't know. Who are they? Are they owned by a bigger Corporation (most of the time they are and you'd never even know it)? Do they data mine your phone? Do they save everything in their servers? Are they spying on you? Do they keep your dirty naked pictures? Do they share information with the NSA or other ABC group either openly or by accident? Do you honestly know anything about the company that made your third party hack app that you allowed 100% complete and utter control of your phone to? Do ya, did you really research them at all? These are questions nobody bothers to think about. Considering 70% of the world is still in ignorant bliss to the out right corruption by global Corporations and Government agencies I wouldn't be far off thinking nobody cares or thinks about it.

BBClassic10.3.2.2639

Wrong, wrong, wrong; so very wrong. The super user app and the root binaries are open source. Anyone can take a look at the source code and see exactly what it does (on Android at least).

Posted via CB10

[Tre Lawrence]

Wrong, wrong, wrong; so very wrong. The super user app and the root binaries are open source. Anyone can take a look at the source code and see exactly what it does (on Android at least).

Posted via CB10

And trust, it gets scrutinized. A lot.

[kgbbz10]

The guy who made the app is in the USAF. Seems like a nice enough guy, pretty nerdy. But he's in the USAF... that gets my conspiracy senses tingling.

BBClassic10.3.2.2639

[anon(8063781)]

Here's my theory on why you can't take (complete) root control of a phone the way you could in PC's from the old days (i.e., rwx|r--|r--):

The communication protocol(s) is controlled by the phone companies. A smart programmer can embed their own communication protocol and bypass the carrier's billing and data counting algorithms. The telephone and data receiving/transmitting is just software. Hardware is already on the phone itself obviously. Essentially an alternative SW program can just piggy back on the carrier towers & equipment and use it without being billed. When you think about it, the telephony is the only thing that's significantly different between a smartphone vs. a PC/Mac.

It's a good theory, but I think it may be incorrect. The reason that I think that is because of LuneOS. It's completely open source (built from HP Open webOS). And here's the kicker: they have access to all of the source code, they have SMS working already, and one of the devs is working on getting voice working now. I guess what I'm saying is that the software on the handset that connects you to voice, sms, etc., can't be a secret that has to be under the control of the phone companies AND be open source for everyone to see and modify. An open source developer would be just as dangerous as any other hacker with root access, and probably moreso.

[Bluenoser63]

That's exactly what I am advocating for mobile. Use normal priviliges for most tasks, but allow root access when needed (of course to gain root access you will need a password). I don't really like the Android way (all or nothing) or the BB way (root is "evil" and we will not allow it).

You totally missed that because of the ability to admin or root a PC, there are many PC's out there doing damage and having virus. When root is enabled, things don't happen in a good way.

[Bluenoser63]

As long as there's a method to root, and I feel comfortable with the options thereafter, I will take that option.

It really isn't scary.

Specifically with Android, I don't feel like I need to anymore, but I still do as a matter of preference.

My experience is that unless you are an IT administrator with training, people who think that they know how to do low level things like rooting, usually are the ones who mess things up.

[Uzi]

https://www.reddit.com/r/blackberry/...ng_qnx_kernel/

I'm not expert with this things, if BlackBerry android really running this can it be root?