Should one root the device before installing replicant?
Is rooting the device needed/recommended before installing replicant?
This is because bloatware/firmware/manufacturer data may contain backdoors.
rooting is not mandatory before installing replicant.
However, you should find a way to backup the data you want to keep (SMS/MMS, pictures, etc.).
For the data on an external sdcard, this is easy since you can pull the sdcard during installation and put it back after, but you should check if you want to keep some application data.
You can reboot in download mode or even in recovery on a not-rooted device. Depending on your device, the instructions are described into the dedicated wiki page.
For instance, Galaxy S2 is described on page https://redmine.replicant.us/projects/replicant/wiki/GalaxyS2I9100
Hope this will answer your question.
Thanks for the reply.
I see that rooting is not mandatory but would you recommend rooting to remove bloatware/firmware/manufacturer data for people who are paranoid about privacy?
Example of a backdoor: a topic on this forum https://redmine.replicant.us/boards/33/topics/3921
I would say it depends on you device and the backdoor.
For the Samsung backdoor, the installation of a libre Operating System should be sufficient, as written by Paul in http://code.paulk.fr/article18/the-samsung-galaxy-back-door-was-bullshit-really#c0018-9
This topic is complex with many implications but if you are interested in details, you will find some on this page: https://www.replicant.us/freedom-privacy-security-issues.php
You can't remove anything useful rooting the stock (manufacturer's) android. Once you install the custom recovery: Replicant's, twrp or whatever, you can wipe system (where the ROM is stored), data (apps data) and cache partitions. Be aware that the radio firmware (broadband telephony) is loaded from the "radio" partition, and that firmware is used by both stock android and Replicant. But before installing I recommend to backup some partitions, specially everything with "efs" in the partition name and radio. The efs partition/s hold specific data for your device (can't be copied from a different device of the same model). You should also do a backup of your personal data. More information about backups before installation:
About the backdoor you linked, that's in the Samsung ROMs, not Replicant. The modem chip needs the collaboration of the android system to read some files, and the bug/backdoor allows the modem chip to read files outside of the directories it is supposed to read from (by allowing double dots "../" inside the paths).