Knowledge Base

Rooting (Android)

Rooting is the process of allowing users of the Android mobile operating system to attain privileged control (known as root access) over various Android subsystems. As Android is based on a modified version of the Linux kernel, rooting an Android device gives similar access to administrative (superuser) permissions as on Linux or any other Unix-like operating system such as FreeBSD or macOS.

Rooting is often performed with the goal of overcoming limitations that carriers and hardware manufacturers put on some devices. Thus, rooting gives the ability (or permission) to alter or replace system applications and settings, run specialized applications ("apps") that require administrator-level permissions or perform other operations that are otherwise inaccessible to a normal Android user. On some devices, rooting can also facilitate the complete removal and replacement of the device's operating system, usually with a more recent release of its current operating system.

Root access is sometimes compared to jailbreaking devices running the Apple iOS operating system. However, these are different concepts: Jailbreaking is the bypass of several types of Apple prohibitions for the end-user, including modifying the operating system (enforced by a "locked bootloader"), installing non-officially approved (not available on the App Store) applications via sideloading, and granting the user elevated administration-level privileges (rooting). Many vendors such as HTC, Sony, LG, Asus, Xiaomi and Google explicitly provide the ability to unlock devices, and even replace the operating system entirely. Similarly, the ability to sideload applications is typically permissible on Android devices without root permissions. Thus, it is primarily the third aspect of iOS jailbreaking (giving users administrative privileges) that most directly correlates to Android rooting.

Rooting is distinct from SIM unlocking and bootloader unlocking. The former allows removing the SIM lock on a phone, while the latter allows rewriting the phone's boot partition (for example, to install or replace the operating system).

Overview

Rooting lets all user-installed applications run privileged commands typically unavailable to the devices in the stock configuration. Rooting is required for more advanced and potentially dangerous operations including modifying or deleting system files, removing pre-installed applications, and low-level access to the hardware itself (rebooting, controlling status lights, or recalibrating touch inputs.) A typical rooting installation also installs the Superuser application, which supervises applications that are granted root or superuser rights by requesting approval from the user before granting said permissions. A secondary operation, unlocking the device's bootloader verification, is required to remove or replace the installed operating system.

In contrast to iOS jailbreaking, rooting is not needed to run applications distributed outside of the Google Play Store, sometimes called sideloading. The Android OS supports this feature natively in two ways: through the "Unknown sources" option in the Settings menu and through the Android Debug Bridge. However, some US carriers, including AT&T, prevented the installation of applications not on the Play Store in firmware, although several devices are not subject to this rule, including the Samsung Infuse 4G; AT&T lifted the restriction on most devices by the middle of 2011.

As of 2011, the Amazon Kindle Fire defaults to the Amazon Appstore instead of Google Play, though like most other Android devices, Kindle Fire allows sideloading of applications from unknown sources, and the "easy installer" application on the Amazon Appstore makes this easy. Other vendors of Android devices may look to other sources in the future. Access to alternate apps may require rooting but rooting is not always necessary.

Rooting an Android phone lets the owner add, edit or delete system files, which in turn lets them perform various tweaks and use apps that require root access.

Advantages

Advantages of rooting include the possibility for complete control over the appearance, feel, and behaviour of the device. As a superuser has access to the device's system files, all aspects of the operating system can be customized with the only real limitation being the level of coding expertise. Immediately expectable advantages of rooted devices include the following:

  • Support for theming, allowing everything to be visually changed from the color and type of the battery status indicator to the boot animation that appears while the device is booting, the status bar, control menu, virtual on-screen navigation buttons, and more.
  • Full control of the kernel, which, for example, allows overclocking and underclocking the CPU and GPU.
  • Full application control, including the ability to fully back up, restore, or batch-edit applications, or to remove bloatware that comes pre-installed on some phones.
  • Custom automated system-level processes through the use of third-party applications.
  • Ability to install software (such as Xposed, Magisk, SuperSU, BusyBox, etc.) that allows additional levels of control on a rooted device or management of root access.
  • Access to more Unix shell commands, both standalone and through Android Debug Bridge.
  • Ability to bypass restrictions by vendors or Google, such as scoped storage, which compromised file system access and compatibility to established third-party mobile applications such as file managers.
  • Extended task management abilities
    • Ability to terminate misbehaving and/or unresponsive system tasks such as media scanner and camera server manually.
  • Ability to downgrade applications directly, without uninstallation which involves deleting their user data. A downgrade may be desirable after an update breached compatibility and/or removed useful functionality.
  • Ability to control battery charging current, where a technically unnecessary throttling imposed by the operating system while the screen is on can be removed. On the other hand, a current reduction may be desired to extend battery lifespan. APIs may vary per vendor. For example, on Samsung Galaxy devices, this is done by applying a value to the /sys/devices/platform/sec-battery/power_supply/battery/siop_level system file, where 100 represents the highest technically supported charging rate.
  • Ability to limit charging capacity to reduce battery weardown.

Related concepts

Rooting allows the user to obtain privileged access to a phone. It does not allow a user to install a new OS (custom firmware or custom ROM) or recovery image, and it doesn't allow a phone that locked to a certain carrier to be used on another one. Related operations allow these.

Bootloader unlock

Bootloader unlocking is sometimes a first step used to root the device; however, it is not the same as rooting the device. Most devices come with a locked bootloader, which prevents users from installing a new bootloader. The bootloader runs on device start-up and is in charge of loading the operating system on the phone. It is generally in charge of verifying that phone system information hasn't been tampered with and is genuine. Nonetheless, people still perform this operation, as unlocking the bootloader allows users to install custom ROMs.

The first step to do this is to generally to set up OEM unlocking, and then to follow manufacturer-specific instructions. Not all devices can be bootloader unlocked.

The process of unlocking the bootloader might involve a factory reset, erasing all user data, third-party applications, and configuration.

SIM unlock

SIM unlocking allows a phone that is locked to a certain carrier to be used on a different carrier. The instructions vary per device and carrier, but this might be done by first requesting the carrier to unlock the phone or purchasing an unlock code online.

Methods

Some rooting methods involve the use of a command prompt and a development interface called the Android Debug Bridge (also known as ADB), while other methods may use existing vulnerabilities in devices. Due to similarly modeled devices often having a multitude of changes, rooting methods for one device when used for a different variant can result in bricking the device.

"Systemless root" is a variant of rooting in which the underlying device filesystem is not modified. Systemless root uses various techniques to gain root access without modifying the system partition of a device. Some root applications may include a "hiding" function, which makes attempts to mask the effects and results of rooting, often by whitelisting certain applications for the root or blocking access to affected files. Systemless rooting has the advantage of not triggering the software-based version of SafetyNet, an Android feature that works by monitoring changes to system files and is used by applications such as Google Pay to detect whether a device has been tampered with such as by rooting. However, hardware-backed SafetyNet versions may be triggered by systemless rooting, as well as in unrooted devices shipped without Google Mobile Services (GMS).

The distinction between "soft rooting" through a security vulnerability and "hard-rooting" by flashing a su binary executable varies from exploit to exploit, and manufacturer to manufacturer. Soft-rooting requires that a device be vulnerable to privilege escalation, or replacing executable binaries. Hard-rooting is supported by the manufacturer, and it generally only exposed for devices the manufacturer allows. If a phone can be soft-rooted, it is also inherently vulnerable to malware.

Rooting through exploits

The process of rooting varies widely by device but usually includes exploiting one or more security bugs in the firmware of (i.e., in the version of the Android OS installed on) the device. Once an exploit is discovered, a custom recovery image that will skip the digital signature check of firmware updates can be flashed. Then a modified firmware update that typically includes the utilities needed to run apps as root can be installed. For example, the su binary (such as an open-source one paired with the Superuser or SuperSU application) can be copied to a location in the current process' PATH (e.g., /system/xbin/) and granted executable permissions with the chmod command. A third-party supervisor application, like Superuser or SuperSU, can then regulate and log elevated permission requests from other applications. Many guides, tutorials, and automatic processes exist for popular Android devices facilitating a fast and easy rooting process.

The process of rooting a device may be simple or complex, and it even may depend upon serendipity. For example, shortly after the release of the HTC Dream (HTC G1), it was discovered that anything typed using the keyboard was being interpreted as a command in a privileged (root) shell. Although Google quickly released a patch to fix this, a signed image of the old firmware leaked, which gave users the ability to downgrade and use the original exploit to gain root access. Installable apps have managed to unlock immediate root access on some early 2010s Samsung smartphones. This has also been referred to as "one-click rooting".

Rooting through manufacturer

Some manufacturers, including LG, HTC, and Motorola, provide official support for unlocking the bootloader, allowing for rooting without exploiting a vulnerability. However, the support may be limited only to certain phones – for example, LG released its bootloader unlock tool only for certain models of its phones.

The Google Nexus line of devices can have their bootloader unlocked by simply connecting the device to a computer while in bootloader mode and running the Fastboot protocol with the command fastboot OEM unlock. After a warning is accepted, the bootloader is unlocked, so a new system image can be written directly to flash without the need for an exploit.

Difficulties

In the past, many manufacturers have tried to make non-rootable phones with more elaborate protections (like the Droid X), but exploits are usually still found eventually. There may be no root exploit available for new, or outdated phones.

Industry reaction

Until 2010, tablet and smartphone manufacturers, as well as mobile carriers, were mainly unsupportive of third-party firmware development. Manufacturers had expressed concern about improper functioning of devices running unofficial software and related support costs. Moreover, firmware such as OmniROM and CyanogenMod sometimes offer features for which carriers would otherwise charge a premium, such as tethering. Due to that, technical obstacles such as locked bootloaders and restricted access to root permissions have commonly been introduced in many devices. For example, in late December 2011, Barnes & Noble and Amazon.com, Inc. began pushing automatic, over-the-air firmware updates, 1.4.1 to Nook Tablets and 6.2.1 to Kindle Fires, that removed one method to gain root access to the devices. The Nook Tablet 1.4.1 update also removed users' ability to sideload apps from sources other than the official Barnes & Noble app store (without modding).

However, as community-developed software began to grow popular in late 2009 to early 2010, and following a statement by the Copyright Office and Librarian of Congress (US) allowing the use of "jailbroken" mobile devices, manufacturers and carriers have softened their position regarding CyanogenMod and other unofficial firmware distributions. Some manufacturers, including HTC, Samsung, Motorola and Sony Mobile Communications, actively provide support and encourage development.

In 2011, the need to circumvent hardware restrictions to install unofficial firmware lessened as an increasing number of devices shipped with unlocked or unlockable bootloaders, similar to the Nexus series of phones. Device manufacturer HTC has announced that it will support aftermarket software developers by making the bootloaders of all new devices unlockable. However, carriers, such as Verizon Wireless and more recently AT&T, have continuously blocked OEMs from releasing retail devices with unlocked bootloaders, opting instead for "developer edition" devices that are only sold unsubsidized and off-contract. These are similar in practice to Nexus devices, but for a premium and with no contract discounts.

In 2014, Samsung released a security service called Knox, which is a tool that prevents all modifying of system and boot files, and any attempts set an e-fuse to 0x1, permanently voiding the warranty.

Legality

International treaties have influenced the development of laws affecting rooting. The 1996 World Intellectual Property Organization (WIPO) Copyright Treaty requires nations party to the treaties to enact laws against digital rights management (DRM) circumvention. The American implementation is the Digital Millennium Copyright Act (DMCA), which includes a process for establishing exemptions for non-copyright-infringing purposes such as rooting. The 2001 European Copyright Directive implemented the treaty in Europe, requiring member states of the European Union to implement legal protections for technological protection measures. The Copyright Directive includes exceptions to allow breaking those measures for non-copyright-infringing purposes, such as to run alternative software, but member states vary on the implementation of the directive.

Article Copyright Wikipedia - Back to Knowledge Base

Click here for the original article.

trans

Horizon Electronics
7925 Evies Way
Port Richey, FL 34668
727-845-4444

If you would like a quote for an upcoming job, please fill our contact form here:

Nationwide Coverage

Copyright © 2024 - Horizon Electronics