Vanilla su replacement - Android Q&A, Help & Troubleshooting

Hi everyone!
I'm working on a pretty convoluted project and it needs to have a working su all the time. The device is a Posh Titan HD (SoC is MTK6592) and I used RootGenius which installs the KingUser su app.
What I need is to have su work all the time, in any situation, without any hassle. Currently, KingUser su asks for permission for new apps. I also suspect that it "forgets" the given permissions after some time. Worst of all, even if the app has already been given su access ( by pressing "Always" when the dialog comes up ), when I launch shell commands that involve su, they NEED to have the app be in the foreground process (probably because it wants to show a toast but I'm not completely sure). Also, I don't like KingUser making a popup asking the user if they want to update the app.
So as I mentioned, the app I'm working on is pretty complex and not straightforward. It's a Kiosk-type app that tries to limit user interaction. We own the phones so we can even install a custom ROM on them if needed. What I would need is to have the su working anytime, without any hassle, without any user interaction. Just the possibility to execute anything and everything as root.
Do you have any idea what would be the best way to do this? Even a little help would be greatly appreciated.

Related

Non-Root Apps Asking for Permission?

In the past I read a thread from someone claiming that he had
Appbrain App Market installed on his phone which is a Non-Root app the last time I checked, Well anyways he said that he was Receiving Popups from the app to Grant it Superuser Permissions.
I really Didn't think much about it until now when I Received a Popup of my own, After I Installed whatever Stupid Basketball 3D game from the Market myself...
I checked and it Wasn't a Root app, and it Didn't even show up in the Superuser app Log, even though I Didn't Grant it Permission. I just UnInstalled it as soon as I saw the Popup!
So my Question is...
What the Hells up with that? Is that some type of Virus app or some ****?
Thanx in Advance!
PMGRANDS said:
In the past I read a thread from someone claiming that he had
Appbrain App Market installed on his phone which is a Non-Root app the last time I checked, Well anyways he said that he was Receiving Popups from the app to Grant it Superuser Permissions.
I really Didn't think much about it until now when I Received a Popup of my own, After I Installed whatever Stupid Basketball 3D game from the Market myself...
I checked and it Wasn't a Root app, and it Didn't even show up in the Superuser app Log, even though I Didn't Grant it Permission. I just UnInstalled it as soon as I saw the Popup!
So my Question is...
What the Hells up with that? Is that some type of Virus app or some ****?
Thanx in Advance!
Click to expand...
Click to collapse
i'm not familiar with random apps from the market asking for superuser permission but i am familiar with the superuser app and how the permission structure/process works.
essentially, the superuser.apk file replaces your /system/bin/su binary with its own binary. the superuser custom binary, whenever any user or application executes a command using the su binary (executing a command as root) the superuser su binary redirects to the superuser application then prompting the user to accept or deny the request.
i know i have seen it is possible to spoof these requests, but it was done by a very knowledgable friend and i don't think the spoofing of superuser requests is common place or well known (might have been patched recently too).
without knowing the application's source code that requested superuser access, i personally would not trust the application unless the application stated it would need root access and performed functions which required root access. example, if the application were a game, i don't see any reason it would need superuser access.
once an application has been granted superuser access on an s-off evo 3d, it essentially has write/read access to the majority of the android partitions including the kernel, system, data, cache, etc.
from what you've described, i think you're correct in not granting an unknown application superuser access. as a developer with applications in the market, i would appreciate an email from a user who experienced such a situation and a screenshot attached would be even more helpful. might be worthwhile reaching out to the developer to confirm or ask them to explain.
thanks for posting this information. always good to know. hope some of the information i provided helps!
joeykrim said:
i'm not familiar with random apps from the market asking for superuser permission but i am familiar with the superuser app and how the permission structure/process works.
essentially, the superuser.apk file replaces your /system/bin/su binary with its own binary. the superuser custom binary, whenever any user or application executes a command using the su binary (executing a command as root) the superuser su binary redirects to the superuser application then prompting the user to accept or deny the request.
i know i have seen it is possible to spoof these requests, but it was done by a very knowledgable friend and i don't think the spoofing of superuser requests is common place or well known (might have been patched recently too).
without knowing the application's source code that requested superuser access, i personally would not trust the application unless the application stated it would need root access and performed functions which required root access. example, if the application were a game, i don't see any reason it would need superuser access.
once an application has been granted superuser access on an s-off evo 3d, it essentially has write/read access to the majority of the android partitions including the kernel, system, data, cache, etc.
from what you've described, i think you're correct in not granting an unknown application superuser access. as a developer with applications in the market, i would appreciate an email from a user who experienced such a situation and a screenshot attached would be even more helpful. might be worthwhile reaching out to the developer to confirm or ask them to explain.
thanks for posting this information. always good to know. hope some of the information i provided helps!
Click to expand...
Click to collapse
Yeah man I Never really Experienced a App Requesting Superuser Permission, that Wasn't even a Root App... Just Didn't seem right to me either... A Game Shouldn't need Root Access!!
Thanx for your Reply!
I recently had the same op-ups from Tasker. But since I had been using Tasker even before rooting, I denied the request.
Are there any more precautions we need to take with regards to this.
odyssseus said:
I recently had the same op-ups from Tasker. But since I had been using Tasker even before rooting, I denied the request.
Are there any more precautions we need to take with regards to this.
Click to expand...
Click to collapse
Great question. If anybody else has experience/knowledge feel free to chime in.
Regarding precautions, there are a few basic steps which I think we're all fairly familiar with as being general computer precautions. These are a few which come to mind:
1) Don't load software you don't trust.
2) Always thorougly check the permissions being granted to an application. Example, once you grant an application permission to load at startup, it now has the potential to always be running in the background. Potential bad situation: the application *could* be gathering user/system data and if it has network access, sending this data back.
3) Superuser provides a great basic level of security to protect root access. Without superuser, any application can execute the su binary now running with root priviledges and there will be no required notification to the end user. This could all happen in the background w/o a log, audit trail or notification to the user. Root priviledges, as I mentioned above on an S-OFF EVO 3D will give write access to /system, /data, boot (kernel), recovery, etc. This is potentially very dangerous and important to protect the su binary.
Important to realize, once an application has been granted superuser access, it has the potential to destroy the device or grab extensive system/personal information and send it out. This makes it essential to trust the application.
As with any type of security, there are always ways to bypass. Essentially, these three steps should help avoid the majority of issues.
On a brighter note, there really aren't many Android viruses or malicious applications in circulation. For the most part, people who post on XDA and android application developers/posters in the market have are trustworthy. The comments on Market applications are usually fairly helpful. Might be worth skimming thru a page or 2, maybe 3 or 4 of market comments on a suspicious application or emailing the developer.
I know as a developer I'm more than happy to explain any function or question regarding my applications, especially if it raises a security/privacy concern to a user.
Hope that helps round out some simple precautions!

[Q] How to Change the Active Root Application

So, my ROM comes preloaded with a root app that I've never heard of, and I want to use Superuser (and the Elite I paid for).
The bundled app came with a 'cleanup/uninstall' script, that I ran, that promised to remove itself and it's root-granting abilities.
Now, even though I've got Superuser (Elite) installed, apps are saying I don't have root.
How do I configure Android (or SU) to use SU as my root-granting application?
Thanks.
Fix permission by recovery! It should work

[Q] what exactly happens during the rooting process?

I'm aware what rooting is and I'm benefiting from it on daily basis on my GT-I9100. However, what exactly happens during the rooting process? As I understand, (often) custom recovery(for example Clockworkmod recovery) is installed, an application for managing programs which might need root access(for example SuperSU) is installed, su utility for switching to root user is installed, but what else happens? Are there some file permissions changed during the rooting process?
All I know is I had to install supersu from playstore after rooting and then downloaded rom manager to get clockworkmod but idea I got was the rooting itself strips security from phone so that you can gain full access that samsung otherwise blocked. I havent looked in depth to see anything that the root itself installed but hey im a newbie with this sort of stuff
Sent from my GT-P3110 using xda app-developers app
m4rtin86 said:
I'm aware what rooting is and I'm benefiting from it on daily basis on my GT-I9100. However, what exactly happens during the rooting process? As I understand, (often) custom recovery(for example Clockworkmod recovery) is installed, an application for managing programs which might need root access(for example SuperSU) is installed, su utility for switching to root user is installed, but what else happens? Are there some file permissions changed during the rooting process?
Click to expand...
Click to collapse
You can install all these great programs from the Play Store that require root, also you have manual access (through file explorer) to your system files like frameworks, stock sounds, built-in apps and more. You can disable the annoying ads in the games, you can backup your app data (like progress in games, so you don't have to start over and over again), you can backup settings, change the system look (icons, sounds etc.) and much more. Otherwise you won't see any interface changes or unlock some hidden options. :laugh: Everything is done through the programs.
^The guy knows what you can do with root, he's asking what the details of the rooting process are.
I don't know either but I think you basically unlock the boot loader, then install SU.
Sent from my LG-P920 using xda app-developers app
LeighR said:
^The guy knows what you can do with root, he's asking what the details of the rooting process are.
I don't know either but I think you basically unlock the boot loader, then install SU.
Sent from my LG-P920 using xda app-developers app
Click to expand...
Click to collapse
Yes, sorry, at second reading I understood him. My bad.
italcrwd are
m4rtin86 said:
I'm aware what rooting is and I'm benefiting from it on daily basis on my GT-I9100. However, what exactly happens during the rooting process? As I understand, (often) custom recovery(for example Clockworkmod recovery) is installed, an application for managing programs which might need root access(for example SuperSU) is installed, su utility for switching to root user is installed, but what else happens? Are there some file permissions changed during the rooting process?
Click to expand...
Click to collapse
At a high level the following changes (and a few more I cant think of) are made to the device:
Access to previously read-only areas of memory are changed to read-write
A binary called busybox is pushed to the handset (the location varies depending on rooting method used)
Busybox is a set to linux like tools compiled spercifically for the CPU of the device (usually ARM)
The SuperUser or other 'Gate Keeper' application is installed to allow and monitor access to the busybox binary (this is optional but is normally done by default and is required for most root apps to function.)
In essence, your original post is almost spot on.

[Q]Can an app keep onto its root access after reboot?

Hey guys! I'm new to this community so first of all I want to say hello to you all! Sadly my arrival is mostly based on a possible-problem for me.
So here's the situation:
1- Bad Guy runs an app on Good Guy's phone that asks for root access, this app is malicious and can be used to steal almost everything (like theftspy that was developed by a dev from xda)
2-Bad Guy grants it the access and sets SuperSU to "grant on demand" for this specific app. Then deletes all the logs of all this and removes this app from APPS tab of SuperSU.
3- Good Guy is completely unaware of all these.
4-A few weeks later Good Guy learns that this Bad Guy could have been installed an app on his phone that can steal sensitive information. He performs an Avast Mobile Security scan that returns clean and later performs a complete wipe of his phone and loads a new ROM.
So I'm the Good Guy here I confronted Mr. Bad Guy about it who ultimately denied that, but I got some strong suspicions that he might be lying. Data in the phone was private (mostly business) so even the probability of this being stolen is scary.
Without any further ado my question is: Can this malicious app keep onto its root access after a reboot (can any app do that)? Because if it can not, then even if it starts itself after boot, it'll have to grant root access again which would leave logs and would be seen on SuperSU this time, which neither was there so would mean I am safe. Also is Avast's scan result reliable on this basis?
Thanks to everyone who took their time to read, any help is so much appreciated.
Bump
Well, there are many root apps that run after system startup. It depends on the app that was installed on your phone.
If Mr.Bad removed app from SuperSU and deleted logs, that means the app isn't in use and will no longer do its work. That means, the app is just installed with no harm.
Also there was no need to change your ROM and factory reset. Just by uninstalling the app you'll be done.
Even, you scanned through AntiVirus and didn't found anything.
Stilling data from one phone and sending to other phone must need a medium to transmit data, in your case it must be internet. You could have check in Data Usage in Setting weather there is any anonymous app that is using your data.
Still there is probability, that your personal data must be stolen.
It depends on the duration between 'granted root permission to app and removing app from SuperSU list'
Also you said about 'grant on demand' its similar to 'prompt' was applied to the app in SuperSU.
Have you granted permission anytime? I yes them probably your data is stolen by Me.Bad.
Hope you understand everything
Regards,
hitman-xda
hitman-xda said:
Well, there are many root apps that run after system startup. It depends on the app that was installed on your phone.
If Mr.Bad removed app from SuperSU and deleted logs, that means the app isn't in use and will no longer do its work. That means, the app is just installed with no harm.
Also there was no need to change your ROM and factory reset. Just by uninstalling the app you'll be done.
Even, you scanned through AntiVirus and didn't found anything.
Stilling data from one phone and sending to other phone must need a medium to transmit data, in your case it must be internet. You could have check in Data Usage in Setting weather there is any anonymous app that is using your data.
Still there is probability, that your personal data must be stolen.
It depends on the duration between 'granted root permission to app and removing app from SuperSU list'
Also you said about 'grant on demand' its similar to 'prompt' was applied to the app in SuperSU.
Have you granted permission anytime? I yes them probably your data is stolen by Me.Bad.
Hope you understand everything
Regards,
hitman-xda
Click to expand...
Click to collapse
Thanks for answer hitman!
I haven't granted any app root access. But Mr. Bad could have done it before I got my phone back. After starting to use my phone I rebooted it. I wonder if this app can start running with root access on its own after a reboot. Or should it get granted root access again by the user.
If so, then that'd be like NSA level coding / spying to avoid detection and still run after resetting.
es0tericcha0s said:
If so, then that'd be like NSA level coding / spying to avoid detection and still run after resetting.
Click to expand...
Click to collapse
Resetting as in like restarting your phone right? And not returning to factory state.
remorseful said:
Thanks for answer hitman!
I haven't granted any app root access. But Mr. Bad could have done it before I got my phone back. After starting to use my phone I rebooted it. I wonder if this app can start running with root access on its own after a reboot. Or should it get granted root access again by the user.
Click to expand...
Click to collapse
If the app is setup such that it runs on startup and SuperSU is set as 'prompt' for that app, it must have asked user for granting permission after every reboot.
remorseful said:
Resetting as in like restarting your phone right? And not returning to factory state.
Click to expand...
Click to collapse
Nope dude! Resetting means going back to factory state.
Say, Mr.Bad could have installed an app in your phone that you are unaware of.
Whats more important is the permissions of that app. If it can claim sensitive permissions like access to contacts / messages / sdcard , then he can get that data even when the app doesn't have root access. And if the app has root access, then the damage could have been done already before he deleted the supersu logs. And no, it cannot be granted root access after the logs are deleted automatically on startup.
And Mr.Bad could have installed his malicious app on to system partition in which case u may not be aware of what the app is. And what damage it does. In such case even a factory reset doesn't help.
It is advised to reinstall the rom and protect superuser with some pin / password.
bharat g said:
Say, Mr.Bad could have installed an app in your phone that you are unaware of.
Whats more important is the permissions of that app. If it can claim sensitive permissions like access to contacts / messages / sdcard , then he can get that data even when the app doesn't have root access. And if the app has root access, then the damage could have been done already before he deleted the supersu logs. And no, it cannot be granted root access after the logs are deleted automatically on startup.
And Mr.Bad could have installed his malicious app on to system partition in which case u may not be aware of what the app is. And what damage it does. In such case even a factory reset doesn't help.
It is advised to reinstall the rom and protect superuser with some pin / password.
Click to expand...
Click to collapse
Well I'm mostly scared of screenshots being taken remotely which requires root access.
HA! That's what I wanted to hear! The startup part!
Yeah since resetting won't clear off a possible /system infection I performed a full wipe and installed Cloudy ROM.
Yet I have done it after a few weeks.Still, a possible spy app would need to grant root access again on device start up by me which didn't happen so I assume I'm safe Is there a known way for an app to grant root access without user permission once the device is turned off and turned back on ?
remorseful said:
Well I'm mostly scared of screenshots being taken remotely which requires root access.
HA! That's what I wanted to hear! The startup part!
Yeah since resetting won't clear off a possible /system infection I performed a full wipe and installed Cloudy ROM.
Yet I have done it after a few weeks.Still, a possible spy app would need to grant root access again on device start up by me which didn't happen so I assume I'm safe Is there a known way for an app to grant root access without user permission once the device is turned off and turned back on ?
Click to expand...
Click to collapse
Once an app gets root granted and is in whitelist of superuser management app, then if such app can autostart on boot it can get root granted without user permission.
Eg: Firewall app.
bharat g said:
Once an app gets root granted and is in whitelist of superuser management app, then if such app can autostart on boot it can get root granted without user permission.
Eg: Firewall app.
Click to expand...
Click to collapse
True but if it is whitelisted on the Superuser management app then it is pretty easy to detect since it'll be listed there.
P.S:I assume you mean to be "set to "'grant on demand'" on SuperSU by "being whitelisted".

[Q] Can Malware install silently if I have SU installed?

One thing that I keep reading about android malware, is that it needs to gain root access to do its dirty work.
My android phone is already rooted and I have SuperUser (SU) installed. And whenever an app runs that needs root access (such as titanium backup), SU asks me if I want to grant root to that app.
So, my question is this - can I rest assured that I won't get infected because if for some reason malware makes it into my phone (through one of the many exploits like the MMS/Stagefright thing), I will see it try to run because SU will ask me for permission, and I can simple deny it?
Yes, Lookout security recently discovered a malware that does the exact thing you mentioned.
http://www.xda-developers.com/looko...ed-adware-that-secretly-acquires-root-access/

Categories

Resources