To root or not to root?

[toc]

It’s no secret that many Android users around the world – Ausdroid staff included – root their phones and sometimes change ROMs installed on their devices on quite a regular basis. Given some of the confusion, misinformation and FUD out there, we thought it was time to bring some clarity to the process.

Rooting and ROMing is a process you should only undertake if you understand the risks:

• Bricked phones – This means that something gets broken in the operating system that prevents the phone from booting (it’s a useful as a brick)
• Voiding warranty – Depending on your device manufacturer, modifying your system in this way might not be allowed
• Security issues – You could be leaving yourself open to malicious intent by rooting your device

You should be prepared to accept the consequences of the process failing. Importantly, Ausdroid accepts no responsibility for damage caused to any devices if you go out and give it a try!

What is Root?

“Root access” is normally denied to the user by an Android device in the name of security – for example, the Android Permission System relies on apps running in a limited space where they only receive permission to carry out the operations they’ve specified when you install the app.

By “rooting” your phone or “obtaining root (access)”, you are allowing apps to run as the “root” user – they can gain full administrative privileges, like logging in as an “administrator” on a Windows PC.

This access is granted to all of the apps installed on your device, so it’s important to take precautions against malicious or untrusted apps before you “root” your device, or install a gatekeeper app such as supersu, as you’ll see below.

Protect yourself!

NEVER simply root your phone and leave it!

The “rooting” process brings many risks to data security. If the process you follow does not directly tell you to install a “Super User App” app, then it’s the first thing you should install after you’ve finished.

A Super User App allows you to grant or deny access to root privileges on a per-app basis, so only apps that need root access get it. Popular choices include SuperSU or Superuser, but there’s also a newer Superuser recently released by the developer of ClockworkMod.

Why avoid it?

Once users find out what “root” access is and what it does, some choose not to go ahead. There’s a number of reasons, but here’s the main ones:

The bricking potential

Rooting is potentially risky, although the processes are getting much better and easier to follow but the risk remains there. The ultimate decision of “to root or not to root” lies with you, if something goes wrong and you brick your phone, the problem is yours and yours alone.

Potential security holes

Android runs on a Linux backend, and the “rules” of security that Linux has are constant. When you install an app, it runs in its own little sandbox, and there it stays – unless (on installation) it has requested permission to access some functions of the operating system.

Android Permissions include things like Call state, Network Access and other data, such as GPS location. There’s a stack more that do come up but the fact remains that Android asks your permission for the apps to gain access to this information and data prior to installation — if you don’t allow access, the app doesn’t install.

As you install an app it creates a user account or ID on your phone which allows it to run in its sandbox without bothering you or any of your other apps. When you gain root access to your phone and run any application, you’re bypassing this security and allowing the app to access the data stores of any app running on your device. This could include your address book, phone logs, stored browser passwords, keystrokes, maybe even your banking app… see the problem?

Warranty

Some manufacturers will deem your warranty void if you root your phone. This is fine for some users who might be out of contract, or dealing with an old device that’s no longer in regular user. However, if it’s your daily driver and you need to claim warranty there’s a major hurdle to be overcome.

We’ve previously discussed the question of whether a manufacturer voiding your warranty for rooting a phone is legal in Australia, but if it’s not really a battle you want to find yourself in then you should err on the side of caution.

User error can kill devices

Should I have deleted that file? — That’s really not a question you ever want to be asking yourself on a rooted device; odds are the answer is no. When you root your phone and gain full access to the file system, this includes access to the critical system files that are required for your device to function. Don’t delete anything that you didn’t put on there, and if you’re not sure then leave it alone.

Before you begin, ask yourself “Do I really need root access on this device?” — personally, I’d recommend NOT doing it to other people’s devices unless you’re 100% certain they understand the risks before you do it.

Why do it?

For those that venture deep enough into the ecosystem, Android has a world of excitement hidden behind root access. On the functional side of things, you have a lot more control over your device, such as the ability to automate processes — these things are extremely important to a lot of users.

Data protection is perhaps the best example of a “root advantage”. Titanium Backup, used by the majority of the Ausdroid team, requires root access to run. There’s no way around this, because it accesses the protected data for various apps on your phone, replicates them and back them up either locally (to an SD card), or remotely to Dropbox or other cloud services.

No root, no ROM

While there are a lot of users out there who are happy with the operating system their phone comes with, there are some of us who tire quickly of manufacturers’ customisations – we’re talking about Touchwiz, Motoblur, Sense and Emotion UI, to name but a few.

Some prefer the advanced features provided by a custom ROM such as CyanogenMod, AOKP, Paranoid Android or MIUI. If you don’t root your phone, you most likely can’t install a new ROM on your device.

Of course, if your phone is supplied with an unlocked boot-loader (e.g. a Nexus device, though there are others) then you don’t need to root in order to install a custom ROM, though chances are any custom ROM you install will be pre-rooted for you anyway.

Piracy

After the recent drama surrounding Falcon Pro’s Twitter token issues, Ausdroid spoke to the app’s developer, Joaquim Vergès, at some length about piracy, licensing, and rooted devices. While it’s accepted that many power users root their phones, it’s also pretty common for app pirates to use root as a way of patching their system to bypass some of the securities and protections built into Android.

Joaquim: Personnally, I dont think rooting makes you more of a pirate. All of my phones are rooted so I can switch ROMs when I want to. But it’s true that rooting unlocks some nasty pirating apps.

As time passes, application developers are finding new ways to protect their apps against piracy from rooted and patched users.

To root or not to root?

Ultimately, the decision is yours. It boils down to the risks versus the rewards.

If you decide to go ahead, make sure you do the proper research and ensure you protect yourself from the security issues that rooting opens up.

Above all else, make sure you enjoy Android for what it’s intended to be – an open platform full of choices for the user!

Have you successfully (or unsuccessfully) rooted your device(s)? Share your stories in the comments!

Apps featured in this post:

[app]eu.chainfire.supersu[/app]
[app]com.noshufou.android.su[/app]
[app]com.koushikdutta.superuser[/app]
[app]com.keramidas.TitaniumBackup[/app]