> 99% of the time nobody [...] needs root on their phone

Do you also not have root on your laptops or desktops? I don't get why it's so different. I don't just want to open TikTok and Instagram, I want to use my phone computer as a computer. I assumed HN folks would get it.

I would choose something as locked down as GrapheneOS for its security if I was going to use it to install random apps left and right and give them root or run JavaScript from random sites on a browser I gave root to.

Anyway, not having root seems like a very weird way to harden security. What about compartmentalization?

And what's wrong with my my terminal app having root sometimes? How is shadycryptonews.xyz/exploit.js going to leverage it? How would even the Official Authoritarian Police State app leverage it?

I probably don't get it, but it's like people see 2 extremes - run nothing ever in root or run everything in root all the time.

I want to run like 5-6 apps I trust.

Maybe if I wanted to secure a billion dollars worth of Bitcoin, I would be OK with a separate phone without root, but then again I would likely use a hardware wallet. What's the threat model for someone who doesn't blindly give apps root or do anything stupid, really?

You need root to get around all the stuff that Google won't let you do. There's tons of examples I've encountered over the last 20 years, but the one I encountered most recently is that without root, when I plug in an external display to my phone, I can't actually make the phone display go off. So it sits there powering the external display and its own display (that I'm not using) because of permissions.