Should I root my Android phone

It is now possible, it but it has not always been. Also, some applications had some limitations at the beginning. With root permissions, and with Link2SD, it is possible to move any application to an SD card.

Preinstalled/system apps (and updates of those apps) still cannot be moved without administrator rights.

As of today, it is less critical to be able to install programs on the SD card, as the internal memory is generally bigger than the memory of the first android phones (dozens of gigabytes of memory compared to a couple), even if some application is getting always bigger in size, the Play Store changed the policies about sizes multiple times.

Before Android 4, there was no way, without root permissions, to update certificates, and after Android 7, managing certificates got more complicated..

I still have an old Android 2.2 device, and if I did not have root permissions, I would be practically unable to visit any website or use any online service. As of today, most websites use HTTPS, and certificates expire and are released continuously.

Actually, some browsers (Firefox and Firefox-based browsers like IceCatMobile or Orfox), bring their own certificates, thus reducing the need to update those system-wide.

In Android, the password saved of the WiFi is normally not visible. Before Android 10 the saved wifi password was not accessible.

One needed to rely on third-party applications like My Wifi Paesswords, which need root permissions for accessing them.

Note that even if it is currently to see the Wi-Fi passwords, it seems not to be possible to enlist them all at once. So root permissions could make the operation of transcribing passwords more convenient.

It is possible to back up some data, but it is not possible to back up private data unless the application we want to back up offers an export or some synchronization functionality.

With root permissions, this is a non-issue. With programs like oandbackup, AppManager, or the much more famous Titanium Backup, it is possible to create an offline backup of all applications (or only a subset) and of theirs settings.

Those backups can also be used for exporting/importing settings from one phone to another (of course some programs might not work correctly).

Without administrative rights, or without a built-in backup functionality integrated into Android directly, there is not much one can do. Without root, as far as I know, the most complete solution is to use adb backup. Since applications need to opt-in to this mechanism (and many do not), it is not that useful.

Currently, it is possible to disable nearly all applications with adb. In previous versions of Android, not even this was possible (I remember a Phone with android 2.2 or 2.1 full of trial programs I could not remove), thus the situation improved dramatically.

Unfortunately, there are still non-essential applications that still cannot be disabled or removed.

It is possible to disable (some) preinstalled/system programs, but programs installed by the user can only be uninstalled from the phone.

With root permission, it is possible to disable installed programs too, without the need to use different users or a work profile as a workaround.

With adb it is possible to disable nearly all applications, but one needs to use a computer.

The interface provided by adb is not as intuitive; it shows the package name and not the application name and/or the icon.

With root, any application can be disabled or removed much more easily.

Currently, manufacturers are obliged to provide updates for a couple of years. This does not mean a phone will get newer android versions, just the security fixes.

But what happens after two years?

Digital waste.

Being able to install alternate ROMs, which can be based on newer android versions, means being able to install newer versions of android, which means having all security fixes too.

I continue to find it disturbing that for normal computers it is possible to be able to update the operating system, no matter what the manufacturers say. On "smart" devices, this is not possible. It is, for the consumer, from an ecological point of view and from a security perspective, a huge step backward.

For those who develop, it is known that ideally release and debug variations of an application should behave the same, but in practice, they might work differently. On Android, it is normally not possible to access the private folder of a release program, while it is for a debug program. Being able to access the private folder provides, to some extent, better debug possibilities for narrowing errors down.

I mostly use Termux which has its own binaries and thus does not need installing busybox system-wide. But from Termux, it is not possible to accomplish some operations, for example, access to adb is restricted.

There were different projects, like Debian Kit or Botbrew Basil, that permitted installing a Linux Distribution inside Android (thanks to chroot).

Granted, I could not find any up-to-date projects. I also think that Termux is normally more than enough, but considering that termux does not officially work with Android 10, some of those projects might get resurrected.

The most common alternative to editing /etc/hosts is using a local VPN. Unfortunately, solutions based on VPN are not as good. Only one VPN at a time can be executed, while it is, generally, possible to add multiple entries to /etc/hosts. A VPN is a separate running program, so it probably consumes more resources, decreases battery duration, etc., etc.

Common use-cases are, at least on PC, server, and other devices where one normally has administrator rights:

There are workarounds for a missing firewall that can be configured by the user, a local VPN would work, but it is generally not as good.

A real firewall would take advantage of the features of the operating system (iptables), and not consume any resources. LineageOS, for example, has an integrated firewall, while a third-party alternative (that requires root) is AFWall+.

There are Battery Tool, SuperFreezZ, Battery Calibrator, Battery Charge Limit and probably many others.

They might not require administrative rights for working correctly, but some functionalities are available only with root permissions or work better with root permissions.

Notice that some devices might already have some advanced tooling for managing batteries.

Those can help to reduce resource usage and increase battery life. Or they might enhance some features, like adjusting the led brightness.

For some reason, on Android, the user cannot control which programs can start automatically.

On a PC, it is completely normal to be able to decide which programs start automatically and those that do not.

Autostarts gives the end-user the control of which program can start on which event, but it requires root permissions.

On some devices, it is not (or at least was not) possible to disable the startup and shutdown sound. With root permissions, it is mostly possible to replace the audio file, or modify some system settings and change the default behavior. As far as I know, on all current devices, it is possible to disable those sounds.

Custom ROMs give (or at least gave) the possibility to change the boot screen/animation.

This is in part fixed by launchers, that do not require root permissions. They make it possible, for example, to change icons on the home screen. But they cannot change the icons and/or colors of the settings menu or the top bar.

Also before Android 10, there has not been a black theme for a long time.

The customization possibilities of Android Stock are still less powerful than those offered by cyanogenmod, which had an app with themes, unfortunately, more recent Android versions of LineageOs seems to be less customizable.

With root and applications like Substratum it is possible to have more powerful theming capabilities.

I like having a restart button, but this is not present on all/most Android devices.

Some devices have the option for enabling such functionality (through the developer options), on other ROMs it is possible, with root permissions, to use an application like Simple Reboot.

Sometimes, apps are marked incompatible just because they weren’t made or tested for a specific device, or because they have some known "minor" bugs, but are otherwise usable.

The phone carrier or manufacturer could also blacklist programs.

With administrator privileges, it is possible to ignore those limitations.

While Android (I guess) always supported tethering, some devices disabled it, because carriers required it.

With Barnacle Wifi Tether it was possible to enable this disabled functionality.

As of today, such a workaround should not be necessary anymore, as tethering has become an accepted practice.

Call recording does, unfortunately, not work reliably. With root permissions or by installing this program as a system app, the chances for this app to work correctly increase.

As already mentioned, devices are not always kept up-to-date by manufacturers, and after a couple of years, not even security updates are released for older devices.

Some applications can take advantage of the fact of being installed as a system application

Change the disk encryption password, as the default has known drawbacks.

A program like LibreTasks or tasker (which do not necessarily require administrative privileges) can help to automate tasks on the smartphone.

Unfortunately, some types of tasks, like changing system settings, must be done manually. Unless one has root access.

Another example would be Peace of Mind+ and PlugOffAirplane, both needs root permissions for switching airplane mode.

It is possible to change DNS settings on Android, but it is cumbersome and error-prone.

It is cumbersome because one has to manually enter it in each network connection (every Wi-Fi connection and the cellular connection).

It is error-prone because for changing the Wi-Fi settings, one has to "Modify network", then toggle on the advanced options and change "IP settings" from DHCP to Static. Thus, one has to manually specify the phone’s IP address and other details.

There are alternatives for non-rooted devices, and those involve using a VPN, which is hardly a good solution but is less error-prone than editing every network by hand.

On rooted phones, it is possible to change only the DNS settings and leave everything else unchanged.

FLAG_SECURE has been introduced in Android 4.2 and is a mechanism that an application can use to tell the operating system that the content it is showing is "confidential".

If one tries to make a screenshot, either the screenshot contains a black screen/window, or the gets a notification that "Taking screenshots isn’t allowed by the app".

Unfortunately, this feature is misused, and the user has no option for overriding it.

Also for confidential content, it happens often that I really want to make a screenshot of it in order to have a quick backup that does not depend on the application. Especially so if the content is important and I cannot lose it, and thus depend on the stability of an application. Chances that an image stops working are much lower, and it is also possible to use on other devices without the need for a separate program.

Of course, with a second device, it is possible to just take a picture.

If the second device happens to be a PC, it is possible with something like scrcpy, to mirror the phone screen on it, and take the screenshot from there, where such limitations are (not yet) implemented.

With root permissions, it is possible to tell the system to ignore such requests, and just take screenshots of everything, as the end user desires.

As far as I know, there is currently no method for disabling such settings for single applications (without patching the application), even with root permissions.

Never Android version limit the access to the file system. For many programs, this is a non-issue.

But for file managers, file editors, viewers, and all those programs (and users) that want to work with files, it is a frustrating limitation.

Thanks to NoStorageRestrict, it is possible to remove this limitation.

With SDRemount, it is possible to access directly with write permission the SD card. The wiki also contains useful information for different Android versions.

Apparently, on some devices, the Mac address is not randomized by default, and it is not possible to change such behavior.

Thanks to MacRandomizationEnabler it is possible to change this setting.

The installation system of Android permits the user to upgrade programs, but not downgrade them.

This can be desirable if a newer version of the application removes some desired functionality, or introduces some bug.

Without root permission, one needs to uninstall the application and install an older version and lose all settings.

Thanks to Let Me Downgrade/https://github.com/GaryOderNichts/SimpleAppDowngrader[SimpleAppDowngrader] and possibly other programs (and root permissions), it is possible to downgrade applications.

Note that the fact that it is possible to downgrade applications does not mean that after the process, the application will work as it worked before. The upgrade process might have changed some settings or data. As a general guideline, a link/#_backups[backup] is a more appropriate solution.

While random mac addresses have their use cases, so have fixed or user-defined mac addresses.

MACsposed gives the possibility to set a well-defined Mac address.

Just the end-user cannot decide which programs are started automatically, it has little to no control over which processes are executed in the background.

A common workaround is to add a notification and hope that Doze and Standby mode won’t interfere with the applications.

What’s worse is that different phone manufacturers might also implement different criteria and policies, making it difficult to ensure consistent behavior on different phones.

DozeOff (and possible other Battery Tools) can help the end user as they give him more control, instead of relying solely on heuristics.

BackgroundRestrictor manages the hidden RUN_IN_BACKGROUND permissions. This helps both to disable programs an end user does not want running in the background all the time and enable programs a user desires.

Wrong PIN Shutdown, as the name implies, shuts down the device after a given number of failed login attempts.

The Android app manager does its job well and has a clean interface, but for some tasks, it is not really great.

For example, some permissions are hidden. Others are accessible from another android menu.

It is also not possible to apply settings to multiple applications, take or restore backups, freeze/disable user-installed applications, view advanced statistics like transmitted and received data, Main activity name, export apk, installation directory, check the manifest, check for trackers, …​

There are alternative programs that can help to accomplish some tasks more easily, some do not require administrative privileges, but then tend to be limited too.

Some managers that can take advantage of root permissions for more advanced features:

I’m unsure when it happened, but Android used to have a task manager.

One could see which applications use most of the available memory and eventually stop them.

While ideally there is no need to kill processes, it is a great thing to be able to verify what is running on the device.

Not only because applications consume battery power and data, but also to assess that everything is working as expected.

Some applications, like WhatsApp, try very hard to be active in the background the whole time.

With root permissions, it is possible to freeze/disable the application, which also stops them, or to use a task manager.

One could use htop from Termux, which might not be very practical.

Otherwise battery related programs and tools for controlling background processes or alternate app managers often offer functionalities expected from a task manager.

Since Android 11(and Android 6 with updated Google Play Services), the operating systems take the liberty to reset application settings.

One can decide to disable such features, but there is no global flag.

Every single application needs to be configured manually.

And I am convinced that this is still not sufficient, as I am pretty sure that some applications lost their configuration even if I set them appropriately.

Maybe like Windows during an update Android resets some settings?

It does not matter that automatically removing permission after some time can increase the security of the device.

If I’ve configured a program in a certain way, I expect it to work so. It does not matter if I use the program once a month or every day.

There are better mechanisms (like disabling applications and controlling startup programs) for managing infrequently used programs.

In particular, silently removing permission does break workflows. For example, a password manager, without the appropriate permissions, will not be invoked. There is no way to read the permission on the fly.

Automated tasks also suffer from it, because without proper permission, they will not even be started.

Periodically having dialogs asking for permissions degrades the usability of the application, and the author of the prorgram cannot do anything about it. For example, taking a quick picture (the app needs access to the camera) or answering a call (the app needs access to the microphone) might be actions we do not do daily, but want to do them quickly; even losing a couple of seconds can be critical.

Even worse, for certain applications, I have not granted some permissions, and they periodically ask me to change the setting (which is very annoying, but another issue). With Android 12, you are expected to periodically give permissions to applications, even those you have already granted; and thus it becomes much easier to give by accident some permissions you did not want to.

TLDR; I have manually configured my device to function in a certain way, but according to some opaque rules, those settings are reverted periodically. This is madness.

Fortunately, thanks to AppManager (with root permissions), it is possible to change the AUTO_REVOKE_PERMISSIONS_IF_UNUSED app-op for multiple application at once.

Click Menu › 1-Click Ops › Set mode for app ops…​ (the Menu is the button ⁝), insert AUTO_REVOKE_PERMISSIONS_IF_UNUSED for app ops and select ignore for mode, click on Search, then apply.

Done. This will change the setting for all listed applications, at once!