Answer the question
In order to leave comments, you need to log in
Why are custom firmware and root rights dangerous?
Somewhere I read that tubes with root rights are vulnerable. They are easy to steal passwords / hack. In particular, the Sberbank application warns before installation that "you have root rights." I want to install a password manager on a handset with custom firmware and root rights, I'm afraid. Is it safe or not? What do the experts say? Thank you!
Answer the question
In order to leave comments, you need to log in
Root rights allow you (namely you and above all you) to have full control over the device.
They are dangerous primarily for android and phone manufacturers, because having a root, you can remove their advertising pages from your phone and even prevent the almighty Google from following you. And this is an attack on the foundations.
As for the software, every software that needs root will ask you for it. And it's up to you whether or not to allow a particular program to have root access to the phone. And allow it forever or for 10-15 minutes (for one run), and then let it ask again.
By and large, root on android is needed for Titanium Backup (install-uninstall, backup-restore applications), AdAway (ad blocker) and firewall (separation of access to the network, you don’t need to at your expense for a slow and expensive 3g what Did the nasty thing download ads for you? Or leak your photos to the NSA?). Still sometimes root is needed for programs to fix jambs (for your convenience!) In android, for example, which open recording on an SD card. But they usually need it once. All the rest will be overwhelmed.
About access to your data. On android there is such a thing as permissions. Here in them (you see them when you install the program) and it is written what the application can do and what not. And the fact that this application has root access will not change anything here. He has permissions to send SMS or calls - he can call and send, regardless of whether he has root access or not. There is no such permission - it cannot call and send.
And about the password manager - of course put it! It doesn't matter if your phone is rooted or not, it has little effect on password interception. But third-party keyboards (and native ones) can and see everything that you type and can merge it into the Internet. Again, regardless of whether there is a root or not. But if there is a firewall (and it needs root) and access to the Internet is closed to the keyboard - here you can sleep a little calmer.
A rooted application can interfere with the operation of any other application, modify any files on the device. Some keylogger or other functionality that uses software vulnerabilities can be embedded in custom firmware. If they rarely bother with firmware, then with root the situation is a little different. Many users get root in dubious ways or do not restrict rights at all after receiving them. Thus, root access can be obtained not only by one specific application, but in general by all.
This doesn't happen often, but it does happen.
Personally, I have never had the need for root access on the main device. Only when experimenting with old devices that didn't have any important data on them.
Vrotmennolegs! Password manager for mobile with root!
Then immediately create a site with a page of your passwords on the Internet.
After that, treat this situation as if the entire Internet began to study your passwords.
Even using two-factor authentication, it will no longer be possible to control access, because. after you provide it to yourself (even specifically for this mobile), you will also provide it for all programs and services installed / running on it.
If you want to root, it's easier to use two devices: a working one for passwords, and a "garbage dump" - where there is a full root, for different experiments and tests.
Filter installed applications and everything will be ok. You can’t download it from the playmarket, but when it’s direct from the Internet, there are times when a dishonest programmer put his application there, more often for advertising, less often for such attacks as you say. Put the root, now in my opinion only housewives live without root.
The same as the root / Administrator rights on Windows or Linux, or the most ordinary knife - they can cut a sausage, or you can kill a person. If you tend to put all the latest, and more, to pay via the Web, and even via NFC, and to tie bank cards and play games that were delivered from nowhere - well, then your passwords and money were crying. If, however, you are thoughtful about installing programs, attaching (if you really need it) a virtual card, where there is no money and not paying anywhere from your phone, then do not care. People root phones, including to get rid of Google probes.
I put the root, deleted all the "extra" applications that are suspicious, downloaded the Sberbank from the play market, banned the root of flattery in the Sberbank application and live happily on.
Well, for greater confidence, you can install an antivirus for yourself.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question