I recently got a Google Pixel 8 to use as a lab phone, and one of the first decisions I had to make was what ROM to use and whether I should root the phone or not.
Spoiler alert, I ended up going with LineageOS and I decided to root it.
Here's why:
In terms of the ROM, I decided to move away from the stock ROM for a few main reasons:
1. Google is placing restrictions on side-loading apps from 2026, and will likely increase the restrictions as time goes on
2. Stock has less privacy (especially with Google Play services installed)
3. Stock isn't open source, which feeds into point 2
Custom ROMs also offer a few other things I don't really care about, such as longer support from developers, more customisability, and potentially better battery life.
Of course, there are trade-offs as well, like losing Google Play services unless manually installed, potential issues with payment/banking apps, worse camera processing, the need for manual maintenance, and weaker security (e.g. slower security patches, no verified boot).
Even as a daily driver phone, these trade-offs are fine with me.
Google Play services, payment/banking apps, and camera processing aren't important to me, I either don't need them or I have a separate device (and a physical bank card) for when I do. I'm also comfortable managing maintenance as I already do for my Linux laptop weekly.
The main disadvantage is weaker security; I don't want to wake up and find my phone compromised, but there are measures I can take to minimise the risk:
- Regularly update for the latest security patches
- Make new accounts for as many apps as I can (e.g. Discord, Instagram)
- For anything I can't make a new account for (e.g. my university login) the best thing I can really do is enable two-factor authentication and avoid logging in unless I really need to (which is rare as I almost always log in from my laptop/computer)
The most important thing to me is email, as making a new account and migrating everything to it is going to be tedious and annoying. To solve it, I have made a new email with Proton Mail and set up email-forwarding from my main Gmail account. This way I can simply disable the forwarding if I need to and the Gmail login never touches my phone, plus I can keep using Gmail from my computer. Not a 100% secure solution (the email contents/metadata is still exposed) but it's still a trade-off I'm fine with.
This way, the worst thing that can realistically happen is someone steals my Instagram credentials and sends funny messages to my friends, or reads my emails. My main accounts are mostly secure, and I am happy with this solution.
In terms of the actual ROM, there were 3 main contenders:
- GrapheneOS
- CalyxOS
- LineageOS
They each have their pros and cons, but in short:
- GrapheneOS is a bit too secure and doesn't allow what other ROMs allow, which might disable functionality I need in the future (e.g. can not modify the /etc/hosts file)
- CalyxOS seemed like the best option, but they're currently not releasing new updates for a few more months, so I will reconsider it when the updates are back
- LineageOS seemed like a great balance between privacy while still being able to do what I want on the phone
The main reason I will reconsider Calyx in the future is because it allows some extra security, which will be nice as this will be my daily driver. For example, it allows the use of verified boot which might save me as I want to analyse and reverse engineer malware for future cybersecurity projects.
So after installing LineageOS, I had to choose if I wanted to root the phone. It's philosophically-similar to using Linux instead of Windows on a computer, both of which I use, so this part wasn't too difficult to decide on.
An important thing to note is the root can be reversed whenever I need/want to, so it's not permanent.
The biggest upside of rooting is that it gives apps the ability to request root user (su) to run with elevated privileges and allows me to use some apps that are normally not available. For example, tcpdump requires root to run, and is a very useful command for many network-traffic-related projects I will work on. So it's practically required for many projects I want to work on with this phone.
On top of that, with so much control, I am able to do things like overclock, change what apps are always active & what they have access to, and improve battery life even more. Honestly, I'm not sure if these are too relevant to me, but it's nice to have them there.
Realistically, the only downside of rooting it is the security - it disables verified boot, malicious apps can gain root access, and overall it just leaves me in charge of security instead of doing it automatically.
But as I said earlier, I've taken measures to minimise security risks.
And if I'm being honest, part of me is curious to see what would happen if my phone did get compromised. It'll be a chance to learn from a real incident in a real environment (not yet another CTF challenge), while risking way less than if my computer (and all of the files on there) got hit.
Overall, it's not my most complex or demanding project, but it's one of the more valuable ones as of writing this - it's hands-on, curiosity-driven, and basically necessary for bigger & better projects I will work on in the future.