I imagine the quantity is small but there is some percentage of buyers, such as myself, that make sure there is an root exploit available before I buy a phone.
Millions of phones are sold that will never be rooted, and by manufacturers who purposely ensure that exploits to achieve root are patched as soon as they're found.
Always have an obscure old phone with almost no feature (except voice and text). Generally the OS is so minimal that there's little room for an exploit, and by little room I mean that you will not have enough memory to add your rootkit.
This isn't a theoretical concern, there are known-in-the-wild cases of private and state actors using these device exploits to compromise their users on a mass scale. There are many ways to weigh this tradeoff, but just in pure numbers there may be more people with devices that have been compromised without their unforced consent than people who intentionally root them.
IMO better to trust in legal processes like Software Freedom Conservancy's lawsuit mentioned above to legally enforce the ability for users to root them than to intentionally leave users vulnerable to exploitation through their devices.
Here's a counter anecdote to yours: the organization I work in has around 1000 people, I'd say about 30% easily know what 'rooting your phone' means, and at least 5% (probably closer to 10%) do it. Also an international organization here. Your sample group, like mine, is not good enough to come to any conclusions.
Jailbreaking should be compared to "rooting" in android world. And only fraction of users who rooted their phone install CyanogenMod.
What do other users, who rooted their phone? I, for example, installed OpenVPN. I had to have "su" access in order to do that. But I do not plan to install CyanogenMod any time soon simply because of lack of the time.
So... 1 million of Cyanogen users is pretty significant number in fact.
I can believe this, because they do have an interest in preventing any random party from taking over a phone. Unfortunately, there is a large gap between being resistant to exploits, and convincing the world that you're resistant to exploits through open review.
BTW do you mean "rooting" in the longstanding sense of general exploitation, or in the recent narrow sense of the owner of a device obtaining control of it? There's of course an overlap between these two, but insight into the specific business motivation would be interesting.
If it is the former, don't forget that having a rooted phone likely puts you in the minority. Most people don't have the patience or confidence in their technical abilities to root their phones.
I don't think people realize rooted phones are an actual hazard to 99.95% of people who don't care but don't realize their phone is in an unsafe state. The point is to make a rooted phone hard to use so normal people won't screw themselves over because they got a rooted phone from Facebook marketplace and it was full of hidden malware sending all of their bank logins to someone else.
I think it's great this phone has been "rooted" and the protection bypassed.
I think it's sad if a single person buys this phone from T-Mobile/HTC because of this, because it ultimately perpetuates the business model of selling locked down rubbish.
reply