Would you care to put any weight behind your accusation?
The main issue I’m trying to expose is that any custom distribution by an OEM can implement any app/service the way they want. The android source code is available, any access and permission can be obtained depending on how you implement it in the source code. You can even weaken the security if you want. Any distribution by these OEMs is a secret sauce, you have no way of knowing what shenanigans they are pulling on your phone.
So yes, they can get root access if that’s what they want.
This is not to say they do. I’m just saying we have no way of knowing how things are implemented and hence why open source is so fundamental to security.
Edit: I concede that the strict definition of what considers a system app does not provide with these accesses. I’m saying any custom distribution with built in apps may have been customized to allow for these things to happen. Perhaps this is where we may have misunderstood each other.
No package in Android has the ability to bypass app permission system (introduced with 4.4 KitKat), unless there is an expensive or undiscovered 0day (that allows Pegasus to work), or some malicious “Administrator” user installed onto device allowing to accomplish this. This covers both system and userspace packages. GMS is no different. There exists no evidence to what you claim.
Any distribution by these OEMs is a secret sauce, you have no way of knowing what shenanigans they are pulling on your phone.
Would you care to put your weight behind your claims? If I have to spot a half knowledge person, I just need to spot anyone cheering about GrapheneOS being some kind of revolutionary AOSP fork.
Android, including its OEM and AOSP forks, is fairly very deterministic and not some Madagascar jungle with man-eating plants and magical evil vines.
Just stop blabbering these buzzword phrases “opensource=security” “grapheneos gud” to fuel your confirmation biases.
Would you care to put any weight behind your accusation?
The main issue I’m trying to expose is that any custom distribution by an OEM can implement any app/service the way they want. The android source code is available, any access and permission can be obtained depending on how you implement it in the source code. You can even weaken the security if you want. Any distribution by these OEMs is a secret sauce, you have no way of knowing what shenanigans they are pulling on your phone.
So yes, they can get root access if that’s what they want.
This is not to say they do. I’m just saying we have no way of knowing how things are implemented and hence why open source is so fundamental to security.
Edit: I concede that the strict definition of what considers a system app does not provide with these accesses. I’m saying any custom distribution with built in apps may have been customized to allow for these things to happen. Perhaps this is where we may have misunderstood each other.
No package in Android has the ability to bypass app permission system (introduced with 4.4 KitKat), unless there is an expensive or undiscovered 0day (that allows Pegasus to work), or some malicious “Administrator” user installed onto device allowing to accomplish this. This covers both system and userspace packages. GMS is no different. There exists no evidence to what you claim.
Would you care to put your weight behind your claims? If I have to spot a half knowledge person, I just need to spot anyone cheering about GrapheneOS being some kind of revolutionary AOSP fork.
Android, including its OEM and AOSP forks, is fairly very deterministic and not some Madagascar jungle with man-eating plants and magical evil vines.
Just stop blabbering these buzzword phrases “opensource=security” “grapheneos gud” to fuel your confirmation biases.