But on this threat model? Why would it not be good?
It has to physically accessed on the PCB itself from what I gather.
There are 2 “threats” from what I see:
someone at the distribution facility pops it open and has the know how to install malware on it (very very unlikely)
someone breaks into your home unnoticed and has the time to carefully take apart your vacuum and upload pre-prepared malware instead of just sticking an IP camera somewhere. If this actually happens, the owner has much much bigger problems and the vacuum is the least of their worries.
The homeowner is the other person that can access it and it is a big feature in that case.
NO! It’syour device, you should have root! The fact that the manufacturer gives their product owners root is a good thing, not bad!
I will die on this fucking hill.
I agree with you. But granting root straight from adb with 0 auth is not good.
But on this threat model? Why would it not be good?
It has to physically accessed on the PCB itself from what I gather.
There are 2 “threats” from what I see:
someone at the distribution facility pops it open and has the know how to install malware on it (very very unlikely)
someone breaks into your home unnoticed and has the time to carefully take apart your vacuum and upload pre-prepared malware instead of just sticking an IP camera somewhere. If this actually happens, the owner has much much bigger problems and the vacuum is the least of their worries.
The homeowner is the other person that can access it and it is a big feature in that case.