Unlocking Bootloader without Rooting Safety (Poco F1)

Hey guys,

I recently unlocked my Xiaomi Pocophone F1 bootloader, but didn't choose to root the device.

A few questions:

  1. I have installed the AOSP Pixel experience ROM and just wanted to check whether it would be dangerous to have CommBank or PayPal on an unlocked bootloader?

  2. Also can my bank account/transactions be hacked through the well known custom rom (Pixel experience OS) although I have 2 phase authentication installed on PayPal and CommBank?

3.Would custom ROMs such as lineage os be safer?

4.Does unlocking the bootloader only pose a risk if the device is physically lost?

Thanks for the help in advance and sorry for dumb questions I'm still a noob haha

Comments

  • +1 vote

    1) How did you install a custom ROM before unlocking the bootloader?
    2) Your bank account can be hacked through any ROM or device. Due to the shoddy nature by which vendors update their ROM's at best every few months, Custom ROM will provide likely more protection provided you maintain the security updates and sourced it from a "reputable" source, like from the group, not from someone's home built fork.
    3) The bigger ones will be safer by nature of having more eyeballs looking through the code
    4) Unlocking the bootloader allows a thief to overwrite the OS for easy resale. If your device is not encrypted, it would also expose your installed apps to misuse, but this applies to the Stock ROM too.

  •  

    Note that Unlocking Bootloader and Rooting are separate things.
    Unlocking the Bootloader allows you to flash non-stock ROM's and system level patches (ie Audio enhancement tools, Adblockers).
    Non-Stock ROM's typically do not come rooted out of the box.

    Rooting allows you to edit the system level files of your ROM (whether it be Stock or Custom).
    Essentially Rooting allows you to get behind the scenes and tinker with stuff you normally wouldn't be allowed to touch.
    Rooting doesn't give everything system level access, but it allows you to approve system level access on an app by app basis.