Immortal Root?

4 years ago, there was a Google+ post talking about the death of root. Though rooting is not as necessary as it was back then, there are still lots of people passionate about gaining the ultimate control of their Android devices.

I’m writing this and hoping to summarize what I know about Android rooting.

What rooting is

From Wikipedia:

Rooting is the process of allowing users of smartphones, tablets and other devices running the Android mobile operating system to attain privileged control (known as root access) over various Android subsystems. As Android uses the Linux kernel, rooting an Android device gives similar access to administrative (superuser) permissions as on Linux or any other Unix-like operating system such as FreeBSD or macOS.

For security reasons, Android devices don’t come with root access available for applications.

More and more root-required features have been gradually integrated into Android.

Why we need rooting

To unlock all potentials of Android devices.

As Android becomes more and more mature, a lot of previously rooting-required features have been integrated into it. However, there are still demands that are not satisfied (and probably will never be).

Removing built-in apps: a 2014 article says over 27.44% users root their phone(s) in order to do so.

As a researcher focusing on mobile, we usually need root access in order to perform our experiments, like running tcpdump to get network traces.

Potential security risks

Although useful to (some) device owners, rooting weakens the security of the operating system. Without rooting, malware has to exploit a system or kernel vulnerability to gain root access, which could be technically challenging. However, on a rooted device, any app can simply ask the user for root access. The security of a rooted device relies solely on the device user regulating root access properly.

Root access management

How we root

Soft rooting

Hard rooting

Temporary rooting

Permanent rooting

Secure booting

SEAndroid

Rooting detection

Samsung KNOX

Attestation

Google SafetyNet

References

Yuru Shao /
Published under (CC) BY-NC-SA in categories Tech  tagged with Android  Rooting