Due to their very nature, custom Android ROMs have root enabled by default. Up until relatively recently, installing custom Android ROMs was a thing geeks did, and as such, this wasn’t much of a problem. However, over the past few days, I’ve found out just how easy installing custom ROMs and modifying them really is (I’m running this one until CyanogenMod 9 is ready for the SII), and it seems like more and more regular users are engaging in the practice as well. Suddenly, having root enabled becomes a security liability.
As such, the CyanogenMod team has decided to disable root by default. Fear not, though, as users can easily enable root for ADB, for applications, or both. This means that any CM user will have to explicitly enable root, and as such, will be explicitly aware of the dangers of running with root enabled.
“Shipping root enabled by default to 1000000+ devices was a gaping hole,” the CM team writes, “With these changes we believe we have reached a compromise that allows enthusiasts to keep using root if they so desire but also provide a good level of security to the majority of users.”
This make perfect sense, and sounds like a very good security decision. This will make devices running CyanogenMod 9 a hell of a lot more secure, and with as many users as CM has, that can only be seen as a good thing. It will most likely ruffle some feathers in certain more hardcore Android crowds, but hey, you can’t please everyone.
I know it’s far-fetched, but somewhere, deep down, I’m hoping this is a sign hardware partners may be interested in the successful custom ROM. Can you imagine being able to order the future Galaxy SIII with CM9 as a built-to-order option? The HTC One X shipping with CM9 instead of HTC’s hideous Sense crap?
Hey, a geek can dream.
so long as it’s easy to re-enable it like they said.
I suppose Revolutionary will handle that 😉
http://www.revolutionary.io
IMO, this is the way you do it, and it’s similar to the issue of side-loading and security. Make sure it’s ‘idiot-proof’ out of the box so that people who don’t know any better won’t hurt themselves, but allow those who want to out of the sandbox / walled garden / whatever.
In the case of Android though, any rooting tool I’ve ever seen has the ‘super user’ app built in, so any app that wants root would specifically have to be granted that access by the user.
Sounds similar to the tick box to enable loading apk’s outside the market. Why would anyone think having the option is a bad thing?
I use root apps and adb commands semi regularly but being able to flip a switch for when I want access sounds like a great way to keep root secure.
but…if it’s just a matter of “flipping a switch” what is to prevent a rogue application from flipping that switch?
Am i missing something?
that application would need root access to enable root access so that situation doesn’t really hold water.
So how does the user get root access to enable root access?
My point is that somewhere there’s a means by which to get root access so that you can enable root access. That mechanism could be exploited by rogue apps.
Yes, and this is how you get root to install root (su) to begin with. But keep in mind that Android apps run sandboxed.
You also can’t clear all phone data (aka “factory reset”) without root access – or any other similar features that work on phones without root..
… Unless that feature is built-in to the room somehow to do exactly that function without needing root. Aka factory reset. So the switch to enable root probably has the same design, ie it’s able to allow general root usage or not, and it’s built in to the ROM to do just that.
The application that does the switching is running as root, it is not an API or library that can just be used by any application installed. Rogue apps cannot just become root through that application unless they find a system security-hole, and if they do they wouldn’t need that application anyways.
At some point early in Jailbroken iPhone history (or it is still the case), you could try “ssh root@ip password: alpine” using a custom nmap script and virally take control of all iPhones in the universe. At that time, most were jailbroken (iPhone 1 and 3G).
Having custom roms/mods is cool, but it is also very dangerous.
That said, still waiting for CM9 on my N1!
Where universe is the same wifi network you are on, or the same telco (possibly only the same APN?)
You forgot the “viral” part. Once an iPhone is compromised, it become the Trojan and spread. Nmap is available for iPhone
Does not bother me at all since Cyanogen does not support my phone…. Am I bitter? yes and no… I assumed that the Galaxy S4G was close enough to the original Galaxy S and the Nexus S that it would be supported….Nice education I had on marketing names vs. technology in the phone….Plus, I should have checked the damn supported device list on their site.
Installed CM9 nightly today on my SII. Everything works (save for the known lack of video recording, CM needs kernel source for that), and I haven’t experienced any crashes or bugs. The thing is lightning fast. It’s insane.
It does seem to suck battery faster, but then again, I’m using it more often to play with it, so it probably isn’t going into deep sleep as much as when I was still on GB.
Suffice it to say – fcuk Samsung and stock crap. CM all the way from now on.
I’m stunned that savvy vendors haven’t decided to help CyanogenMod support their old devices.
I mean, most of them are so crap at releasing updated versions of the operating system that Android itself is getting a stigma attached.
Wouldn’t it just make *far* more sense for, say, Samsung to give CyanogenMod a little love, and call them the official “support” team. All of a sudden, Samsung is off the hook, and no longer has to continue supporting older devices.
I’d bet this would not cannibalise sales of new devices anyway (anyone willing and smart enough can root most devices now. Those people aren’t going to be buying a new phone just because the O/S isn’t the newest.
-Ken
Savvy vendors realize that they don’t get a penny from supporting old devices, they only get money for people throwing away their old devices and buying new ones. Will you and 100000 of your closest friends pay $10 each for an OS upgrade? Then it might be worth it to the vendor.
Yes, but they only get money if people actually buy a new phone from the same vender. Offering good support and frequent updates increases the chanses that they keep their customer. Frequent upgrades are often mentioned as a reason for buying iPhone, and Apple isn’t exactly in the red.
And no, I would not mind to pay $10 for the next version of the OS, at least as long as the old version was supported as far as security fixes for a resonable amount of time. However I don’t think $10 would matter much, they could just as well supply it for free, and get happy customers. That would be worth a lot more to them than $10.
However many people flash their phones with new a new ROM, not because the vendor doesn’t provide an upgrade, but because the vendor supplied software is full of bloatware and questionable modifications in order to make the experince unique. Just because you like Samsung or HTC hardware doesn’t necessarily mean that you like Touch Wiz or Sense
Probably won’t happen. The PHBs at the handset vendors are under a (misguided) perception that they differentiate and innovate with their customizations of Android. And the carriers (at least in the US) dictate a lot of what features (and bloatware) are in the phones as well. I also believe they do use the lure of new Android versions to sell new hardware, whether that actually drives those sales or not (benefits both handset makers as well as US carriers looking to keep people on contract).
I have an HTC Incredible. Sense wasn’t that bad, and had a few nice features. But I didn’t realize how much it killed the phone’s performance until I put first a “de-bloated” ROM on it, and later CM7. I miss a few Sense features (camera, SMS app), but enjoy so many others that I donated to the project. CM7 is dizzyingly customizable, and there are always Market^H^H^H^H^H^HGoogle Play apps if necessary. I also probably wouldn’t have Gingerbread on it had I not flashed a custom ROM.
However, you never know what might happen. Didn’t one of the lead CM devs take a job with Samsung?
Edited 2012-03-19 01:05 UTC
I agree with the sense comment.. utterly shocking in recent versions of sense. I have so far however been very impressed with the changes that HTC have incorporated into their ICS versions of Sense on the new range of phones (one). It so far beats the SGS2 for ICS + custom skins…
Having said that I run CM9/AOSPX on my handsets…
technically. does it mean launcher runs as root? or that any app installed now run as root? or only Apps that demand this in their mainfests are launched with escalated priviledges?
so long as by “security vulnerability” you actually mean “removing vendor lock-out”.
Since that’s REALLY what we’re talking about here, the sleazy monopolistic practice of vendor lock-in.
Though at least we’re talking about making it easy enough to re-enable instead of it being the default state… unlike some other phone/pad vendors I could mention who consider it a violation of the EULA to even consider enabling it.
You know EULA’s — using contract law to circumvent real laws or even common sense.
Edited 2012-03-18 15:17 UTC