some carriers do but Google runs their own as well because carriers were slow to adopt.

a better solution than giving blanket root access would be an API/daemon that provides more fine grained permission control, similar to how flatseal manages the flatpak sandbox.

edit: anyone wanna help me on a new project idea…?

well sure, for customisation sake there is plenty benefit. the security concerns are more plentiful, however

one of the reasons I use nix package manager is because it doesn’t require root. it has separate build users and a daemon responsible for privileged file management. I also have a separate user with access if I absolutely need it, or I can log in with a live session and chroot into my system.

if you need root for a general purpose application then it’s badly designed

you can’t lock your bootloader and retain access for one. that’s an easy way to brick your device. it cripples security because in order to gain this access you are patching in the sudo binary (which doesn’t normally exist on Android and is therefore not designed to be securely used) and a bunch of selinux policies that give extremely vague permissions systemwide. data exfiltration is made a much simpler task when a user has rooted their device.

it is also increasing attack surface. you now have to trust that this per app permission model is actually functioning correctly and isn’t exploitable.

edit: it is worth noting that having root access on a desktop Linux system is horribly insecure as well, though. I completely remove sudo on my systems (although considering one can just invoke su -c or su - root that doesn’t help too much in actuality)

rooting cripples your security and there is little benefit to it.

people are even dumber than I realized holy shit. I knew people weren’t willing to go far for security measures but this is actually much worse than I would have guessed.

laziness, ignorance, or privilege? I’m unsure which of the three causes this. I find it hard to believe it’s ignorance because online scams and hacks are very well known and I’ve always hated “laziness” as a concept.

you only need one totp app… people baffle me.