Tips to secure a rooted device with an unlocked bootloader under LOS

Hello there, my question might be naive but I’ll give it a shot anyway.

So I really like my rooted FP4 under LOS 20, I was wondering what measures I can take to improve the security on my device while remaining rooted with an unlocked bootloader.

So far the only additional steps I’ve taken are:

  • installing AFWall+ securing the app with password
  • asking for fingerprint before granting root access
  • disable USB debugging

That being said, a few things come in mind that I’d like to see handled:

  • LOS doesn’t propose any feature such as wiping or restarting the device after a number of wrong pin attempts, the few apps I’ve seen on F-Droid for that purpose haven’t been updated in 7-8 years
  • if someone had the opportunity to use my phone while unlocked, I can’t see a way to secure the access to Termux app that basically has unrestricted root access

I think I’m aware that a rooted device with an unlocked bootloader will always be at risk, but if there’s anything more I could do to get a bit more of peace of mind, I’d be glad to hear about it.

Depends on the kind of attack you are worried about.

The biggest problem with an unlocked bootloader is that you lose Android Verified Boot, so you just wouldn’t notice malware that embeds itself deep into your system. At that point it doesn’t really matter what protections you have on the surface, if it can just collect all the information it needs in the background, while you are using it.

If you are mostly worried about theft, having a strong PIN/password should keep your data reasonably safe. Since your phone is unlocked, motivated attackers can obviously always pull the partitions and try to brute-force the encryption or wait for a flaw to be discovered. That’s more of a state-level attack though, robbers will probably just wipe and sell it.

If your phone is unlocked, unencrypted data is obviously fair game. Termux doesn’t have full root access by default, if you set it to ask in Magisk it doesn’t.

Personally I try to solve that whole problem by having as little sensitive stuff on the phone as possible, no banking, no ssh-keys, only necessary passwords, etc.

1 Like

Indeed, I just changed that, thanks !

Yeah I have to confess I’m a big fan of Google Pay service, it comes handy to go outside with nothing more on me than my phone and be able to pay easily…

Anyway thanks for the answer :slight_smile:

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.