Well, hello. I'm most certainly a noob, although I do have experience with developing for android and using Linux on a PC system. I haven't done any rooting/unrooting/custom-firmware-flashing before, however.
I believe this question to be about Android devices in general and so I'm posting it here instead of a device-specific forum.
The short version of my question is:
Is it possible to install a custom firmware on my phone, but prevent apps installed in it from having root access?
The long version:
Having read about how the Android OS works, I understand that each app installed in a system basically has its own user account, and that's how privileges work: The OS simply doesn't allow this specific user/app to access other apps or hardware.
Unless I'm mistaken, rooting a phone makes all apps run under the same user account: root. Which means that all apps have access to every other app and all hardware on the device.
I found many web pages that explained that this is a security risk as malicious code could then use anything at all on the phone. This makes sense of course, that's why most applications on a Linux system don't run as root.
I understand why rooting the device is necessary to install a custom firmware on it, but what I haven't understood is why the device has to stay rooted afterwards. Isn't installing a custom firmware basically replacing the OS on the device? If so, couldn't I replace it with an OS that doesn't run everything as root but instead runs every app as its own user, like unrooted devices do?
I've searched this website and others for information on this but I haven't been able to find something that answers this question.
I found explanations for why unrooting is needed to install a custom firmware, but they didn't include why the resulting system can't be rooted.
I found guides on how to restore the original firmware on a device, which isn't what I'm looking for, although this process is called "unrooting" (the word seems to be misused here, but maybe that's just me).
I also found guides on how to trick certain applications, which won't run on a rooted device, into thinking that the device isn't rooted. However, the reason I'd prefer my device not to be rooted isn't to trick any applications but for security reasons.
What I'd basically like to do, is install custom firmware but, once that's done, ensure that applications I download from the Market or install directly don't have any more privileges than they've been developed to ask for. Is that not possible? I don't understand why not...
Gaining root access to your phone will not give a single app root privileges, for the most part you will use an app called superuser or supersu to allow or deny any app root access. (Sometimes baked into ROM)
But you have no worries, any app that you download from the market will not have root unless you give it
Sent from my Nexus 4 using xda premium
demkantor said:
Gaining root access to your phone will not give a single app root privileges, for the most part you will use an app called superuser or supersu to allow or deny any app root access. (Sometimes baked into ROM)
But you have no worries, any app that you download from the market will not have root unless you give it
Click to expand...
Click to collapse
Is that so? Thanks. It seems I was wrong at the very beginning of my logical process.
So, if I understand correctly, the lack of security isn't that anything installed has root access, but that it can have root access. Is that right?
Correct, even whatever custom ROM you are running has a built in app for lets say messaging, this will not have root access.
You just bow have the ability to do anything (mostly) to your device, but you don't have to
Sent from my Nexus 4 using xda premium
Related
Is there a way to install an apk as a system app? I want to 'unroot' a device but still run an app that requires root access. I'm unsure of how this can be done, any advise would be very much appreciated!
Thanks
I know that the Z4 root app has an option for temp root functions which goes back to an unrooted state once you reboot.
My guess is that you can run that, place your apk in the appropriate system folder, install the apk from there & then reboot.
But again I'm not to sure if temp root functions work on our G-Tabs & if it does if it's as simple as I explained. Worth a try I guess.
Again I'm assuming that your not already in a permanent root state. If so then you'll have to unroot completely first & then try what I mentioned above.
Unless someone has an easier method?
convert user apps to system apps
nikt said:
Is there a way to install an apk as a system app? I want to 'unroot' a device but still run an app that requires root access. I'm unsure of how this can be done, any advise would be very much appreciated!
Thanks
Click to expand...
Click to collapse
Titanium Backup Pro (paid version 3.8.1 and higher) has a function that allows one to convert user apps-->system apps (as well as system app-->user app ... though this sometimes causes initial FCs, which generally disappear with reboot).
Not sure if the effect will remain after unrooting.
Just to clear up a bit, not because an app its on /system it will have root access. If you want to run an app that needs root, you need root, thats it. You cant unroot and use the app after that.
So, no you cant do that. Its 2 different things installing an app on /system than having root for an app.
pmcnano said:
Just to clear up a bit, not because an app its on /system it will have root access. If you want to run an app that needs root, you need root, thats it. You cant unroot and use the app after that.
So, no you cant do that. Its 2 different things installing an app on /system than having root for an app.
Click to expand...
Click to collapse
So then how do proprietary apps like Sprint Nascar (as an example) run on an unrooted phone?
Why would Sprint Nascar need root permision?
pmcnano said:
Why would Sprint Nascar need root permision?
Click to expand...
Click to collapse
It probably doesn't or it might I have no idea. The op never pointed out which apps he wants to use.
However & this is a big however, as I have no idea which apps require root access, one has to assume that any of the preinstalled apps that come on our G-Tabs do in fact need root access, yet they can run on an unrooted device. Again I could be wrong.
That being said, how does one go about determining which apps require root access?
Thanks for the replies guys. The issue is supporting proxy servers on unrooted devices. There are several proxy apps that require root access as well as a kernel that supports proxy. If the proxy app were installed as a system app, would this have enough rights to access the kernel as required? I don't know enough about this but was led to believe this might work if it was running as system. Same for apps that use CIFS, like mount manager. I guess I'll give it a try and see what happens...!
Like I said, being installed on System doesnt have anything to do with having root or not.
Im 95% sure about what I am saying.
edit: I confirmed it..so 100% sure, if the app needs root, you will need root no matter where the app is installed.
Hi ppl I am running custom Rom unlocked bootloader but all apps that require root are telling me root required anyone know why
from my 3d all warmed up
You need to have superuser and busybox installed. You can get both off the market.
sent from America....F__k yeah!
geordie 34 said:
Hi ppl I am running custom Rom unlocked bootloader but all apps that require root are telling me root required anyone know why
from my 3d all warmed up
Click to expand...
Click to collapse
A common misconceptions it that unlocked=rooted. This is not true. Once the device is unlocked, root access has to be properly configured. The majority of custom ROMs properly configure root access but I'm sure some don't or there are bugs/issues with a few.
Personally, I prefer to troubleshoot root permissions issues at the lower level where I can view the specific permissions.
The easiest way in my opinion, biased of course, is to use my application, Root Checker Pro. I provide a free link to it off XDA (99 cents in the Market...).
If you could post the results up, it'll show which files have the correct/incorrect permissons and allow us to more specifically resolve the issue.
Some general approaches would be to reload Superuser apk from the market, uninstall/reinstall Superuser apk from Android/Market or install the Superuser apk file through a .zip from the custom recovery.
These method should do a mass reset/reconfigure on the permissions and resolve the majority of issues.
Hope that helps!
I'm aware what rooting is and I'm benefiting from it on daily basis on my GT-I9100. However, what exactly happens during the rooting process? As I understand, (often) custom recovery(for example Clockworkmod recovery) is installed, an application for managing programs which might need root access(for example SuperSU) is installed, su utility for switching to root user is installed, but what else happens? Are there some file permissions changed during the rooting process?
All I know is I had to install supersu from playstore after rooting and then downloaded rom manager to get clockworkmod but idea I got was the rooting itself strips security from phone so that you can gain full access that samsung otherwise blocked. I havent looked in depth to see anything that the root itself installed but hey im a newbie with this sort of stuff
Sent from my GT-P3110 using xda app-developers app
m4rtin86 said:
I'm aware what rooting is and I'm benefiting from it on daily basis on my GT-I9100. However, what exactly happens during the rooting process? As I understand, (often) custom recovery(for example Clockworkmod recovery) is installed, an application for managing programs which might need root access(for example SuperSU) is installed, su utility for switching to root user is installed, but what else happens? Are there some file permissions changed during the rooting process?
Click to expand...
Click to collapse
You can install all these great programs from the Play Store that require root, also you have manual access (through file explorer) to your system files like frameworks, stock sounds, built-in apps and more. You can disable the annoying ads in the games, you can backup your app data (like progress in games, so you don't have to start over and over again), you can backup settings, change the system look (icons, sounds etc.) and much more. Otherwise you won't see any interface changes or unlock some hidden options. :laugh: Everything is done through the programs.
^The guy knows what you can do with root, he's asking what the details of the rooting process are.
I don't know either but I think you basically unlock the boot loader, then install SU.
Sent from my LG-P920 using xda app-developers app
LeighR said:
^The guy knows what you can do with root, he's asking what the details of the rooting process are.
I don't know either but I think you basically unlock the boot loader, then install SU.
Sent from my LG-P920 using xda app-developers app
Click to expand...
Click to collapse
Yes, sorry, at second reading I understood him. My bad.
italcrwd are
m4rtin86 said:
I'm aware what rooting is and I'm benefiting from it on daily basis on my GT-I9100. However, what exactly happens during the rooting process? As I understand, (often) custom recovery(for example Clockworkmod recovery) is installed, an application for managing programs which might need root access(for example SuperSU) is installed, su utility for switching to root user is installed, but what else happens? Are there some file permissions changed during the rooting process?
Click to expand...
Click to collapse
At a high level the following changes (and a few more I cant think of) are made to the device:
Access to previously read-only areas of memory are changed to read-write
A binary called busybox is pushed to the handset (the location varies depending on rooting method used)
Busybox is a set to linux like tools compiled spercifically for the CPU of the device (usually ARM)
The SuperUser or other 'Gate Keeper' application is installed to allow and monitor access to the busybox binary (this is optional but is normally done by default and is required for most root apps to function.)
In essence, your original post is almost spot on.
Hello!
I have some basic questions about the security of rooted android devices. I'm running Cyanogenmod 11 actually on my SGS3. Of course I rooted it to install custom Recovery and ROM. So is there any possibility for an App to get Root Access without recognition?
I dont need the Root access anymore, I only wanted to install Cyanogenmod and thats it. What to do to fully unroot Cyanogen?
Another question:
If i have enabled "only install from trusted sources" am I safe? Or could there be sort of drive-by-downloads for example on this site sometimes i get the pop-up "your phone has (13) viruses, click ok ...".
Yeah thats it, I'm a little bit paranoid especially according to my passwords, are they safe!?
Thanks a lot and Greets from Germany!
RedMr said:
I'm running Cyanogenmod 11 actually on my SGS3. Of course I rooted it to install custom Recovery and ROM. So is there any possibility for an App to get Root Access without recognition?
I dont need the Root access anymore, I only wanted to install Cyanogenmod and thats it. What to do to fully unroot Cyanogen?
Click to expand...
Click to collapse
You can't be unrooted and have CyanogenMod installed; that's an oxymoron. You can, of course, be unrooted without CM installed, but you can't have 'em both.
RedMr said:
If i have enabled "only install from trusted sources" am I safe? Or could there be sort of drive-by-downloads for example on this site sometimes i get the pop-up "your phone has (13) viruses, click ok ...".
Click to expand...
Click to collapse
You're safe even without "only install from trusted sources" turned on. Just make sure not to install anything at all that you didn't specifically tell your device to install.
RedMr said:
I'm a little bit paranoid especially according to my passwords, are they safe!?
Click to expand...
Click to collapse
Unless you have an actual trojan or virus installed on your phone, your passwords are perfectly safe.
To check and make sure you're secure, download and install the avast! Mobile Security & Antivirus app from Google Play, and run a device scan.
Is there any possibility for getting installed without recognizing?
Can an app get Root permissions without giving them?
RedMr said:
Is there any possibility for getting installed without recognizing?
Can an app get Root permissions without giving them?
Click to expand...
Click to collapse
If you're not already, you need to use a Super User app like SuperSU (the best one). It allows you to grant/deniy apps root access. If it asks to grant/deny permission to an app that you didn't install or isn't a function of CM, or simply don't want to grant root access, then deny it permission.
EDIT: As Nookie said, you can't accidentally install something even if you allow installations of apps that aren't from "trusted sources". If you do install apps from non "trusted sources", just be smart about it.
Main question at the end of post.
I came across an app that said my device isn't rooted properly, when it is, or I thought it was?
Spyera is the app. For those not familiar, spyera is an app that is used to monitor devices, family members, employees, doesn't matter. Let's assume everyone owns the devices and those using the devices are aware. Not the point of the post.
spyera has a rooted and a non rooted version. The rooted version will not install on my devices. I talked to tech support and they are saying my device isn't a full root. Their software root algorithm says my phone isn't rooted. Basic root checkers and all of my apps requiring root seem to think my root is fine.
I have a few pixel 4xl device's and some samsung s21 ultras that are all rooted with magisk. All other root apps work fine.
This brings up my main question....is magisk a "full" root? Or is it something else?
Spyera tends to be a pretty reliable platform and if their software is saying I'm not rooted, I am curious what could be the reason.
Magisk is "full" root. If an app can't detect Magisk as a root solution it's poorly written.
And yes, that's a shady app... I'd be very careful with giving an app like that complete and full access to a device by giving it superuser permissions (or even install it in the first place). Also, doesn't sound like the company even knowns what they're talking about.
Thanks. And yes, very shady
@Didgeridoohan
Magisk ISN'T ROOT, it's a framework that allows to inject some functionalities into Android ecosystem.
jwoegerbauer said:
@Didgeridoohan
Magisk ISN'T ROOT, it's a framework that allows to inject some functionalities into Android OS.
Click to expand...
Click to collapse
And one of the parts of the Magisk suite of software is MagiskSU that provides root for Android applications... Sure, Magisk is more than "just" root, but when you talk about Magisk and root in the same context, generally it's understood that what you're actually talking about is MagiskSU.
But thanks for clarifying.