I am surprised that Google spends so much time tackling custom ROMs via it’s Play Integrity API. If only they paid that much attention to say, curating the Play Store more, it had be much better for everyone
I think the main reason third-party ROMs aren’t more popular is that Google and certain app developers fuck with people who use them. The article addresses the difficulties later on, but comes up short in my view on just how much of a hassle it is for someone who isn’t a tech enthusiast who wants, for example to keep an older phone up to date for security reasons.
I think the main motivation for Google is limiting user control over the experience. More user control leads to unprofitable behaviors like blocking ads and tracking, which is also the motivation for recent changes to the Chrome web browser that make content blocking extensions less effective. In all cases, companies that try to take away user control claim the motivation is security, usually for the benefit of the user.
Got so tired of google pay breaking on crdroid that I got a credit card just to use my watch instead.
Still rocking a op7 pro on android 14.
There should be some safety net bypass hacks for magisk
There are different types of workaround but every single one of them is playing same cat and mouse game with Google. It works for a while, then it doesn’t, workaround is updated, it works, then it doesn’t, rinse and repeat.
I’m using a custom ROM but it’s so fucking tiring if I want to keep Google Wallet working. Fucking Google.
I just keep my credit card with me at all times. It doesn’t occupy much space, and google pay can go pound sand.
Custom ROM gang :)
I do that too, simply because I’m always carrying around my wallet anyway. But sometimes using my phone is handy (heh). It’s just that the constantly changing state or it working and not working makes it so that I can’t trust it to work, so I use it less.
I know the pain. Before I found a very obscure device fingerprint I could do a little spoofing with, I basically had to search the web like once a month for something that would let me bypass PIAPI again. It was exhausting.
Ironically enough soon after I found that obscure fingerprint I switched to paying with my credit card instead of my phone since my banking app couldn’t let me turn on contactless payments with my phone for whatever reason.
Not rooted, nor do I want to be.
Now I have an excuse to buy one of those gold plated credit cards!
“This is why I <lukewarm take> in <current year>”
Didn’t read the article, but I hate this style of headlines with a passion. Using custom ROMs isn’t even something controversial, yet they go out of their way to make it sound like they’re breaking some social taboo or something. Why not a simple and concise title like “Advantages of custom ROMs” or “Consider installing a custom ROM”. It sounds like a meme speech pattern straight out of 4chan, except they’re using it with zero self awareness or irony. How about an actual hot take: journos who write like this are pretentious pricks that deserve to get replaced by chatgpt.
You slammed his article with your reasoning.
Slammed/slams is my absolute least favorite headline trend of the past decade. So trash.
Randomgal BLASTS the article by pointing out that renzev SLAMMED it with reasoning
for some reason rooting is a hot take.
A lot of people in the reddit rooting subreddits telling others not to root anymore.
The Play Integrity API is less about security and more about Google asserting their monopoly.
They do not want truly open source Android platforms to gain popularity, because there would be a high chance people would want ad blocking, which is a direct threat to their profit margins.
I hope EU takes regulative action to force Google to allow GrapheneOS, LineageOS etc. to be able to run the same apps without issues.
God I hope so.
Magisk can bypass most of those issues. Might as well root if you’re using a custom rom.
Magisk is a godsend. I just wish you could add a password protection to the bootloader and the recovery rom (like the TWRP). That is the one downside to unlock your bootloader. And you can’t like unlock when you need and relock it because to unlock it erases everything. I know that is one more dark pattern from Google to make you keep your phone locked. If they cared about security they would enable a way to put a password to the bootloader
Some of us like to tinker. We really get satisfaction of having a weird niche filled and even if it comes at the cost of stability and other issues. Heck my Custom Roms used to be more up to date with security updates than phones that were older than one year.
I could use kernels that undervolts my processor to give me better battery life. It allowed features that even 5 years ago were on the custom ROM scene still very absent from modern phones.
But the most important part for me was learning, discovering. If I tried a new ROM I would spend hours going through certain roms settings. If there is a glitch, learn how to diagnose and try to fix it, or learn to send a logcat to the developer.
It was like a fun hobby. I learned how to fix some of my old phones, like screen replacement, and learned how to cure uv reactive glue. So many other things and I was just a noob.
But it gave freedom. I understand iPhone and the other high brands are easy to use, have gimmicky features and all, but dammit I have freedom to have my weird niche phone, with multiple breaking features and I loved it because it just worked.
If Google truly did hold security as its main concern, it would have opened the play Store, yet we know now they only wish to protect their monopoly
This is a very complex topic that is very hard to draw the line on.
As a technical person who follows hacking and security news i can understand google introduced the api and warnings, as phones are getting hacked and unlocked bootloader or root can be abused to keep your malware going, and has been abused in the past.But as a user of fairphone/lineageOS, who tells google, apple, meta, … all of them to fuck off when i can, this scares me. The lockdown of devices can and is going too far. Hell, i even consider samsung’s android ui changes to be going too far, as it changes a shit ton of stuff and really is not a stock android experience. It locks users in their environment…
I find it funny that Google and some banks are so worried about security on Android that I have to have up to date system, app and can’t be custom ROM, can’t be rooted and whatnot. And then they’ll allow you to login to their bank from Internet Explorer on XP or some shit.
Can you cite examples of rooted smartphones leading to significant data breaches or financial losses? When the topic comes up, I always see hypotheticals, never examples of it actually happening.
It seems to me a good middle ground would be to make it reasonably easy (i.e. a magic button combination at boot followed by dire warnings and maybe manually typing in a couple dozen characters from a key signature) for users to add keys so that they can have a verified OS of their choice. Of course, there’s very little profit motive to do such a thing.
Pre-locked bootloader times ive had multiple android devices be passed to me that were malware infected that changed the rom in a way that even a factory reset would not remove the malware. Locked bootloaders made it so the rom needed to be signed and unaltered on boot, fixing this. Root access also means apps can use and access api’s in android that it normally cant, changing settings and things inside android it shouldnt. What do you think happens when malware comes in? :p
Imo, i agree what you said. bootloaders should remain locked but you should be able to somehow, in the bootloader, be able to add the os’ signature/keys to the bootloader’s trusted stuff like how secure boot on a pc keeps os signing keys and verification stuff inside the tpm.
This way you can install lineage os for example, tell bootloader to trust it, and lock bootloader again so nothing can be changed anymore.
I wouldnt take this from user input, as that is controlable by malware, but rather come from the OS itself. Maybe even during installation, idk
Stock android experience is the exception, not the norm, sadly. Some manufactures like Motorola or HMD have a light touch and close to stock but other ones don’t. The worst offenders are Chinese brands who twist it so much and without much benefit(Atleast, Samsung’s ONE UI is customizable as heck, can’t say the same for Realme’s).
I used custom roms for many years, but I now use my phone to pay almost everything, and I need my banking apps. magisk hide is unreliable do I won’t be rooting my phone again I think
Same. Those features are more important than anything I get by rooting.
Honestly I don’t even need root for anything. Adblock runs through a fake VPN app. My Pixel used to have a green screen tint, but Google fixed that at the OS level, so I don’t need to have an app for that any more.
Care to share the name of the spoofed app?
There’s also NetGuard and rethink that spoof VPN connections to filter traffic. I use the latter to block all outgoing apps except for the ones I allow.
https://f-droid.org/app/org.jak_linux.dns66
Looks like it hasn’t been updated in a while, but it still works.
Thanks!
- If you’re happy, just continue and ignore this comment
- you can try kernel-based root apps such as apatch (my recommendation) or KernelSU
I’m still using LOS and still fight with google over Play integrity from time to time. there’s a fairly new patch that spoofs the fingerprint of the phone and fixes the issue entirely for me (play integrity fix by chiteroman) as long as it’s updated, my gPay still works. I prefer using custom OS because it’s much more customizable and has little to no bloatware. any unwanted apps can be removed. I can route my VPN to my WiFi hotspot, in order to get full speed tethering. (I’m a T-Mobile user and they throttle) I have a system-wide ad-blocker that uses the hosts file. I have the ability to allow root to only some apps, and deny it to others.
To me, its worth doing. I have no internet at my house, so I primarily use this to get online. The stock T-Mobile firmware is laggy and loaded up with their apps you can’t delete. You’ll get the “3g speeds” hotspot and their annoying branding on everything.
Going back to that would really suck!
If the day comes when LineageOS (with microG) becomes unusable for me, I will just switch to iPhone. I hate Apple, and I’ve been using custom ROMs since Cyanogen in 2010, but there’s no way I would raw-dog a Google device.
Luckily there’s GrapheneOS for the Pixels. I’m thinking about buying a refurbished Pixel since my Poco X3 Pro with Lineage OS is having ghost touch issues. The only thing holding me back is less screen real estate.
I would probably switch to Huawei os device. No Google by design.
In fact - I might in either case, there is just too much shitty things Google does to android.
I don’t think they do it actively. There’s just not a big enough issue for them in custom ROMs to even bother doing something about it.
Rather, they got other issues to tackle and custom ROMs are so off their radar, they get swept up simply because nobody cares (either way) to check.
Google doesn’t want distributions of open source Android without Google services to be a viable option for mainstream users because that would reduce their ability to extract profits from the Android ecosystem.
While the focus is surely more on OEMs than end users at this point, I’m sure Google wants to keep the difficulty level for end users high enough that it remains niche.
I’m sure Google wants to keep the difficulty level for end users high enough that it remains niche.
I really do not think they need to. We tech communities massively overestimate the desire and even contextual awareness (and desire to have such awareness) of regular users to engage with these topics.
Keep in mind that the vast majority of Firefox users - a browser inherently more used by tech-savvy people! - have 0 addons installed. And probably 0 desire to change this. Or to even waste thought seconds on considering whether to change it.
To users, smartphones are tools. Like hammers. If it stops being a useful hammer, do you take the head off and re-forge it? No, you buy a different hammer that does what you need it to do.
Maybe, but the archetypal non-technical user, my mother does want to run a third-party ROM. Her phone is out of its official support period, and she knows that security updates are important and would like a way to get them. Most people, at least in wealthy countries do have a technical person in their lives they can ask things like that. She doesn’t want to buy a new phone because it would be too big and lack a headphone jack, a position I share.
I had to recommend against running what I run (LineageOS, Magisk, Play Integrity Fix). Without PIF, too many apps will refuse to run on LineageOS. She doesn’t need root for much else (maybe adblocking) and doesn’t have the knowledge to make good decisions about whether to grant root permissions to an app that asks (Magisk doesn’t have an allowlist-only mode, but it should). Finally, keeping root through an update is fussy. It’s not hard, but it’s an extra step that has to be done in the right order every week or two.
Unlike Firefox in 2024, a third-party Android build that’s easy enough to install and isn’t sabotaged by Safetynet would something many non-technical users care about: an extended useful life for their devices.
Hammers are cheap and don’t have my sissy pics in them while reporting to a company that spies on people.
There will be a big enough issue if people start saying how they’ve got theirs with no issues. The primary motivation for people not bothering with Linux is because Windows “just works” and Linux presumably was work. If degoogling stopped being work, then more would do it.
Linux has become extreme easy mode as well as a polished non intrusive experience and people are really drawn by that!
via its* Play Integrity API
I moved to Android for the 1st time ever in 2020 from an iPhone 6s.
The device I decided to go with is a Poco F2 Pro which lost official support years ago, it has decent hardware and even the battery still holds up (with a good custom ROM, I still achieve 8 hrs of SOT).
It just took me about a year, or perhaps less to move to the custom ROM scene, and for me I can’t ever go back to stock Android ever, even when it is a big step regarding iOS features (except for LS customization) the amount of stuff you can do with rooted android device is no joke.
My only regret is that I was never in the prime days of rooting… At least Telegram communities are super active, not that it is better… But personally I prefer it to discord lol.
I was in the prime days of jailbreaking though, too bad that they seem to be doing worse nowadays.
It’s true what you say, the golden days of rooting are over. I rooted my phone just so I could set a battery charge limit, but a recent update for the ROM I’m using (/e/ os) added that feature natively lol. Pretty much the only thing you can do nowadays with root is install tweaks that hide the fact that you have root from other apps lol.
Pretty much the only thing you can do nowadays with root is install tweaks that hide the fact that you have root from other apps lol.
While it is true that you can install those modules to hide it, I wouldn’t say they are the only reason to stick rooting lol, a lot of apps work way better with root permissions, Battery Guru, FKM and AdAway are 3 good examples that I can think of right away.
The cat and mouse game is especially why I no longer root my phone. Ain’t nobody got time for dis.
I’m just gonna get a Huawei phone to punish Google for this
