By LanceBaynes


2011-05-20 04:42:43 8 Comments

I know there was a discussion previously BUT they didn't talk about security. E.g.: if I root my phone will all my apps run with root permission?

Related: Are there any risks to rooting a device?

3 comments

@Pitto 2011-05-20 07:42:43

The answer is no: not all application will have root permission. Not all the apps require root and the apps requiring root will not have it unless you give them permission to do so. At least that's what I can tell after using z4root and superoneclick to root a few phones. You get a superuser app that will get requests from apps needing the root account and you'll have the option to enable that or not. Risks connected to rooting a device are, more or less, the risks connected to using an administrative user on any kind of Unix-like system.

Ever tried a rm -R (a command to delete all files) on GNU/Linux? It's like putting in the recycle bin your Windows folder and empty it just because you're a root user and you can do it.

Superpowers always involve super responsibilities and super attentions :)

Said that I have to say that in my everyday use (with a little brain turned on) I can't see a real way to get any kind of harm. But if you install strange scripts coming from al quaeda and tons of pirated apps and poor not certified code... Well. Bad things could happen.

Install a recovery and do a nandroid backup. After that play happily with your phone :)

@Lie Ryan 2011-10-22 16:14:19

to be more precise, if you do rm -r, it's more like burning the folder to ash; if you simply put it into the trash can, you will still be able to restore it relatively easily; but if you do rm -r in any unix-like system (including Linux and Android), you may have to do dark voodoo to recover the files and you may not necessarily recover the file intact.

@kyrias 2012-01-22 13:23:40

Don't you mean rm -rf?

@John Sonderson 2014-12-08 21:12:01

The -r flag (also -R for compatibility with some older Unix systems) means recursive, -f means forceful, i.e., you won't get a prompt asking you whether you really want to delete every single file in the (recursive) file and directory list.

@Matthew Read 2011-09-27 15:34:16

The newest versions of SuperUser (3.x) support using a PIN to approve root access for apps. In other words, whenever an app requests root you need to enter your PIN before root access is granted. This is more or less foolproof; no app should be able to get root access on its own or through you clicking the wrong button without it exploiting some bug in SuperUser or the system, and if it's doing that you might be screwed even without root.

@LanceBaynes 2011-09-27 17:48:22

sry for asking, but what the hell is a "superuser 3.x" - is it binded to an Android version?

@Broam 2011-09-27 18:42:18

@LanceBaynes It's a version of the SuperUser application, which comes with its own su binary that screens requests for root access - you must approve the access before the app gets root.

@caw 2012-04-15 21:57:51

How can we be sure that the SuperUser app is not the one that is malicious? (Not refering to a special app, just asking in general.)

@Matthew Read 2012-04-16 17:05:32

@MarcoW. You can't, just like you can't be sure that the binary isn't malicious or that the browser isn't malicious or that every last but of Android is Google trying to steal your secrets :P. If you don't trust your source, don't trust the software you get from that source.

@caw 2012-04-17 13:27:48

This is the problem. The sources for rooted Android are always normal forums with users who made them independently. So how can you be sure to get a non-malicious package? You can't.

@Matthew Read 2012-04-17 19:03:16

@MarcoW SuperUser is released by Chainfire here; coupled with that official release you should be able to analyze any root method and do it yourself, at least if they've made the details available. That really is the crux of security issues, though: You have to trust someone else in order to gain anything from them. Nothing we can do about that.

@Matt H 2011-05-20 08:30:02

If you root your phone, then only the applications that you explicitly grant root access to will have root access. This does make things fairly safe, as that extra step should be enough to make you stop and think "Why does this app need root?".

If you only grant root access to apps that need root for a good reason, are from trusted developers, and which you acquired from a trusted source then you should be ok.

Bear in mind what apps with root access can do though - from a previous answer on the subject:

On a rooted phone, an app which has been granted root access can do pretty much anything that is possible in the hardware. Apps that have root permissions can write on non-read-only storage media (including modifying the bootloader), modify other programs' private data, modify system settings, modify system files, etc. A rooted app can also hide itself from the system, and pretend to be uninstalled while being perfectly well and alive.

I'll let you imagine what the worst-case scenario security implications are for a nefarious app being granted root access on your phone; be careful out there.

Related Questions

Sponsored Content

2 Answered Questions

Can I uninstall security updates for rooting?

1 Answered Questions

[SOLVED] Lost Android Phone data security

6 Answered Questions

[SOLVED] Are there any risks to rooting a device?

  • 2010-09-13 20:53:48
  • Aaronaught
  • 34848 View
  • 138 Score
  • 6 Answer
  • Tags:   rooting

1 Answered Questions

[SOLVED] What are the implications of an old Android version?

1 Answered Questions

[SOLVED] Android rooting security considerations

  • 2016-01-17 10:40:23
  • thomasUJ
  • 189 View
  • 0 Score
  • 1 Answer
  • Tags:   rooting security

1 Answered Questions

[SOLVED] Does Rooting Exploit a Security Weakness?

  • 2012-11-19 21:04:31
  • CatShoes
  • 660 View
  • 8 Score
  • 1 Answer
  • Tags:   rooting

Sponsored Content