Slashdot Mirror
Steve "CyanogenMod" Kondik Contemplates The Death of Root On Android
c0d3g33k writes "Prompted by the addition of new security features in Android 4.3 that limit the effectiveness of elevated privileges, Steve Kondik wonders which uses really require full root. Most common activities that prompt owners to root their devices (backup/restore tools, firewall/DNS resolver management, kernel tuning), could be accomplished without exposing root, argues Kondik, by providing additional APIs and extensions to the user. This would improve security by limiting the exposure of the system to exploits. Reasonable enough, on the face of it. The title of the post, however, suggests that Kondik believes that eventually all useful activities can be designed into the system so the 'dangerous and insecure' abilities provided by root/administrator privileges aren't needed. This kind of top-down thinking seems a bit troubling because it leads to greater control of the system by the developer at the expense of the owner of the device. It's been said that the best tools are those that lend themselves to uses not anticipated by the creator. Reducing or eliminating the ability of the owner to use a device in ways that are unanticipated ultimately reduces its potential power and usefulness. Perhaps that's what is wanted to prevent an owner from using the device in ways that are inconvenient or contrary to an established business model."
stop phone carriers / oems from slowing down updates and force loading software that can't be removed.
also force unlocked sims on all android phones.
All applicable XKCD should just be in tags at top of Slashdot stories.
The issue is that those new APIs and extensions are NEVER provided because the hardware manufacturers and software providers don't want to provide them. Providing deeper access to the software and hardware means you can do more things, including circumvent protections and such. They'd rather make it as hard as possible to do this, and rooting is harder than using a sanctioned app.
In an ideal world, we'd have all the functionality we need straight up and "rooting" wouldn't even exist as a term.
You missed the point--he's saying that root access might one day no longer be necessary, not that it'll become impossible to root an Android device.
Most things which required me to root my phone should be preinstalled
-backup
-firewall
-disable any service *which i do not need*
He's not talking about root going away, he's talking about reducing the need for it, in order to have much of the freedom provided by a rooted phone without the associated security risks. Whether or not root is available is a separate, and orthogonal question, and he clearly never wants to lose the ability to root, just the need.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
There's a certain well known Linux distro that starts with a disabled su command, because root prompts are evil. You can, however, use sudo, to run one command at a time.
Like, for instance, sudo bash.
You can provide a single API to let your user do what he wants. it's called admin access.
Root will be nesessary until the carriers allow us to freely uninstall their bloatware, and other useless/quasi-hostile junk (for me, that means facebook).
The first thing I noticed when upgrading to 4.3 was that my ad-blocker that works by altering the hosts file no longer works. That's one thing I'm sure Google would love to see people stop doing. I'm sure it's fixable with some new SELinux rules, but I haven't looked into it yet.
So the only people who will need it will be the carriers and NSA.
Wi-Fi carriers such as cable and DSL ISPs typically don't provide a subsidized tablet. Nor do cellular carriers outside North America and maybe Japan. So what do "carriers" necessarily have to do with rooting, especially with rooting a Wi-Fi-only device?
Warning: SPAM link in parent.
now we need to go OSS in diesel cars
-remove any app *which i do not want*
now we need to go OSS in diesel cars
also force unlocked sims on all android phones.
How would that work on a CDMA2000 network, which doesn't use a SIM in the first place?
I don't care if I don't root my phone until I can write to the hosts file.
You missed the point--he's saying that root access might one day no longer be necessary, not that it'll become impossible to root an Android device.
Exactly.
The reason people root phones is to get around arbitrary restrictions imposed by the carriers or the manufacturers.
Remove those restrictions, by providing APIs that allow users to do every legal thing, and virtually all reason to root disappear.
When you can remove bloatware, change carriers, bypass carrier restrictions, change the UI, and maybe even change the OS, all without requiring root, what would be the point of rooting?
There will still be those who will root simply because they can. These are the same kids that always ran their Linux machines at root because they were so 133t.
Sig Battery depleted. Reverting to safe mode.
there's an extremely common mistake made which needs to be pointed out: the clue is in the phrase "This kind of top-down thinking". the fundamental assumption is that there is a concept of "more privilege is required than before" to achieve privileged tasks. people imagine that security is hierarchical - that the further towards "the top" you get, the more access you are permitted. this is simply NOT TRUE. the classic example is "root", which is a drastic binary oversimplification which is simply very convenient.
so, people invent new security systems, but they invent them without actual proper thought towards design, and they invent them thinking that this "top down" hierarchical approach is the only way. thus, new APIs have to be invented.
there is another way: it's called SE/Linux (and there's a variant called SE/Android). SE/Linux follows the FLASK model, which basically says that based on the current context, the current application, that a new executable is given a COMPLETELY new security context, where the new privileges have to be explicitly given. the most important implication of this model is: it absolutely does not matter how "powerful" you were in the previous context - the one that fires up the new executable; the new one is literally a completely and utterly separate security context.
to give an example: take a 5 Star General, and send him to a security base. when he gets there, standard security procedure: they take away his passport and all his credentials, and they give him a security pass (a new context). that security pass has a pre-prepared set of restricted corridors and rooms that the 5 Star General can go to. he can go to the conference room, and the bathroom. if he tries to leave without returning the security pass, he has no passport, and no papers.
this incredibly powerful security model - FLASK basically fits on top of an OS *without* interfering with it. it's particularly fascinating because it can watch which programs exec() other programs, and it can watch what APIs those programs use.... *without* needing to actually modify those programs.
basically what i'm saying is that the problem that cyanogen is trying to solve already has a way in which it can be solved, if the SE/Android team haven't already solved it. and that's because, under SE/Linux and SE/Android, you can operate both the normal "root access" system *in parallel* with SE/Linux. all you need to do is create a FLASK security context which restricts access to only those applications that *should* be accessing the restricted APIs. you don't need to modify the applications, nor do anything special to the underlying OS.
Root will be nesessary until the carriers allow us to freely uninstall their bloatware, and other useless/quasi-hostile junk (for me, that means facebook).
Good news! You haven't needed root to do that for a Long Time now. You can just click the "Disable" button in the app's details page, or drag it to the trash can from the apps drawer, and it's disabled. Sure, it's taking up a few MB of space on your system image, but, "oh well." At least, this is certainly true on any Android 4.x device I've owned.
You missed the point--he's saying that root access might one day no longer be necessary, not that it'll become impossible to root an Android device.
Yes, this. You shouldn't root your device "just because you can", which seems to be the mentality some people have. It greatly increases your attack surface for security vulnerabilities. I'm certain that the ability to root will stick around "forever", but for most people having a well thought out API which allows separation of privileges is going to lead to better results.
As an Android developer I can tell you that switching versions on a device is not provided by root access. Root gives you access to all of the system while the phone is running. Getting a different version running requires an unlocked bootloader. For example, on my Nexus devices I first do a "fastboot oem unlock" to unlock the bootloader, then I can use fastboot to send any version of the OS I want to the device. It gets tricky on more locked down devices, but the same basic idea still applies. You need to get past the bootloader to get a different OS running.
Am I the only one irritated by this? It should be Steve "Cyanogen" Kondik, CyanogenMod is the ROM. FFS
I've never had a backup issue because there are apps for that
Some existing "apps for that" require root to backup or restore because they try to back up private data that belongs to another application.
and everything is in the cloud anyway
If you have more than a couple GB of data to back up, cloud backup becomes an expensive recurring fee compared to backing up to local physical media.
What bugs me, is the likes of Twitter and Pandora asking for every privilege under the sun. I'm sticking with a prior version of twitter for that reason.. it will suck when I have to change out phones again. I don't use most games for the same reasons... it's wrong on so many levels. I wish I could remove privileges from installed apps, like you can with facebook "apps" (setting their posts to only visible to you, etc)... at least then you could work around the crap/spyware.
Michael J. Ryan - tracker1.info
It's kind of a moot point. If the system is that badly "infected", you should probably replace the rom anyway.
On my aging Gingerbread phone, I used root to delete the OEM bloatware- Facebook, Amazon, NFL Mobile, etc. A few months later, an OTA update rolled out, and it threw a shit fit because the pre-installed crap was missing. Fortunately I had backups. Now I use Titanium Backup's "freeze" feature to disable (and prevent execution of) apps while still keeping them installed/updated.
One of these days, I'm going to cut you into little pieces.
Check out XPrivacy. Of course, it requires the Xposed Framework to be installed. Which requires root.
Or, of course, the Privacy Guard on the new CyanogenMod 10.1 builds, but which requires CyanogenMod.
Or OpenPDroid, but that requires patching your rom.
It greatly increases your attack surface for security vulnerabilities.
As far as I understand, 'rooting your Android phone' generally allows elevation to root privileges, access to which is handled by an SU-application. That means that if you never allow anything to have root privileges, you face no increased risk at all.
Good news! You haven't needed root to do that for a Long Time now. You can just click the "Disable" button in the app's details page, or drag it to the trash can from the apps drawer, and it's disabled.
Bad news! You can only disable apps that your carrier has decided that they want to allow you to disable.
what hardware? there is NO HARDWARE - thats why its on igg and not kickstarter (rules prevent vaporware)
Who logs in to gdm? Not I, said the duck.
You don't need root to image a new ROM. You need an UNLOCKED BOOTLOADER. Two completely different things.
Don't "buy" your phone subsidized through your carrier? I just bought two Nexus 4's right from Google and switched carriers. No contract _and_ got a 10% discount on my bill each month by bringing my own device.
To be clear I live in Canada, and just switched to Telus.
Good news! You haven't needed root to do that for a Long Time now. You can just click the "Disable" button in the app's details page, or drag it to the trash can from the apps drawer, and it's disabled. Sure, it's taking up a few MB of space on your system image, but, "oh well."
Good news, I just took a dump on your doorstep! Don't worry though, you can just throw your doormat over it. It will still stink, but "oh well"
Or you could try supporting the concept of non-carrier devices by purchasing Nexus devices at "full price".
Good luck doing that in the United States if you happen to live where T-Mobile has poor coverage. CDMA2000 carriers in the United States don't use CSIM.
Perhaps get a Jolla instead?
http://www.jolla.com/
Yeah, I've already pre-ordered mine...
Move along, nothing to see here. https://plus.google.com/100275307499530023476/posts/aYgumDrwA1d
It's not just carrier bloatware. The Galaxy S4 comes with some Samsung junk that can't be disabled either, for example.
You have no idea what you are talking about, do you?
If you expose every single thing that requires root to non-root users, then there is no distinction between root and non-root and so root is unnecessary. Very few people, for example, feel the need to enable root on OS X, but since normal users in the administrator group can sudo with their password there is no need because they can do anything that a root user can.
If, however, you expose some subset of what root can do to normal users, then you are always going to find some users who need to do some of the things that you haven't thought of. In my case, for example, I want to stick a Debian chroot on my Android device for development. This requires the chroot system call, which is only permitted for root users for reasonably good security reasons (it makes various categories of confused deputy attacks easier). I'm sure that other people will find other interesting things to do that require root.
I am TheRaven on Soylent News
It looks like that problem is solved in Android 4.3