this just put grapheneOS off my todo list altogether, though i'm gonna have a dumb phone soon and was looking at trying to get a little rugged tablet with wifi/ethernet and no 3g to run my banking on
wait... graphene os doesn't have a root activation like the android developer mode?
what's the point of it again then exactly? trust us?
They claim you can't have root for security and even though I use GrapheneOS that is really one of my biggest gripes with them. I understand the implications of having a root of my own device, so it really makes me kind of wish that something like paranoid Android was still really popular, and I could just root my device and slot that operating system on it.
root on android stopped being a reasonable experience about 10 years ago
magisk is a total kludge
I would suggest reading this thread:
https://x.com/GrapheneOS/status/1397952450108313600?s=20
If you haven't got X and can't find a nitter instance still running or alternate method let me know and I'll take the time tomorrow to paste the entirety.
Yes GrapheneOS is against persistent app accessible root access. As an open source project you are free to make whatever changes you wish to implement whatever options you desire. You can make debug builds etc as suggsted in the thread to determine the level of root you might desire and the method of it's operation.
It is your device, your prerogative and power to you.
Initial build instructions can be found here:
However as a privacy and security focused OS with clearly stated scope and high standards with many high risk individuals and organisations depending on it, it would be anathema to claim to be reducing attack surface while providing easily accessable tools and methods to do the exact opposite.
Good luck in your endeavours.
I'm not necessarily knocking your project for lacking root access by default. I understand as a security-focused project, unfettered access to root, is definitely an extreme security threat, especially if people don't understand what they're doing.
That being said, it would be kind of interesting if I could roll my own version that would allow at least some limited root access for certain applications. I will probably look into this. Thank you.
