I’ve written this blog post about moving from rooted Samsung to a Pixel running GrapheneOS. It’s a list of every root tool that I used, with a note on whether I’ll miss it. I wrote it as a checklist for myself initially, and decided to add links and more comments and publish it. Turns out I don’t really need root, which truly surprised me.
Do you have any apps or tools that hold you back from leaving root?
You must log in or # to comment.
I took a similar journey. I had the Pixel Pro 7, and when that broke I went to the 8 Pro.
I was on LineageOS with Root, and utilized quite a bit of root enabled apps and plugins.
- AdAway (I needed a non-vpn-like ad blocking solution, because I also used WireGuard
- WireGuard Kernel Module
- SDMaid(2?)
- A-GPS SUPLReplacer
- ReVanced (without Micro G)
- Termux
- PlayIntegrityFix
- TrickyStore
- AFWall+ (Since I didn’t want some apps making network connections)
- Custom Kernels (mainly for optimization, including but not limited to thermal issues)
I am sure there were more, in fact I know I used more but they constantly were changing because of keeping up with the cat and mouse game of passing Google’s Verification. All because I wanted control.
That was one of the biggest reasons behind root for me, to have full control over everything.
I took a step back, and decided to go down the rabbithole of using GrapheneOS, and eith a few exceptions, offered everything I was trying to accomplish with LineageOS and Root. All without the side-effects.
Do I miss having root? Yes. Would i switch back? That’s complicated. Yes and No, but really dependent on how Google decidesproceed in their endeavors of trying to lock everything down.
I don’t want another “Apple.” I am on Android because I am more of a poweruser than anyone I know in real life. I use more than just texting/messaging apps, and multimedia. I manage servers, and care about privacy, and I want to understand the inner workings of the devices I use. Bet ya can’t what family of OSs I use on my PCs? Just kidding. You already know.
I use RethinkDNS app to block ads. It’s VPN based, but you can point it to any WireGuard tunnel and it still blocks ads. It even has split tunneling.
Do I miss having root? Yes. Would i switch back? That’s complicated. Yes and No, but really dependent on how Google proceeds in their endeavors of trying to lock everything down.
Exactly! I think most people who have left root share this view. I wish to see it change over my lifetime, but I don’t have much hope given the current state of things :(
I had this moment years ago when I realised 95% of root tweaks I was using were available non-rooted anyway. The other 5% I learnt to live without and now struggle to remember what they even were.
Thank you for posting this. It’s interesting to see someone else who has walked similar paths, and not just see what you did, but read about how you felt about it and how you decided to do things and how you felt afterwards.
I also went from rooted Android (LG, Motorolla, OnePlus, etc. to GrapheneOS. (custom Windows Mobile Roms before that ~ not even Windows Phone, Windows Mobile…) I miss some of the customizability that custom Roms and root gave me, but surprisingly I don’t miss root that much.
I used root mainly to block ads and theme/modify visual elements. I still block ads, just network wide and not on an individual device level. I did use it for some other stuff and have tried a handful of the things on your list.
Similar to your root situation, something that caused me ongoing grief and difficulty is degoogling. Like you mention with freezing apps, I haven’t been able to fully cut out all the google stuff though over the course of the last year, I have gotten very close. I made a Lemmy post asking for help a while back and made significant progress with my remaining proprietary dependencies thanks to people’s kind suggestions. I hope to share with the community again the next time I redo an Android device.
Btw, I love the site: very Y2K; very small web.
It’s great to hear someone found it interesting :) I’ll be looking forward to your notes on degoogling. And I’m glad you like my website, I really love the current small web revival, even though I’m too young to have experienced the original small web times of the internet.
I don’t need root, but there is something about a company trying to tell me “no you can’t” that makes me really want to prove them wrong.
I’ve rooted every single one of my Android devices over the last 15 years. I have no plans to stop. I paid for the device, therefore it is mine, and I will do what I damn well please with it.
Ansolutely! I thought a lot about the pros and cons of GrapheneOS, and decided it was better for both my privacy and security, and also ease of life. I still felt bad about the loss of control though, and that’s why I wrote this list for myself. Now I don’t feel as some evil company forbids me from having root access, but that I voluntarily chose a system that protects my privacy to the point of taking some tools (that I didn’t really use that much) away from me to protect me agains exploits. It may be copium, but I’m happier :)
Valid, I can respect that choice. I prefer having full access available, but that’s just how I do.
And you can still root Graphene - they just don’t support it
But you have to compile it again on every update, right?
You don’t have to compile GrapheneOS from source thanks to avbroot which can take a release zip, patch it with root and sign it using a custom avb key. This lets you root while keeping the bootloader locked.
The rooted-graphene project automates this completely using GitHub actions. It even lets you do OTA updates like normal GrapheneOS.
Not against the idea of someone doing what they want with their hardware. That’s what got me into custom ROMs, and Linux, and Open Source projects to begin with.
I personally will not be rooting my GrapheneOS, even though once upon a time I would have jumped at the idea because of wanting a few things.
I feel it does compromise some of the security mechanisms and philosphies of GrapheneOS.
Like I said though, it’s our device, use it how we want.
This lets you root while keeping the bootloader locked.
Wait, what? That’s a pretty big deal!
It should be noted that while you can do this, it can increase your attack surface, defeating a lot of the point of Graphene. Before I started using Graphene, I was a huge fan of rooting and getting full control of my device, so I definitely understand the appeal. But I don’t think I would root Graphene myself, automated or otherwise.
Based on GrapheneOS’s response in this thread, I understand that freezing apps might be completely unnecessary
Link in that part doesn’t work but is it really that bothersome to use Hail with Shizuku? You only need to re-enable shizuku after reboot. I don’t restart my phone too often so it is not a problem for me.
In my case I rooted my device once to try some fancy things. It was fun but then I never bothered with rooting again. Most things that I need can be done with Shizuku/ADB and/or app patches.
Thanks, I fixed the link, but the old version still seems to be cached. It should be https://discuss.grapheneos.org/d/1173-taskmanager-real-killing-of-processes/9 And yes, I restart my phone pretty often, and I think it also restarts automatically at night, so re-enabling Shizuku every time is something I don’t want to deal with. Another alternative I forgot to add to the post (and now I will) is this app: Force Stop Helper. It’s a simple list of apps with following features useful for my usecase:
- Clicking on an app takes you to it’s system settings page where you can enable/disable it with one click
- You can pin certain apps to the top
- Disabled apps are shown greyed out and marked as disabled
Using this is not as convinient as Hail, but perfectly fine for apps that I don’t need to freeze multiple times a day. Sort of a middle ground between convenience and security.
For me the biggest thing is having a full backup. I don’t want app developers to be able to decide if data on my phone gets backed up or not, that is not their decision to make, it’s my phone, goddammit. And I want to back it up to where I want to. Also in a similar vein, having access to all data on my system. In the worst case scenario to troubleshoot things.
Also, there are so many useful tweaks where I just wonder, why the fuck is this not part of Android, or why do I need root to change this? Like being able to rotate my phone 180°. Or having a battery bar instead of a battery icon. Or showing more icons in the notification area. Or not having it close apps after I haven’t used them for a certain amount of time (I left that video open for a fucking reason, maybe because I wanted to finish watching it tomorrow or the day after).
Oh, and an ad blocker that is much better integrated into the system is pretty nice.
GrapheneOS has a full system backup, but I haven’t used it yet.
Having access to all data feels great, but I personally used it only once: to move history and open tabs fom one firefox fork (Mull) to another (IronFox). It came very handy tho.
I completely agree on the system tweaks part.
And for an adblocker, I wonder what do you use? It was a big reason to root for me, but I switched back to RethinkDNS (DNS blocking using the VPN slot) after a while. The reason was that I use pretty aggressive filters, and need to unbreak apps often. With ADAway, I needed to start logging, then do the problematic request again, look in the logs, allow the domain, and then reapply the filters to my system.
For blocking individual apps from accessing the Internet entirely, I couldn’t find a good solution, although I feel like it must be possible with root. GrapheneOS, on the other hand, allows you to toggle the internet permission like any other.
Does GrapheneOS actually backup all app data? My understanding was that Graphene uses seedvault, which is subject to the same limitations (i.e. a developer can prevent backups of app data).
I personally use adaway. I used to have a VPN slot ad blocker before, but it kept getting killed, and I just generally notice it much more. With Adaway, no VPN slot is used, and I don’t even notice it’s there. I could deal with the VPN slot ad blocker in the worst case scenario, but it just makes things easier for me.
For blocking internet access, I’m pretty sure there’s a an xposed module for that.
Mind you, there’s one glaring problem for me with graphene: it isn’t available for my phone, and apart from the usual android nonsense, I quite like it and don’t want to give it up.
can you expand on the backup and possibly restore that worked for you? no solution I tried on a rooted lineageos worked, tried phone to similar phone and restore to same phone after wipe. tried adb, seedvault, neobackup, a couple others (anything with backup on fdroid) none worked remotely acceptable.
Neo Backup does a fairly good job for me, at least for backing up app data. It has some bugs every now and then, but it gets the job done. What problems did you have?
never once succeeded in any meaningful way that I’m confident I can lose the thing and restore it on another device.
I do a full backup. transfer the backup file to the other phone. initiate restore - errors, incomplete data, apps are never to rarely transferred, a total mess. phones aren’t the same but are similar (SDM845) and the same LOS 22.2 with microG and magisk.
OK, I’ve only tried restoring on the same phone until now, and inspecting the files that were backed up. Not sure what the problems are there, but might make sense to check their issue tracker, it does seem to see pretty active development.
I tried to live without root after my last reinstall. Finally I had to root to make AndroidAuto work, as I’m using microG instead of Google Play, and aa4mg requires root.
That’s a neat little tool! I’ve been looking for something like this
Main thing keeping me away is banking. Unless if I just carry two phones. Quite trendy these days.
That’s one of the biggest topics surrounding android customization, and I somehow completely dodged it. My bank app does not care about anything unless I try to hook it with LSPosed modules. No integrity checking, no root checking, no scanning for installed apps, nothing.
This must be a European problem perhaps? I can’t understand why this is the deal breaker for so many.
Banks have web sites. I don’t know why anyone would ever allow their financial institutions access to their phone’s plethora of sensors and the available telemetry on what they are doing on their mobile device 24/7. That links confirmed ID + “trusted platform” + biometrics + transactions + location + all the metadata every other app hoovers up in one convenient place. The very same people across the pond are worried about having to verify ID to look at porn, but are cool with their bank knowing the position of their accelerometer while they’re taking a dump.
In my local bank you can choose between 2 ways of 2fa: in their app or sms. Sms is less secure and slower, as you have to wait a bit for the sms to arrive. And you have to use 2fa for each online purchase, and login to the website. But my bank’s app works perfectly fine on rooted phones.
However Revolut stopped working, and I gave up reading about workarounds. I have an old unrooted broken phone always at home, I use it for that only. Revolut’s website is limited, you can only see your balance and disable your cards if they were stolen, nothing else, you have to use the app for everything.
Not sure what kind of apps you are into that know when you’re taking a shit but my banking apps have notification permissions and that is about it (camera when needed but yank it straight after). Most bank and broker websites are limited compared to the app. I have 8 finance related apps and it was constant musical chairs with which one will break after an update requiring hours of workaround research, if one is even available. Any version of Interactive Broker straight up refused to work on rooted device. You may personally be OK with giving up that functionality on your phone but not everyone is in the same boat as you.
My bank apps work on Graphene with the exploit protection compatibility mode enabled, even the ones that require Play Integreity API.
what about their websites?
