Related
In doing my taxes, I noticed that the H&R Block app tries to execute su (which I promptly deny) and then nags about my device being compromised (app still works anyways.) It's obviously not, but it got me thinking: Since we're operating in the kernel now, I figure that we should be able to prevent apps from seeing the su binary at all unless we as the device owners explicitly want the app to be able to see it. Maybe even do something like allow creation of an app whitelist and/or blacklist.
If it's tricky to pull off, make it a pro feature (I paid for pro.)
I imagine this would fix Android pay as well (though I don't use it so I don't care) but it might be a motivating reason for others to want such a feature.
Other benefits to this include enhanced security against questionable apps that might, for example, try to take advantage of possible zero day in SuperSU itself.
I could be wrong, but isn't systemless SuperSU installed to ramdisk?
Also since the mount points are still on top of /system (without actually modifying system), doesn't that mean it would be visible anyway?
Sent from my Nexus 6 using Tapatalk
Not if you only exposed the mount point to specific users, and only set the $PATH variable to specific users (which is another possible way to detect root.)
There are a lot of things that can be done, that can be done in theory, that can be done if somebody puts the work in, etc.
Outside of just a time investment, these things are very complicated to do and have them work on a large number of devices.
That's not even considering the legal repercussions.
There are a lot of apps that check for just the existence of 'su' and then you're done. Or if an installed app has a name like 'supersu'.
One that's been a constant thorn in my side has been 'Good for Enterprise'. Only way I've seen where a rooted phone worked past root detection was when it was a Cyanogenmod type that had a custom root (non supersu) built into the development settings and you installed/ran the app with those root settings off.
So agreed with Chainfire that all apps check for root differently.
Use "rootcloak" or simply disable supersu if you are system-less. The only caveat with using rootcloak is that it requires xposed and it is dreadful at hiding xposed meaning any security app looking for xposed will more than likely find it
So I finally bit the bullet to install LineageOS 14.1 on my phone, using Magisk and all that but I have looked quite a bit before posting this, and even in that giant thread for the SafetyNet Fix which appears to be abandoned. Surprised no one forked it to continue.. Anyway...
From my research thus far, I'm seeing some moderate success from modifying the build.prop values to an official source perhaps. If I'd known this, I would of probably attempted to get it from the official ROM before I flashed LineageOS on to try and bypass that check. But so far, a few things I have done just simply won't work which is forcing Google Pay to fail working as well.
My experience with modifying the build.prop is pretty much nill. I'm a novice Linux user, but there are certain things I tend to never touch, even on Android. I've not seen anything that was comprehensive as to what specifically edit, and what to change the values to. (this is largely because its device specific usually) Luckily, both the banking apps I use work fine, its just Google Pay I'm having issues with because of the CTS Profile. Basic Integrity passes, so I at least know Magisk is working to some degree.
In a pinch you can use whatever device fingerprint you can get a hold of.
You've done some research, so you might already have seen this:
https://forum.xda-developers.com/showpost.php?p=75489540&postcount=1636
Follow those instructions and you should be good to go. You can use the provided fingerprint in that post, but like you say, it's good to use one for your device (what is your device, by the way). Ask in your device's forum if someone can provide you with a stock fingerprint.
Technically speaking, I already stated my phone which happens to be in the thread title. But I'll ask over there and hope for the best.
Though yes, I did run into that particular post. No guarantee it'll work, but guess I could try it once I get the line I need.
TwinShadow said:
Technically speaking, I already stated my phone which happens to be in the thread title. But I'll ask over there and hope for the best.
Though yes, I did run into that particular post. No guarantee it'll work, but guess I could try it once I get the line I need.
Click to expand...
Click to collapse
Oh yeah... I missed the title, didn't I? :laugh:
If you can pass basic integrity but not the cts profile, most of the times it simply is a matter of using a certified fingerprint. On every single ROM with uncertified fingerprints I've tested, this has been the case. But of course, YMMV...
Kernel Z5c support to safetynet
https://androidfilehost.com/?fid=889764386195916464
Just as the title says, the new natwest app update (2018 June) refuses to work when Xposed Framework is enabled, but runs find when the framework is disabled. I am interested to know how it detects when the framework is operational, and how can I fool the app into running while Xposed framework is running.
Here is my system:
Samsung Galaxy S5
running Lineage OS 14.1, rooted
Xposed framework version 89
I have tried a number of methods to hide the running framework with no success
Tried DotMod to hide xposed --> not working
Tried XprivacyLua, denying all sorts of permissions such as view activity and running apps --> not working
Only works when i disable the framework and restart the phone. But that is ofcourse tiresome, cos no one wants to restart their entire phone just to check their bank app.
Current solution is to revert to previous versions of natwest bank app, but again that is trivial, as sooner or later they will refuse to work on outdated apps and force update.
Talking to the dev team, the only clue they mention is their new app checks the memory for running malicious apps, and if it detects anything it refuses to run. So it is not safetynet (infact safetynet fails, but the app runs)
Fair enough, but ive tried denying it literally all permissions, both from Privacy guard of lineage os 14.1 and XprivacyLua, and nothing works. Either the app is using some clever method to bypass these, or they dont do their work properly.
I miss old xprivacy, where you had a billion more options within permissions, with info of when and what did each app accessed.
I need xposed in order to disable my proximity sensor which is broken, and constantly thinks the value is zero, hence blacking out my screen during calls
Any help or advice will be much appreciated.
I believe it was with the 2016 November security update that Google changed something that forced an update to Xposed that made it practically impossible to hide. Xposed is easily detectable in the running zygote (something you can't hide), and the only solution is the one you've already found; disable and reboot.
i keep reading many times now "the only solution is reboot" - that is not a solution, we need to find a way to better hide xposed. Perhaps I need to research a bit more on zygote and find out and how it works exactly, and see if there is a way to mask it. Honestly all these android updates are pissing me off, its getting harder and harder to mod your phone, and I dont get why they struggle so hard to make it difficult for us modders.
I will attempt to flash back to kitkat and try, I would not be suprised if it ends up working.
In the windows enviroment you can always do wtv ur heart desires, and if that means destroying your PC so be it. But in android enviroment is so damn hard, and no devs want to share how they implement things in fear of someone hacking them or wtv. But all this is doing is hurting modders, making us hate some apps with harsh rules and moving away, doesnt do any good for anyone!!
It's perfectly possible to hide Xposed if you downgrade to a security patch prior to November -16. You're likely gonna have to dig around a bit for the proper files and versions though.
And believe me, there have been some pretty brilliant minds that have tried to find a way to hide Xposed and found it not to be possible. Of course, "nothing's impossible" and maybe someone with a brilliant idea finds a miraculous way. You never know...
I have always rooted all my previous android phones, but had not had a big need for it on XZ1c.
Partly because its actually quite tough, and partly because you can never return to "untouched state" if you want. Wou WILL loose permenentaly you android key provisioning. (introduced in android Oreo).
However now I am in doubt if I should root or not. Mainly because its just nice do have full control of your phone. And also because I like to play/geek with my phone.
Can someone help me make up my decision. So far this is the list I can come up with.
You are very velcome to add points which can help me, and probably many others take a decision, as this product is now nearly 2 years old.
Pros:
* Remove ads in app. Already use Opera to remove ads in browsing.
* Use external SD for app data, as 32GB is very limited. Link2SD working still in Pie? Or somethink better has come up?
* Add option to call recording
* Customize pie clock location - > put back to right side
* You will be able to make FULL backups with ie. Titanium. Although after Android 6.0 this is becoming more and more useless.
* Remove unneeded bloat.
* Perhaps being able to get better battery consumption. Not really proven though, as stock is getting better and better.
*..
*..
* Systemwide night mode (is this still possible in pie, where you can dimmer the navigation keys)
Cons:
* You will physically alter the phone, and cannot return to 100% stock -> loss of andorid Key Attest Provisioning. Cannot relock bootloader etc. etc.
* You will not be able to use Google Pay. And this feature will be lost forever, as this is using key attest provisioning.
* You will not be able to use Over-the-air updates from Sony, which means you will not automatically have the newest security updates to phone.
* You need to strugle with banking apps and streaming apps checking for root. So you have to trick them with magisk hide etc.. Cat and mouse all the time, as they might become better in detecting root.
* You will and spend alot of time, and need to spend more and more time on your phone, to keep up-to-date with latest xda development.
* ..
* ..
*..
*..
I'm not sure if this will change in the future or not, but for me, Google Pay and my banking apps (Chase, BofA) are currently working on my rooted XZ1C. I didn't do anything special other than installing Magisk.
You can use magiskhideprop to use Google pay and alike.
You might also need to use the avaliable hide options from magisk manager though.
Removing bloatware for sure gives the battery 5+ extra hours of use.
For me that was the main reason.
Oreo had a few hours more though is what i notice compared to Pie.
TGN said:
Removing bloatware for sure gives the battery 5+ extra hours of use.
For me that was the main reason.
Click to expand...
Click to collapse
You can remove bloatware using adb without root.
mcmanuf said:
Can someone help me make up my decision.
Click to expand...
Click to collapse
By the looks of it, you’ve done a pretty good job of reasearching the points for and against, I don’t think asking the question here will bring you any new instights.
In the past, rooting unlocked the phone to lots of new ‘features’, customising and battery saving apps. But that’s long gone now, you can customise without rooting and the modern stock build is so good with battery saving that tampering with it’s clock features or running proccesses using power saving apps more often produces worse battery not better. Add to that the ability to reomve all the unwated apps you want with some prudent ADB commands, makes rooting seems like a lot of work, for not much gain. There seems to be some sort of urban legend that everything works better on a rooted phone, but I think quite often the battery performance is the same or worse.
I’m sure it’s fashinonable to say that your phone is rooted, but locking yourself out of regular security updates, having to initiate a whole update squence of flashing this file, then that file, then that file, every time there’s a firmware update is very draining and I’m sure you’ll give up after not very long (I gave up with .20 on Oreo). There’s so many more things that can wrong with a rooted phone, even if you do follow the herd and always have the latest latest build on your phone.
I’d say don’t do it and invest some time in learing how to get what you want with ADB.
mcmanuf said:
Cons:
* You need to strugle with banking apps and streaming apps checking for root. So you have to trick them with magisk hide etc.. Cat and mouse all the time, as they might become better in detecting root.
*..
Click to expand...
Click to collapse
I can tell you that this point is 100% true. I have 3 banks. All do not work with vanilla root, but 2 of them can work if using Magisk hide. However the 3rd app (ABSA Bank south africa) cannot work no matter what... Not sure how they check, your magisk can but fully secure, pass safety net, pass cts, pass google play certification - and it will still detect root. Reading on the south african forums regarding this, nobody has been able to figure how to get this working on a rooted phone. I actually went to the bank and closed my account because of this... but this situation is surely only going to get worse.
And there is no system wide dark theme in XZ1c's Pie.
Regards,
Dean
TheVan28 said:
You can remove bloatware using adb without root.
Click to expand...
Click to collapse
This is interesting, any chance you could point me in the right direction?
l33boy said:
This is interesting, any chance you could point me in the right direction?
Click to expand...
Click to collapse
Nice XDA article here
and something more specific to our XZ1c here
You might need Sony drivers
TheVan28 said:
You can remove bloatware using adb without root.
Click to expand...
Click to collapse
For my device, the recommended way left a few services active (Amazon Shopping), could not find data anywhere though with root explorer.
When using the Debloater module in Magisk (recommended by @andacro i saw that there were more ''leftovers'' from other removed apps as well which i previously uninstalled through the adb -uninstall method.
For my device, the Debloater module was the more complete method to get everything clean.
https://forum.xda-developers.com/xp...z1-compact-t3815157/post79558539#post79558539
My Pixel 3 is having power button/battery-life issues, so I took advantage of the inflated Google trade-in values and pre-ordered the 7 (ugh, hope it goes better than the 6 launch, especially since with my trade-in I'll be stuck if I have issues).
My Pixel and Pixel 3, I unlocked the bootloader and rooted, but with the Pixel 3, seemed like I was spending more and more time trying to read and make sure that I was going to be able to get the updates installed and re-root with Magisk, and still be able to pass SafetyNet and Play store certification with a different kernel, such that I was skipping updates because I just didn't have time.
My main reason for rooting these days was to use AdAway and to freeze apps that I wasn't using regularly (like Uber, Lyft, store apps needed to get coupons but rarely used which I didn't want waking up and siphoning data in the background) with Titanium Backup. And to migrate a few apps and app data using Titanium Backup (though I think most apps/data transferred successfully using the Pixel transfer wizard when I went Pixel->Pixel 3?- can't remember the last time I had to do this, after 3 years on the P3)
When setting up the P7, I'm thinking about not unlocking the bootloader and just trying to use an adblock DNS, but wonder if anyone else is having similar thoughts? Have you been able to backup/restore apps and app data when necessary using ADB or Helium? Do you freeze apps or just uninstall ?
If I have forgotten some other reason why I really needed to be rooted with unlocked BL, do you think I'll be able to take an ADB backup, unlock BL and wipe and restore all apps/data?
Would be interested to know what everyone else is planning on doing...
Nateg900t said:
My Pixel 3 is having power button/battery-life issues, so I took advantage of the inflated Google trade-in values and pre-ordered the 7 (ugh, hope it goes better than the 6 launch, especially since with my trade-in I'll be stuck if I have issues).
My Pixel and Pixel 3, I unlocked the bootloader and rooted, but with the Pixel 3, seemed like I was spending more and more time trying to read and make sure that I was going to be able to get the updates installed and re-root with Magisk, and still be able to pass SafetyNet and Play store certification with a different kernel, such that I was skipping updates because I just didn't have time.
My main reason for rooting these days was to use AdAway and to freeze apps that I wasn't using regularly (like Uber, Lyft, store apps needed to get coupons but rarely used which I didn't want waking up and siphoning data in the background) with Titanium Backup. And to migrate a few apps and app data using Titanium Backup (though I think most apps/data transferred successfully using the Pixel transfer wizard when I went Pixel->Pixel 3?- can't remember the last time I had to do this, after 3 years on the P3)
When setting up the P7, I'm thinking about not unlocking the bootloader and just trying to use an adblock DNS, but wonder if anyone else is having similar thoughts? Have you been able to backup/restore apps and app data when necessary using ADB or Helium? Do you freeze apps or just uninstall ?
If I have forgotten some other reason why I really needed to be rooted with unlocked BL, do you think I'll be able to take an ADB backup, unlock BL and wipe and restore all apps/data?
Would be interested to know what everyone else is planning on doing...
Click to expand...
Click to collapse
The very first thing I will do is unlock the bootloader and root. Not really a hassle for me and I don't use banking apps.
Lughnasadh said:
The very first thing I will do is unlock the bootloader and root. Not really a hassle for me and I don't use banking apps.
Click to expand...
Click to collapse
What are your biggest reasons to root? I don't mind just using banking websites, and I suppose I could do check deposits with a different device like an iPad... Back in the day was also using Xprivacy but now there is more control over app permissions too. Just trying to decide if there's still a reason to go through the hassle for my use cases.
Nateg900t said:
What are your biggest reasons to root? I don't mind just using banking websites, and I suppose I could do check deposits with a different device like an iPad... Back in the day was also using Xprivacy but now there is more control over app permissions too. Just trying to decide if there's still a reason to go through the hassle for my use cases.
Click to expand...
Click to collapse
Adaway root version
YouTube & YouTube Music Vanced
Substratum
Repainter
JamesDSP
Pixel Launcher Mod
Shortcutter app
Swift Backup
App Manager
To name a few..
Thanks, from your list Adaway root is the big pull for me.
Nateg900t said:
Thanks, from your list Adaway root is the big pull for me.
Click to expand...
Click to collapse
How about a VPN with ad blocking? Kill two birds..Proton is awesome for me. Do a backup, save it then try without root for a bit. You can't stand it then root.
bobby janow said:
How about a VPN with ad blocking? Kill two birds..Proton is awesome for me. Do a backup, save it then try without root for a bit. You can't stand it then root.
Click to expand...
Click to collapse
Have thought about that- use a VPN to a VPS when traveling on wifi, and a VPN to access my home network, but don't like the idea of leaving it connected all the time (battery drain, keeping the radios active to keep the connection) or the idea of having to constantly connect/disconnect it when I want to use the phone. And I would have to create new profiles for adblock to use on mobile while maintaining no-adblock for other devices.
That's why DNS or Adaway hosts seems like the best options for me.
I think I might do your idea of starting without and see how it works. Just looking for any reports from others who have been able to successfully fully backup and restore apps/data to unlock the bootloader. If I have to setup everything from scratch, it's a larger barrier to doing the BL unlock later.
I unlock the bootloader right away so I can use the Android Flash Tool for quick updates via my work computer. I don't like waiting for OTA updates and the optimization process that follows. Root and AdAway is another benefit, also better theme possibilities.
Nateg900t said:
What are your biggest reasons to root? I don't mind just using banking websites, and I suppose I could do check deposits with a different device like an iPad... Back in the day was also using Xprivacy but now there is more control over app permissions too. Just trying to decide if there's still a reason to go through the hassle for my use cases.
Click to expand...
Click to collapse
I used to root for the adblocking, but found setting the private dns to dns.adguard.com is just as effective. As for backups, I used Titanium Backup, but have found Google's backup is just as effective. For those apps not installed from the play store, I use swift backup running on top of Shizuku. For ad-free Youtube, you can find a modified youtube (vanced) apk, but as always, modified apks come with risks.
mruno said:
I used to root for the adblocking, but found setting the private dns to dns.adguard.com is just as effective. As for backups, I used Titanium Backup, but have found Google's backup is just as effective. For those apps not installed from the play store, I use swift backup running on top of Shizuku. For ad-free Youtube, you can find a modified youtube (vanced) apk, but as always, modified apks come with risks.
Click to expand...
Click to collapse
Thanks for sharing your experience! Have been reading more about the private DNS options, just trying to figure out whether connecting to my OpenVPN profiles will override the phone settings and cause me to have to change server config settings in OpenVPN server (seems like OpenVPN will override if doing server push, and the iOS and Android OpenVPN clients don't listen to the pull-filter commands to ignore server config DNS which would be needed to allow non-adguard profile option with a client profile instead of running a second server instance on a different port). I'm probably just going to have to experiment and figure out some combination of settings that allows me to use adguard Private DNS when on mobile/wifi when not using VPN, and also adguard Private DNS when on my own VPN, with the option to use a non-adguard DNS profile if something isn't working/loading and I need to disable the adguard.
Was also reading about using Shizuku and Hail to freeze/disable apps without root, which is my other biggest use-case.
Have a family YoutubeMusic account that costs $2.50/month and includes no-ad Youtube, so thankfully don't have to worry about Youtube ads.
chopt51 said:
I unlock the bootloader right away so I can use the Android Flash Tool for quick updates via my work computer. I don't like waiting for OTA updates and the optimization process that follows. Root and AdAway is another benefit, also better theme possibilities.
Click to expand...
Click to collapse
Do you play the game of trying to maintain Gpay compatibility and Play store certification to install Netflix and other apps, or that's just not something that matters for your use case?
Nateg900t said:
Do you play the game of trying to maintain Gpay compatibility and Play store certification to install Netflix and other apps, or that's just not something that matters for your use case?
Click to expand...
Click to collapse
I honestly don't have to worry about those instances. My use might be different than others.
I'm thinking about getting a Pixel 7 (non Pro), and if I get one I'll keep the BL locked I guess. Right now I got a Realme GT2 Pro, and it's locked running stock color OS. I got a virtual credit card and various banking apps, so I don't want to mess around anymore. For blocking unwanted stuff I use personalDNSfilter (got that running on my PC and my smartphone and it's great) and adblocking browsers. During the last years I used less custom ROMs and kernels, because I don't need that stuff anymore. It rather annoyed me testing ROMs and getting problems because of root.
Immediately unlock the bootloader and leave it unlocked. You can decide to go with root at any time it suits you after that without losing all your data -- can be as simple as fastboot'ing the modified boot image, and as temporary as its gone the next time you reboot.
96carboard said:
Immediately unlock the bootloader and leave it unlocked. You can decide to go with root at any time it suits you after that without losing all your data -- can be as simple as fastboot'ing the modified boot image, and as temporary as its gone the next time you reboot.
Click to expand...
Click to collapse
I haven't unlocked for some time and when I did I didn't use GP or my banking apps. Does Pay and all banking apps work with an unlocked bootloader. Perhaps before telling someone to immediately unlock the bootloader you could inform them of the drawbacks as well as the benefits you provided. Maybe suggest a few articles on the security risks of an unlocked bootloader as a start. The person you are quoting has numerous financial apps on the device and is security conscience. Blanket statements of "immediately unlock the bootloader and leave it unlocked" can be shortsighted for some people.
bobby janow said:
I haven't unlocked for some time and when I did I didn't use GP or my banking apps. Does Pay and all banking apps work with an unlocked bootloader. Perhaps before telling someone to immediately unlock the bootloader you could inform them of the drawbacks as well as the benefits you provided. Maybe suggest a few articles on the security risks of an unlocked bootloader as a start. The person you are quoting has numerous financial apps on the device and is security conscience. Blanket statements of "immediately unlock the bootloader and leave it unlocked" can be shortsighted for some people.
Click to expand...
Click to collapse
Everything will work perfectly with an unlocked bootloader. It will just give you an annoying warning screen briefly when powering on.
If you want to know about security risks, they're fairly small, and ONLY apply if your phone is handled physically by someone untrusted for an extended period of time, in which the only thing they could actually do is install a modified boot image. Under those circumstances, the device security has to be assumed compromised whether the bootloader is unlocked or not.
An unlocked bootloader will NOT allow a 3rd party to access data on the device, since it is encrypted and requires your security code to unlock.
Now, you can actually tell if they've rebooted the device, which they would HAVE to do in order to install a different boot image; the unlock screen (which they are NOT able to modify without resulting in boot failure) will tell you!
And I absolutely disagree that it is shortsighted to advise immediate unlocking. Nothing of real benefit comes from having a locked bootloader. Any sense of security you gain from it is smoke and mirrors. It can only be tampered with if someone has physical access, and if somebody has physical access, it has to be assumed compromised regardless of whether it is unlocked or not. If anything, your security is improved because it is now on your mind that it could potentially be tampered with, and you are reminded of it with the id10t warning every time it reboots.
96carboard said:
Everything will work perfectly with an unlocked bootloader. It will just give you an annoying warning screen briefly when powering on.
If you want to know about security risks, they're fairly small, and ONLY apply if your phone is handled physically by someone untrusted for an extended period of time, in which the only thing they could actually do is install a modified boot image. Under those circumstances, the device security has to be assumed compromised whether the bootloader is unlocked or not.
An unlocked bootloader will NOT allow a 3rd party to access data on the device, since it is encrypted and requires your security code to unlock.
Now, you can actually tell if they've rebooted the device, which they would HAVE to do in order to install a different boot image; the unlock screen (which they are NOT able to modify without resulting in boot failure) will tell you!
And I absolutely disagree that it is shortsighted to advise immediate unlocking. Nothing of real benefit comes from having a locked bootloader. Any sense of security you gain from it is smoke and mirrors. It can only be tampered with if someone has physical access, and if somebody has physical access, it has to be assumed compromised regardless of whether it is unlocked or not. If anything, your security is improved because it is now on your mind that it could potentially be tampered with, and you are reminded of it with the id10t warning every time it reboots.
Click to expand...
Click to collapse
Everything will not work perfectly. Let's be honest here. Look it up, some banking apps work mine doesn't. Pay will work one day and not the next. And if your bank finds out your account was hacked and your phone is unlocked and/or bypasses bank security protocols who will pay for the missing funds when they find out?
A missing device can be booted into a custom recovery and adb commands will be available to take everything on your device bypassing any security you have. With a locked bootloader that is not possible. So if you know your phone can be compromised you feel more secure? That is ludicrous and really doesn't make sense. I mean talk about smoke and mirrors.
Now that being said there are a lot of folks in your camp that say you're living a pipe dream if you think the phone is more easily hacked or info stolen. I understand that argument entirely and it's possibly correct to a certain degree. But to summarily say immediately unlock your bootloader if you don't plan on rooting because.. well just in case, is really disingenuous to a great many individuals. At the very least look up some articles on why to keep your bootloader locked, especially for someone that hasn't done it in some time, if ever. The beauty of Android is the possibility if you so desire. Just be conscience of the advice you give. Many years ago Chainfire said in his blog that if you have an unlocked bootloader and have financial apps on your device you're asking for trouble and you might want to rethink that. (not in so many words) That weekend I locked my bootloader and never looked back. I haven't missed anything.. well other than flashing MVK kernel for my 6a. ;-) But then I'd need root and that brings a host of other issues.
Good points about unlocked BL. Every phone I've had with an unlocked bootloader, I also had root. If I have an unlocked bootloader but run a stock image, I see bobby and 96cardboard are offering different reports of whether that will result in apps like banking apps, Play Store certification, and GPay deciding that they won't allow normal functioning. Anyone else have recent experience on this?
If I can run stock with unlocked bootloader, then I might be more in the camp to have the unlocked BL but not root, at least initially. I like the idea that if somehow an update or some other Android bug borks the OS and/or boot partitions, I could potentially fastboot install a stock copy of the OS and have a chance of recovering my data, whereas with the locked bootloader, it seems the options are limited/none, correct (sorry, haven't had to try and recovery from that situation in the past, so maybe I just don't know/understand the tools available)? I just know from past experience that it seemed like an unlocked bootloader was required and also know that unlocking wipes all data in the process. Not sure if there's a reliable way to get a phone to back up user data to a computer via ADB that can be restored even when the OS isn't working, but also don't have experience trying to use ADB backup with a functioning phone (used to do nandroid backups and they saved my butt a time or two).
@Nateg900t You're not going to trash the os with an update. You might with root if you don't know what the new root process is. But why not just make a backup with an app or two and keep it offline. No adb needed. And copy your important pics too. But I do understand what possibilities there are with an unlocked bl.
What I sometimes do is make a full Google backup and an SMS, call log backup. Then I'll flip the OEM switch just in case I need to unlock. I actually have it flipped now because I'm on QPR1 b2. Now that can bork something. If I needed to wipe I could recover about 90+% within about 30 minutes. If you want to bl lock due to some app or something then a full wipe is needed. Oh how I miss nandroid backups.
Keep asking your questions all over and make an informed decision. Enjoy the device it's pretty awesome.
Ahh, good call on flipping the oem unlock switch.
What app are you using to make app backups? Helium? I don't do full Google backup because I don't pay for extra cloud storage. But I was going to try making the full adb backup and seeing if I can use that and restore my old pixel 3 (once it is transfered to the new 7, just before I wipe it for trade in... At that point it won't matter if the restore doesn't work and it will be nice to test and get the experience for backing up the 7 via adb..
For pics, already using an app that uploads pics to my NAS each night overnight.
Going to give private dns via adguard a try instead of adaway and with that and backup/restore capabilities, I think that will cover my root needs these days.