>Q: Why can jailbroken and rooted devices be dangerous?
>Using a rooted or jailbroken device makes it easier for a potential attacker to gain full administrative control over your device — root access.
>A user with root access can easily bypass security features built into the operating system, read process memory or access restricted areas, such as the internal storage. Once an attacker has root access, any efforts to mitigate threats become futile. No application can be called safe under these circumstances, no matter how strong the encryption.
Is it actually dangerous? Can another person access your account from another device?
Jaxson Barnes
Essentially yes, because of how Linux permissions work. I'm not sure if you can unroot a phone and have it keep the changes you made as root. That would be the safe way.
Sebastian Torres
What if you just uninstall telegram from your phone? And is the problem just on Linux?
Dylan Barnes
Problem is not just linux. If someone has access to Administrator or SYSTEM on a windows machine, it's just as dangerous as if someone has to root on a linux machine. Basically full and total control.
However, as long as you don't actually run your apps as root, you're safe (short of any new privelage escalation exploit being discovered)
Logan Myers
"has access* to root," not "has to root," my bad
Hudson Wood
As a precaution, would uninstall telegram's phone app help?
Grayson James
It's dangerous if you're an idiot and give a Russian ransomware app root access. It has nothing to do with Telegram. Having root access is like the ability to grant things Administrator in Windows or literally root in Linux.
Daniel Murphy
Define "help." So long as you only run apps you trust, and don't run any apps as root, then you're not vulnerable to anything at all.
However, if any of those apps are programmed shittily (i.e. they have bugs/exploits), that would allow an external attacker to run code with the privelage of the app, AND that app is running as root, then you're fucked. Simple solution: don't run any apps as root, don't install apps from developers that are not reputable.
I would say telegram is not a reputable app but that's for unrelated (crypto) reasons.
tl;dr there's nothing wrong with leaving it installed and uninstalling it isn't going to make you any safer.
Charles Thompson
How do I know if I'm running an app as root/stop running it as root? I'm sorry for causing you trouble with so many questions, I'm a total noob and the only reason why my phone is rooted is because it was previously my uncle's.
Nathaniel Russell
You can. Tested it when I installed adaway, changed hosts, unrooted. The hosts file remained altered and ads were blocked. Although that was a long time ago on android 4.4.2, not sure if unrooting works differently nowadays.
This is how it works (and I'll illustrate it using Windows as a comparison) Your device comes without letting you have root (or Admin) priviledges, which means you cannot change anything on the system or kernel level. This is equivalent of having Windows but being logged in as Guest. You can only install software which is isolated and cannot modify system settings, delete system files or protected apps/files and more. By rooting your device you're giving yourself AND apps which aren't system apps the ability to access the system if you let them, kinda like being logged in as Admin and running software as administrator. However, if you're rooted and don't have SuperSU or XPrivacy (Or use a Xiaomi phone as they are rooted by default as of latest version and have their own root permission manager), by default all non-system apps will have root access. This is dangerous, and that's why most rooting methods install something like SuperUser. You can secure yourself from this by installing SuperUser or XPrivacy. This way, every time an app would want to gain root/admin access you can allow it or deny it yourself. Kinda like clicking "allow" or whatever on Windows when installing new software or using software which would use some of the system files. Since your phone is rooted, I assume it has SuperSU. Check if telegram is allowed in SuperSU. If it is, then simply deny it root access. Note that all system apps are enabled to have root access by default (even if you are not rooted) and all apps you've installed are user apps, not system. So by default telegram is not dangerous as it's not a system app.
Juan Johnson
Thank you very much for your explaination, I already knew some of that but it's good to have confirmation. >Note that all system apps are enabled to have root access by default Is that ok, or should I deny them access too? My phone does have the app called Superuser installed but I never touched because I didn't want to mess with stuff I don't know much about. I checked the app and in the "application" tab there is nothing, that should be where the apps that asked for root permission are listed, together with my decision of allowing/denying them access. Also It warned me that su binary isn't updated but when I try to update it, it crashes. Should I get SuperSU instead? Thanks again.
Adam Davis
>worried about security >using Telegram
David Bailey
>is that ok Unless you know what you're doing, you should just leave the system apps alone.
Sounds like you have a very old device and an old superuser. I wouldn't recommend installing SuperSU as the app was recently sold to the chinese and is potentially malicious since it's no longer open source. Go to F-Droid (you can use the site instead of the app if you don't have it installed) and search for "superuser". There are 2 available, one for 4+ (or 5+) Android and one for older versions so get one that works for your device. If they don't work properly then try to use XPrivacy. From what I remember the process is this: >Install XPosedFramework >Let it configure itself (here it should ask you for root permission, if you aren't prompted then your current superuser app doesn't work. This is why we're doing this.) >Go to download modules, search for XPrivacy and install it, reboot >Open XPrivacy, go to your currently installed apps and on each of them (other than XPosed and XPrivacy) find "system", under it should be "su". Tick it. This prevent's the app from getting root priviledge. >alternatively, go to settings and add global rule for user apps with "su" denied. This is so you don't have to configure each new app individually.
I know using XPrivacy instead of SuperUser isn't standard, but that's what I turned to when SuperSU was sold and auto-updated. XPrivacy just worked and it's a really advanced permission manager. If you: >think installing XPosed is too much or XPrivacy doesn't support your Android version >aren't really worried about potential privacy leaks of SuperSU >cannot properly install F-droid SuperUser Then SuperSU will probably be okay.
Chase Powell
It's probably the other way around. I'm guessing that the company behind Telegram can't guarantee that your secure keys for decrypting messages sent to/from your phone is secure and can't be leaked by rogue apps/actors if you're not running a secure (un-rooted) version of Android.
They are just trying to minimize the risk of using their app if you're someone that would get in serious trouble if your convos (+keys) were to get leaked. By not letting you use their app if you're not aware of the risks.
"Powerusers" are obviously hurt by this, but I'm guessing a lot of people are rooted that aren't powerusers.
Adam Smith
Rooting your phone isn't so much an issue, since apps like supersu still restrict what apps can ask for root. The real problem lies in the rooting process. You need an unlocked bootloader, which also means that anyone with the technical knowhow can basically make a full backup of all partitions >reboot in recovery, hook up pc, fire up ADB, have full access to all partitions Your best bet is to use Android's encrypt feature (settings->security->encrypt phone), if you have rooted and unlocked your bootloader
Connor Edwards
Or I dunno... just don't give fucking Telegram root access to anything?
That might be a start.
Just do that.
Robert Allen
>fire up ADB
Because that's not disable-able easily.
This is all clickbait for the sake of it. ADB won't initiate if it's turned off, rooted or not.
Parker Miller
That's why I said you need to boot into recovery. TWRP and the likes have ADB by default on. I'm not even sure if there's a way to disable this.
Henry Fisher
Didn't even consider that. So for a lot of the companies that restrict their apps if root is detected on the system, it's mainly because then they know that the integrity of the OS is probably out the window?
I was more thinking along the lines of: 1. Random app installed from Google Play gets root 2. Said app get's a rogue update pushed which makes it do malicious stuff with your data 3. The damage that can be done by this rogue app is pretty bad since it has root access and can leak Telegrams keys or whatever
Is that usually not an issue? Or at least not the main concern?
Bentley Allen
Having a rooted phone does not mean every application on that phone suddenly has root access. Just as with desktop Linux and Windows, you have to first give an application root privileges for it to cause damage. If you apply basic security best practices, rooting a phone cannot possibly make your phone less secure.
Jailbroken iPhones are a different car entirely, however, as you must first exploit a vulnerability to get them jailbroken in the first place.
Lucas Wilson
I dunno. Giving apps root is creating a larger surface area for possible attacks on your system.
Jayden Allen
Non issue 1. It still needs to get root granted by SuperSu. Unless an app has a very god reason you should not do this 2. Apps periodically get scanned by Google Play for malicious behavior. 3. Most companies are not willing to damage their reputation (and forfeit mad dosh) by doing such a thing.
As long as you download from the Play store AND not download some shady shit with sub 1000 installs, you're fine. Your main concern is not random app X, it's government agencies that have you in their visor.
Carter Adams
Without a working superuser all apps have root whenever they want to have it.
Luis Taylor
You only give root access to applications you can verifiably trust. AdAway has no vulnerabilities since it's basically just a script to update your hosts file.
Elijah Cox
thats a lie faggot im on CM13 and i dont have supersu installed I DECIDE WHAT APPS I GIVE ROOT TO
Matthew Flores
If you rooted your phone correctly, you will be promoted every single time an application tries to run as root. This is a non-issue.
Joshua Ortiz
No I get that. Of course only state-actors will have much use of Telegram keys or whatever.
Thanks for the info though. Taking my fist computer security class and have always been interested in the subject.
Eli Thompson
stop spreading lies pajeet
Gabriel Ramirez
That's because CM comes with a better superuser application -- PHH's Superuser.
Luke Brown
>being this retarded
Michael Harris
get a load of this retard
Leo Green
fuck off sperg google your shit before shitposting you retarded nigger
Ethan Harris
Read what I've said, only if you have a working SU or an integrated one into the OS. I deleted SuperSU myself to test this before flashing another ROM. All apps which needed SU access magically got it. ES File Explorer which I installed AFTER removing SuperSU could explore root folders and delete system apps. Additionally, my old device somehow has the same problem as . It's rooted but outdated af, and superuser can't update binary. All apps there have SU access.
This is because Superuser is what *denies* SU. It's allowed by default.
Bentley Jenkins
And you should read what I said again. Rooting correctly implies installing a superuser application. There are no commonly used methods that root your phone without installing a proper superuser application for managing this.
The default is to install SuperSU or PHH's Superuser. Therefore, this is a non-issue.
Parker Wright
Given how out of date almost all Android devices are, that Linux isn't unusually strong against local root exploits, and the amount of utter jank that's buried in dark places of Android, it's almost a moot point.
I don't like iOS, partially because of the lack of control, but I won't pretend that it isn't also a lot more secure in practice and that Android isn't a complete tire fire - because it really is.
You also shouldn't use Telegram: it's shit. "In summary, Telegram is error prone, has wonky homebrew encryption, leaks voluminous metadata, steals the address book, and is now known as a terrorist hangout. I couldn’t possibly think of a worse combination for a safe messenger." - @thegrugq
Best recommendation right now is still Signal.
If you don't think potentially leaking your phone number to Facebook will cause any serious concerns for you, WhatsApp is just as good with a much bigger user base, if you turn the option to warn you about safety number changes on. Even with that off it's still better than Telegram...
Elijah Flores
Best recommendation is Wire. It's also Sup Forums approved.
Camden Wright
This, this is good advice.
If I wasn't a poor student I would be seriously tempted to just get an iPhone (again).
No matter how paranoid you are, it's gonna come down to trusting in either Apple or Google in the end. Out of the two, Apple is taking device security a lot more seriously.
It makes me angry just to think about this. At least Google are taking netsec very seriously and Chrome seem to be one of the most secure desktop browsers.
Matthew Wood
Dunno anything about Wire. Signal and their protocol in Whatsapp seem to have the crypto/security community behind it and not just "geeks" on Sup Forums.
