Hi all
I am currently in the planning stages of developing a root security system for Android.
As everyone knows, there are security implications to rooting your phone etc. Untill now, I have used the normal means of controlling this (lock security, disabling ADB, Superuser.apk whitelist), but this is of limitted help if someone physically gets hold of your phone (while unlocked or ADB enabled).
There are a few things I would like to implement, and would like to gather some feedback on whether;
a) It will be of use to anyone but me, and
b) If anyone has any input as to the feasability (or has done any such work in the past)?
There are 3 areas I would like to lock down, somehow. It will not perfect the security, but will go a long way toward improving the overall security on rooted devices. I have not done much reasearch as yet, so some of this may be impossible. These are:
1) CWM recovery: Currently, CWM (and other recovery/pre-android resources) can be used to bypass almost anything you put in place to secure your phone. I would like to implement a password/passcode on CWM to lock out unauthorised changes. My personal preference would be to store this in /data somewhere it would be removed on wipe, and leave the option to wipe without passcode (so you don't end up with a brick if you forget the password), but lock out all security-sensitive operations like flashing. That way, someone could get to recovery, but would have to wipe data to be able to do anything usefull without authorisation.
2) ADB: Currently, even if your phone is locked you can get access to everything through ADB. The only way I currently see to do anything about this is to disable ADB when you are not using it, but this is irritating when you use it as much as I do. What I would like to do instead is either force a popup from Superuser.apk to grant root every time you connect, or implement a password which must be entered on connection. Both could be problematic, but I think forcing a confirmation (or even a check if the dev is unlocked) would be most useable, but my knowledge is limitted here. It may be that neither method is practical and disabling ADB is the only practical solution.
3) Superuser.apk: Everyone knows they should have security set up on their phones and not leave it lying around unlocked, but some don't like the hassle and most will occasionally forget to lock it. I would therefore like to implement securoty on Superuser.apk to stop (at least) new apps from aquiring root. This is the least important IMHO, but would be a further step towards improving security.
So, what does everyone think?
Questions or Problems Should Not Be Posted in the Development Forum
Please Post in the Correct Forums & Read the Forum Rules
Moving to Q&A
lufc said:
Questions or Problems Should Not Be Posted in the Development Forum
Click to expand...
Click to collapse
Sorry. I posted in Dev because this is the beginning stages of some development I plan to do, but fair enough.
I can only really answer the first question... I would be interested in something like this. I've actually taken an interest in mobile security recently, but I've constrained myself to existing products like avast and PDroid to give me some extra protection. When it comes to hardening these other components... I don't know enough about stuff at that level. But I would dig it.
Things like avast handle some things, like disabling debug if you remotely lock it. But it wouldn't solve things like securing CWM if the person simply reboots into recovery.
How do you disable ADB now?
please, do it!
drmouse81
As a poor ex-owner of a lost Samsung Galaxy Ace, I would love to have a password protected CWM recovery ... this would have propably saved my device (an have back my loved photos!)
My device was operator-locked, SIM was pin protected, screen was locked by pattern ... I rang to my lost mobile, taxi driver answered ... spoke with him ... asked him to return my phone I was offering rewarding. He laughted a lot!
Yes, there are apps to locate your terminal, ring loud, etc. But none solves the basic problem of someone that wipes the phone, puts a new bootloader, etc.
Most people do not knkow that IMEI blocking only works in home country of the SIM operator.
On the other hand, there were a lot of past discussions on this topic, but many people seem not to see this as feasible.
If you find a way to solve this, I am sure you will do a lot of money with companies, who are looking for a real solution to information loss on mobile devices.
Requirements: phone should be not functional. thieves would be able to use them only for spares ...
a) require password to make changes to bootloader / wipe (that is, recovery is also blocked)
b) encryption of user data (even in SD)
c) allow to swipe a new SIM, provide pin of the SIM, then block the phone but send SMS with new number and location. Show on screen customizable message (such as -- this phone is property of xxx and has been lost/stolen -- please contact owner at xxx or hand it to police --- )
Is this possible? Why previous discussions shut off this topics?
Best luck - would love to be guinea pig for this ...
CTone.
---------- Post added at 01:00 AM ---------- Previous post was at 12:39 AM ----------
www dot cyanogenmod dot com slash blog slash security-and-you
Hi
I stopped posting here for a couple of reasons, the main one being I have been too busy. I'm still planning to take this on, but it may be a while.
The other problem is that, although it will help, it will not secure the device completely. There will always be ways around it. Manufacturer supplied tools will still bypass it.
As for your phone, did you contact the police? Knowing the taxi driver answered, they should have been able to get it back, or at least prosecute they b#####d!
Sent from my MB860 using xda premium
You actually have a really valid and practical idea...
Have nothing to contribute here, just want to encourage you...
:thumbup:
If personal life does permit you, please do consider working on this
Typed using a small touchscreen
Related
Hi there. I just got my first smartphone a couple weeks ago and I'm loving it. Samsung Galaxy SII i777 with gingerbread. I was talking with my friend today and he told me about this site and how amazing it is so I decided to check it out! However I'm incredibly lost. I see all the posts about how to root your phone and everything that says HOW TO, but I couldn't find any "WHAT IS" threads (surprisingly not in the stickies).
So could someone do a noob a favor and explain what all these different things are? Like rooting, kernel, etc. I dont plan on using anything other than the default gingerbread/ICS any time soon, but my friend told me there are tons of good benefits behind the scenes from kernels, namely getting double the battery life I'm getting now, so I definitely want to start looking into all that -- I just need to get a foundation on what's what.
Thanks in advance for the help
Read the design section from this wikipedia article about the Android operating system for an explanation of of what the kernel is
http://en.m.wikipedia.org/wiki/Android_(operating_system)#section_2
Here is an explanation of rooting and Android phone
http://en.m.wikipedia.org/wiki/Rooting_(Android_OS)
For basic definitions of terms like this google and wikipedia are great resources, as well as the stickies posted in these forums.
Now once your learn some about this things after looking and reading you will then be able to ask more specific questions which people here are very helpful with.
However general basic questions about terms and definitions like this post will sometimes generate some not so friendly responses here.
Sent from my SGH-I777 using XDA Premium HD app
http://forum.xda-developers.com/showthread.php?t=1511999
I looked through the sticky before posting, and the wikipedia links don't answer my question. I just want to know what exactly a kernel is, the different benefits of rooting your phone, etc. Any BASIC (not overly detailed) stuff people should known when first starting to do this stuff
The FAQ had "what is rooting?" and that was it..
http://www.reddit.com/r/Android/comments/distm/allwhy_should_i_root_here_is_why/
http://www.reddit.com/r/Android/comments/dctbb/okay_so_you_rooted_this_is_what/
Will add more as I find them.
ScelestusAnimus said:
I looked through the sticky before posting, and the wikipedia links don't answer my question. I just want to know what exactly a kernel is, the different benefits of rooting your phone, etc. Any BASIC (not overly detailed) stuff people should known when first starting to do this stuff
The FAQ had "what is rooting?" and that was it..
Click to expand...
Click to collapse
The BASIC stuff you should know when starting "to do this stuff" is don't skip the details they are important and they will help keep you from making big mistakes.
The main reason/benefit that drives most average people to root their phones is to get direct access control over the /system partition and the applications installed there - to have more control over the "system apps". This allows them to debloat their device and to directly back up system apps (i.e. Titanium Backup).
Though there is allot more available to them and many different things that different people do with root. Once you have root access as the term root suggests, root gives you access to the very root partition "/" and everything below it (this means that root privileges gives you access to everything on your phone). It allows you access to troubleshooting, tweaking and theming that you would not otherwise be able to do.
Just remember the saying "with great knowledge comes great responsibly". Because once you have root access, you can then give applications that same root access - and that will allow that app free run through everything on your phone, as well as any and all accounts you have sync'd to your phone. So be careful to be stingy with what apps you allow root privileges, because if you allow a rogue or pirate app such control it could do quite allot of damage and steal quite allot from you before you ever know what happened.
As to exactly what the kernel is (summarizing part of the Wikipedia article says because it does tell you exactly what the kernel is) - the android kernel is the core of the android operating system (just like the Linux kernel is the core of the Linux OS as the android kernel is built directly from the Linux kernel). The kernel is the part of the OS that allows the user input and application inputs to interface with the hardware - it is the drivers and communication translation between the user controls/applications and the hardware it operates on.
Well, I’m sure that it isn’t a secret for anyone, CM7 has been and still is my favorite rom for my Defy(s). I’ve been using it since the day Quarx’s brought IP Tables support to it – hence allowing me to use Droidwall as an Android firewall. I could then selectively allow/deny internet access to any installed app [having internet access permission that is…]. This is a first and important security step, but like anything, this has limitations; apps that do ‘really’ need internet access are then free to send (and receive) whatever their Android permissions allow them to get a hand on. For that, CM7 has a neet feature called ‘permissions management’ that allows you to control each app’s permissions individually. This option works fine BUT the problem is that the apps that you control that way often lose functionalities, stop working altogether or even throw you an error message telling you that the app’s permissions have been altered and that you will not be able to use it unless you reset them.
So how to solve this potentially very critical security flaw without losing apps functionality? ==> PDroid.
Thanks to xda user measel, I’ve just recently discovered this wonderful piece of software and I don’t think that my Defy will ever live without it from now on. The app itself is not really a new one and I’ve decided to create this thread to spread to word around and in the hope that it will be helpful to other Defy owners conscious about their data privacy.
WHAT IT DOES:
• More than just blocking apps Android permissions, it lets you control each individual app’s access to private information (user + system);
• It allows you to block and, in some cases, let you either use random or custom private data;
• It will also (if desired) warn you on any root or privacy info access, all that with an easy to figure out and use user interface [see pics];
• And best of all, applications will not crash when their access to private data is blocked unlike with Permission Denied (using LBE Privacy or alike or with CM7).
Disclaimer: I’m only the messenger and I take no credit or responsibility for anything that you’ll do with your phone from here on.
HOW TO:
Original thread by the dev [go have a read and give your thanks to svyat]
Pre-requisites:
- Make sure that you did not use Titanium Backup to integrate sys Dalvik into the rom [if you don’t know what that means, chances are that you didn’t; ignore it];
- a PC running Windows;
- a CM7-jordan/Jordan-plus build;
- PDroid patcher v1.31 (v1.27 also work but the latest version (v1.32) from the link above doesn’t work for the Defy. So I’m attaching v1.31 here which I’ve found with a little digging through that thread;
- the PDroid.apk itself [Market link] or [Dropbox link from the dev];
=> If you don’t have access to a PC running Windows or just don’t want to go through the trouble of patching process described below, you can head over to measel’s CM7 nightlys | info collection thread and locate the build you are using; he was kind enough to provide us with patches for most of recent Jordan builds. So go and grab your applicable patches and give thanks to him.
=> If you’re running CM9 or CM10, this patcher will not work for you, but there are alternatives - namely: the ‘auto-patcher’ or even the PDroid v2 [I’ll give links to those later]. Just go read the last few pages of the original thread, there are quite a few mentions/redirections to those over there. [please don’t ask me about questions about those as I did not try them just yet]
Note: PDroid is an ongoing but currently ‘on hold’ project [because, like someone said before: devs sometimes have a life outside Android...] which works perfectly fine as it is if you follow the next few steps below.
Zero off: Make a nandroid backup of your current phone setup.
First off: Create the patch for your rom:
To work, PDroid first needs you to mod 3 framework files and push them onto your phone. To do so, all you need to do is to execute the PDroidPatcher.exe. file [extract it from the zip attached] and point it to the CM7 build you are using. Let it do its thing and it will create a CWM recovery flashable zip and an undo (RESTORE) one.
Second: Flash the patch:
Just boot into recovery, wipe cache and dalvik and install the patch and boot up.
Third: Install the apk
That’s it!, you’re now ready to go your list of installed apps and start controlling your privacy accesses.
Warning: again, go read the original thread for a how to on how to backup your PDroid settings and/or use TB to do so.
HOW TO USE:
Well, it’s all pretty obvious and with a bit of common sense, you will easily figure out how and what to set up. By default, nothing is blocked and apps are free to access data. So you’ll have to go through your list of installed apps and set up each individual data access and then try them out. For example, logic would tell us not to block the ‘GPS/Network Location’ data to maps related apps nor block ‘Accounts credentials’ to apps dealing with user IDs and passwords like Email or social apps.
I can’t give you detailed instructions here (it’s not the point of this thread anyway), but if like me you already use Droidwall, you can first leave alone all the apps that you’ve black listed for internet access [pic 2] since they won’t do anything with your private data if they can’t send it back home… There is also an option within the app to ‘hide all the safe apps’ [which do not have an internet permission]; check it to reduce the size of your list of apps to configure.
From experience, I’d also suggest you to keep an eye on the apps requiring a password to run since blocking Device or Subscriber ID might mean that you’ll have to always enter passwords each time you run the app that would otherwise be remembered by those apps. As a rule of thumb, I pretty much choose the ‘use random’ option whenever it is available (just to minimize problems with the app on blocking completely – I’m not even sure this is a valid argument here…) or block everything else when it’s not and finally, I leave ‘Network Info’ allowed since it basically only lets apps know if you connected to internet or not [who cares if they get your wifi’s SSID or not…].
But again, you’ll have to fine tune the whole thing for each and every app and run them to check for full functionalities – but at least they won’t crash on you… Finally, you can pinpoint potential problems/solutions by turning off the general PDroid notifications option and by turning on a specific app’s ones [pic 3].
Happy privacy enhancement!
/AL
As usual!
Quality guides from lovely []AL[]
I don't want a tapatalk sig!
nogoodusername said:
As usual!
Quality guides for lovely []AL[]
Why not move to Android Apps forums?
I don't want a tapatalk sig!
Click to expand...
Click to collapse
"lovely AL" wow! you surely are the first person to tell me anything like this here on xda.
..not sure if I should be flattered or run away by homophobia - hehehe! :laugh:
Well, I didn't mean to make it a guide when I started writing it, but like always I had things
to say and the post got longer and longer.. so I guess that we can call it a sort of guide...
But I truly like the app and believe that along with Droidwall, that should be installed on every phone.
In fact, Google should look at this and incorporate something similar into Android.
OK, I'll go reply to your PM now... cheers!
Edit for your question: because like I wrote in the OP, I'm just the messenger and not the dev of the app.
The app also works mostly for on phones running CM7 and even not all the phones support it either.
So I wouldn't publish this widely without at least asking permission to the dev. But here for Defy owners fellows,
I know it works fine and again, I think that it is pretty much an essential app to have.
9 downloads/1 thank;
Leeches, I see leeches everywhere!
Shhhiiiiii- You got me excited! I thought I'd find a patch for the Quarx rom! So far auto-patcher can't patch Quarx's CM10 roms. Nor do I understand why that's so but that's why I'm not a dev.
Excellent app
Arch Linux User ..
KicknGuitar said:
Shhhiiiiii- You got me excited! I thought I'd find a patch for the Quarx rom! So far auto-patcher can't patch Quarx's CM10 roms. Nor do I understand why that's so but that's why I'm not a dev.
Click to expand...
Click to collapse
Well... sorry to hear that; I had no clue that it doesn't work with Quarx CM10. It seems to work for some other JB builds/phones... But like I wrote on the OP, I haven't tried any of this on CM9/JB yet. So again, too bad that this thing is a no go for now. I hear that Quarx is very busy outside Android's world as of lately so it might not be a good time to ask him about this - might also be low on his priority...but who knows, someone might read this and find an answer for you.
ps: quite an avatar you got there :silly:
an thanks for the link to the auto-patcher thread; it might be useful to others and it'll save me the search when I update the OP with it and your comment eventually...
juan296 said:
Excellent app
Click to expand...
Click to collapse
Well thanks but again, just I'm just a messenger here and not the dev... :highfive:
Actually, I use DroidWall , so.. can uninstall this app? And right now, JUST USE pdroid! Right?
Arch Linux User ..
juan296 said:
Actually, I use DroidWall , so.. can uninstall this app? And right now, JUST USE pdroid! Right?
Click to expand...
Click to collapse
I still use both...they are quite different apps and don't do the same at all. Droidwall is a firewall that let you control if an app has access to internet or not; PDroid controls what private information each app can access.
Like I wrote on the OP, any app that is blocked by Droidwall doesn't need a PDroid setup, but apps that need internet connection could be free to get private information from your phone if you don't use PDroid...
Basically, PDroid has no way of blocking all internet access; it only blocks apps from reading private info (or scrambles it by returning info like random network location or sim ID#...)
I want to disable the E911 on my phone. People if you dont agree keep it to yourself. I want to disable it. It should not matter why I want to especially not on site designed for people customizing the hell out of their phone. If you think I am paranoid I think your a sheep.
Can anyone actually provide some beneficial help towards my goal.
Maybe being a little more nice will get you your answer. You get more flies with sugar than vinegar.
Sent from my SCH-I500 using xda premium
Do you want to just disable E911 or disable all phone functionality? I haven't seen any way to just disable E911 on any mobile device. By default, every manufacturer puts stuff in that lets 911 locate your phone, and there is no way to disable it in software or hardware without basically stripping the software of its phone functions.
If you are still interested, and want software that strips this phone of all phone services and apps (including E911) try the GeeWiz Media ROM
As a Communications supervisor in a 911 center, I can tell you firsthand that disabling e911 won't prevent us from locating you. I've disabled e911 on several android phones that I've owned over the years and it still reports your Phase II Lat/Long
Sippi4x4man said:
As a Communications supervisor in a 911 center, I can tell you firsthand that disabling e911 won't prevent us from locating you. I've disabled e911 on several android phones that I've owned over the years and it still reports your Phase II Lat/Long
Click to expand...
Click to collapse
lol sippi, idk about the OP's reason for this, but ive personally seen people i know last week disable e911 on their phones (through ways like the Geewiz media rom+software mods) to do a drug dealing of all things, little did they know what u said was true and they were tracked not only by 911, but also by the stupidity of leaving my app (SMS Tasks) on their phones, leaving the person who ratted them out (not me but they did know their pass phrase), gave their phone to the local authorites and gave them the command [email protected]****** and with the version my app had on it (unofficial build), it located them with google-maps link that was clicked and gave a perfect track (because the people had gps on of all things), thus leading to the arrest (i personnaly felt good about it cause if i didnt make that app (SMS Tasks) they would be on the loose for a little bit longer causing who knows what cause the police officer said that they were having trouble tracking them with the e911 system for a "unknown error reported" as they told him so idk if it was a glitch with the tracking in my area's e911 or they acually disabled whatever it is that makes them track you (please dont reply with what it was just to be safe), but my app acually lead to an arrest =) so by what i saw i think there might be some workaround, or just a glitch, im not encouraging it one bit, but i know personally that there was at least one person capible of doing it (again unless it was a glitch in their system) =S
I'd also be curious to learn to disable this. I, unlike the previous poster, wouldn't pride myself on incarcerating someone for a business transaction and otherwise victimless crime.
If anything, the post above highlights exactly why you should not install apps which ask for unnecessary permissions, because some nanny state developer just might invade your privacy and track your movements instead of focus on the purpose of the app.
Domush said:
I'd also be curious to learn to disable this. I, unlike the previous poster, wouldn't pride myself on incarcerating someone for a business transaction and otherwise victimless crime.
If anything, the post above highlights exactly why you should not install apps which ask for unnecessary permissions, because some nanny state developer just might invade your privacy and track your movements instead of focus on the purpose of the app.
Click to expand...
Click to collapse
its acually a function of the app, not invasion of privacy, my app is open-sourced on my gitbub as-is for the app's released versions, thats locate command is one of the listed features on the thread, i update the github more then the thread but all the commands are safe, it was just some clever ideas for them to use my app to solve a criminal case thats all, as for the "business transaction and otherwise victimless crime" heroin and drug dealing is highly illegal in this area where it took place at, and the now ex-girlfriend of the guy was a victim from it because before he got out to buy it he beat her black and blue... >=( theres nothing funny about drug dealing making it a "victimless crime" as its a nuicence in our society no matter how many "benefits" people say it has, as for my app its clearly states in the thread for you to keep your pass phrase a secret, as he didnt, and all the commands+usage are all on there and clear warnings for the potentially dangerous commands, but the version he had on his phone was a newer beta test version that uses google-maps links instead of general GEOLocation area. all that was done was completely legal, and not abuse of my app or permissions as it still gives people to where it tells who sent the message in the tracking menu (by phone number) since its a new feature in my beta tester version so it did give full telling who it came from. but ive already been given warnings by the police from an earlier situation with the same people on the same kind of activity about regulations on tracking without consent, so i had to add that prompt to show who initiated the tracking, and am working on a button that will stop it remotely. so until i can comply with the regulations, while keeping it stable, i havent been able to update the app with them untill i get the new tracking system with prompts stable, but to do all that with the new systems i have in the app it needs to be installed in CWM recovery cause the system-app Reboot permissions, and better GPS/wifi Toggling
sorry if it seems like im ranting, im truly not, but that situation was really personally to me and i felt like what i did was the right thing, not a "abuse of permissions app", or to "incarcerating someone for a business transaction and otherwise victimless crime.", as it was more for the fact that he beat her and then he want to do an illegal activity
Wow, Im sorry for the long delay. I had switched phones and forgot all about this thread. I appreciate ALL who provided input. I still dont like the idea of it, but it doesnt bother me as much.
Not sure how far back...
Preexisting rom file from pre-e911 might work
Ok so this is a question for lets say hardcore developers, lately Ive taken an interest in android security after the Snowden revelations, (not that any of us have anything to hide), but mainly due to the simple principle of privacy in the digital age... anyhow in my research ive found various ways and sites that can help harden ones security on android , and there are also tools that have been developed to purposely get around these same security precautions on android. My question is to various developers that design security related apps, those who design custom recoveries (TWRP, CM, etc), and even those that work on fastboot (Google).
1) I know there are plenty of apps that are made for security, but are developers sure they are cleaning up (read "wiping ram, on say an app FC, a reboot, or upon receiving a fastboot request from a host")? In the age of NSA and everyone else wanting all in your business, are developers making sure that keys, and other secure info is destroyed, and not still in memory or God forbid in some file on the SD card?
2) Is there any way to make/modify the bootloader so that before you could even get to the bootloader menu (ie. fastboot/recovery/boot/etc..) the bootloader either nukes the entire RAM or fills it with random data? Granted there are always ways to get to ones data, but i was just wondering if there was consideration for the lifespan of said 'security' once one is done with some secure app are the keys tossed(?) ram cleared before deallocation, etc?
3) And... in the interim is there a way users can auto clear/wipe deallocated RAM and SD/internal storage space (as well as within the system area on rooted devices) every so often using something like the Tasker app, remote wipe or something similar?
@steve_77 RAM (at least the RAM we have in phones at the moment) is volatile, meaning it only retains data when powered, therefore there's no need to go to any lengths to wipe it. A reboot will do that. Besides, if any data is being loaded into memory at all in the first place, the NSA probably already have it . Just kidding of course, if you have measure in place already like encryption; I don't think it's possible to retrieve data from memory like that anyway, but I'm no expert.
I understand that the measures mentioned are extreme, but there is already a way to break encryption via reading the keys out of the RAM as outlined in the link provided in the previous post from a German university that was able to do it.
I'm sure this is also not the only type of tools designed to hack into peoples phones and bypass encryption, but if exiting an app does not erase/wipe the RAM allocated to that app, all that data is up for grabs. Sure in this particular case someone would have to physically have your phone, but what if there were some new way, say in the future that could use some sort of exploit to access your data, and what can be done now to mitigate this potential pitfall and make our phones more secure?
Is there a phone/android version that allows someone whos not an Android expert to actually have control over what their phones doing? Or is it just not possible nowadays for a regular person to fully control the info their phone sends?
Sorry if this sounds cynical, it really is a genuine question.
Thank you.
Hi Steve, it sounds like what you need is a rooted phone. Forgive me if you're already familiar with the term, but rooting basically gives you administrator rights over just about everything on your phone, with only a few exceptions depending on which Android version the phone is running. This allows you to do stuff like revoke permissions for apps, block ads, and change how Android looks and behaves.
Do you have a phone in mind already? If not, what's your budget?
questions should be posted in q/a Thread moved please review the rules ( located below)
rhythm_dx said:
Hi Steve, it sounds like what you need is a rooted phone. Forgive me if you're already familiar with the term, but rooting basically gives you administrator rights over just about everything on your phone, with only a few exceptions depending on which Android version the phone is running. This allows you to do stuff like revoke permissions for apps, block ads, and change how Android looks and behaves.
Do you have a phone in mind already? If not, what's your budget?
Click to expand...
Click to collapse
Thank you for your help. I had a rooted phone, but a friend did it for me. Now I have a S8 active on Pie and from my research the bootloader I have (V5) is not rootable. I'm definitely not well versed in Android though and could be wrong. That's why I was wondering if there was a device that offered full control without the need and rick of rooting. If there's not, could you suggest one that is perhaps the simplest and least risky to root? I don't need top of the line, I don't game or anything and would be fine with getting something used. thanks again!
Luckily, there is a way in stock Android to control permissions! I forgot about it when I was typing my previous response. Here's an overview: https://www.howtogeek.com/355257/can-you-control-specific-permissions-on-android/ Hope that does what you're looking for.
If you want to do more with a rooted phone like block ads, there are some that are easily rootable, like the Google Pixel series. Here are a few options: https://www.androidcentral.com/best-phone-rooting-and-modding I liked the Pixel 2XL I used through my previous job, and I've heard good things about the other Pixels, for what that's worth. I haven't tried the other phones in that link, but the OnePlus phones have an excellent reputation.
There are many other phones that have varying degrees of difficulty for rooting, but I'm not aware of any relatively recent ones not on that list that I'd consider easy to root. I've found that the best approach to finding a new phone is going to GSM Arena's Phone Finder to put on my criteria, then coming back to XDA and searching through the forums to find out whether my prospective phone of choice has root yet. As you've discovered with your S8, some phones just never get there, which is pretty frustrating.
I hope that helps! Holler if you have any other questions.
Well, that's my main issue, you can only control certain permissions there. When I click "all permissions" I can see them all, but not turn them off. It's just a bummer that one has to go thru all this rigmarole to control a device they supposedly own. I was hoping maybe someone made a device that you could control stock, but I guess that was wishful thinking. Thanks again.
SteveJustSteve said:
Is there a phone/android version that allows someone whos not an Android expert to actually have control over what their phones doing? Or is it just not possible nowadays for a regular person to fully control the info their phone sends?
Sorry if this sounds cynical, it really is a genuine question.
Thank you.
Click to expand...
Click to collapse
You must distinguish between Android OS itself and the apps that run on it: Android OS has no permissions you can invoke/revoke, only hardware/OS specific settings can be made there, but permissions can be granted/withdrawn from an app - if its developer has allowed the latter. To change the permissions of an app basically no rooted Android is required, this is done either via Android->Settings or via a 3rd-party APK editor.
BTW: It exist 3rd-party apps that can show you what apps are sending/receiving data over Internet.
Hint: Use your Android phone without Google.
Is root required to disable hardware?
SteveJustSteve said:
Is root required to disable hardware?
Click to expand...
Click to collapse
No, only a hammer. :laugh: