de0u nless that program and all of the pluggable modules are genuinely very secure (this is unlikely)
Why is that very unlikely? Apps are sandboxed by default on Android, so unless the app has a serious design flaw, I'm not following how there would be a substantial risk from a non-rooted app hijacking a rooted one.
hemlockiv An accessibility service trivially has root access. A keyboard can probably get root access, and so on.
Going back to the original quote, I could understand how an Accessibility Service or a keyboard app could more easily hijack something like the Magisk app, because those are examples of things that could automatically send input too fast for the user to notice/prevent. (I'm not sure what "so on" could refer to, as accessibility services, keyboards, and apps with the "display over other apps" permission granted are the only things I can think of that can send arbitrary input to the UI).
In that case, I don't see how ADB is actually much more secure, given that (as already referenced in the quote) you can now use Wireless ADB to create on-device ADB shells. The good news is, this actually seems relatively straightforward to lock down?
- The hacky solution: Via some system module, only allow Magisk to be accessed when all non-system Accessibility services are disabled, all "display over other apps" permissions are temporarily revoked, and only the system GOS keyboard is active.
- The proper solution: Prevent services and apps from overlaying or interacting with Magisk in the same way that the system prevents overlays/interactions with Keyguard.
de0u Overall, rooting is about expediently brushing aside the system's integrity mechanisms, instead of carefully developing an app that lives within the security model and has only the privileges it actually needs. People may choose to turn off large hunks of the security system on a daily-use device containing private information, but that dramatically reduces the integrity of the system.
yes yes we are all in agreement that Magisk is the root of all evil, su is antithetical to security, and "rooted GrapheneOS" violates US trademark law. I'm asking because I am just trying to better understand the technical aspects of the security issues surrounding the su problem.