phh in HN comments:

As an author of an old root for Android, and of a modern generic custom ROMs, and other Android OS stuff:

The title is, and forever will be wrong. When we say you’re root in Android, you’re actually root. You can actually do whatever you want [1]. Magisk (the now modern “root” for Android) now includes stuff to even “edit” Java code, so even if it’s hidden deep somewhere, you should still be able to access it. (Even if somehow it moves from Java to native code, we’ll still find ways, don’t worry)

The fact that the author didn’t manage to do it doesn’t mean it’s not possible. I could guess what’s the author issue (I have two ideas in mind: 1. it requires stop;start to restart zygote, because zygote cached CAs, 2. it needs to switch to correct mount namespace before doing the commands), but I won’t try it, I got tired of working on closed-source Android stuff.

More investigation is required and it’s hard to know the full implications of that now, but for the many forks of Android like GrapheneOS & LineageOS, and for advanced device configuration tools like Magisk and its many modules, it probably spells trouble.

I just don’t understand this. GrapheneOS and LineageOS team have full source-code access. They can do whatever they please with it. (The limitation being that Google breaks stuff at an incredible rate, and following is a bit annoying)

Anyway, I hope that Android becoming more and more user-hostile (and more specifically in this case power-user-hostile) will move more and more people to custom ROMs. (In my dreams I make a “OwnerDroid”, an Android fork where the security model doesn’t have the first line saying “the user is an enemy”, but even though I developed some tiny bricks of it, the overall project would take a huge amount of work)

[1] Except for some kernel-level protections, but GKI reduces that risk.

So downvote is the only option

Aww man… Analyzing traffic with PCAP MITM was fun… But it will take a while until apps require Android 14.