Linked by Thom Holwerda on Sat 17th Mar 2012 00:35 UTC
PDAs, Cellphones, Wireless Due to their very nature, custom Android ROMs have root enabled by default. Up until relatively recently, installing custom Android ROMs was a thing geeks did, and as such, this wasn't much of a problem. However, over the past few days, I've found out just how easy installing custom ROMs and modifying them really is (I'm running this one until CyanogenMod 9 is ready for the SII), and it seems like more and more regular users are engaging in the practice as well. Suddenly, having root enabled becomes a security liability.
Thread beginning with comment 510941
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: unknown sources
by stabbyjones on Sat 17th Mar 2012 09:49 UTC in reply to "RE: unknown sources"
stabbyjones
Member since:
2008-04-15

that application would need root access to enable root access so that situation doesn't really hold water.

Reply Parent Score: 2

RE[3]: unknown sources
by Soulbender on Sat 17th Mar 2012 09:51 in reply to "RE[2]: unknown sources"
Soulbender Member since:
2005-08-18

So how does the user get root access to enable root access?
My point is that somewhere there's a means by which to get root access so that you can enable root access. That mechanism could be exploited by rogue apps.

Reply Parent Score: 3

RE[4]: unknown sources
by No it isnt on Sat 17th Mar 2012 11:24 in reply to "RE[3]: unknown sources"
No it isnt Member since:
2005-11-14

Yes, and this is how you get root to install root (su) to begin with. But keep in mind that Android apps run sandboxed.

Reply Parent Score: 4

RE[4]: unknown sources
by patrix on Sat 17th Mar 2012 13:24 in reply to "RE[3]: unknown sources"
patrix Member since:
2006-05-21

You also can't clear all phone data (aka "factory reset") without root access - or any other similar features that work on phones without root..

... Unless that feature is built-in to the room somehow to do exactly that function without needing root. Aka factory reset. So the switch to enable root probably has the same design, ie it's able to allow general root usage or not, and it's built in to the ROM to do just that.

Reply Parent Score: 1

RE[4]: unknown sources
by WereCatf on Sat 17th Mar 2012 15:49 in reply to "RE[3]: unknown sources"
WereCatf Member since:
2006-02-15

So how does the user get root access to enable root access?
My point is that somewhere there's a means by which to get root access so that you can enable root access. That mechanism could be exploited by rogue apps.


The application that does the switching is running as root, it is not an API or library that can just be used by any application installed. Rogue apps cannot just become root through that application unless they find a system security-hole, and if they do they wouldn't need that application anyways.

Reply Parent Score: 4