Slashdot Mirror
Steve "CyanogenMod" Kondik Contemplates The Death of Root On Android
c0d3g33k writes "Prompted by the addition of new security features in Android 4.3 that limit the effectiveness of elevated privileges, Steve Kondik wonders which uses really require full root. Most common activities that prompt owners to root their devices (backup/restore tools, firewall/DNS resolver management, kernel tuning), could be accomplished without exposing root, argues Kondik, by providing additional APIs and extensions to the user. This would improve security by limiting the exposure of the system to exploits. Reasonable enough, on the face of it. The title of the post, however, suggests that Kondik believes that eventually all useful activities can be designed into the system so the 'dangerous and insecure' abilities provided by root/administrator privileges aren't needed. This kind of top-down thinking seems a bit troubling because it leads to greater control of the system by the developer at the expense of the owner of the device. It's been said that the best tools are those that lend themselves to uses not anticipated by the creator. Reducing or eliminating the ability of the owner to use a device in ways that are unanticipated ultimately reduces its potential power and usefulness. Perhaps that's what is wanted to prevent an owner from using the device in ways that are inconvenient or contrary to an established business model."
All applicable XKCD should just be in tags at top of Slashdot stories.
The issue is that those new APIs and extensions are NEVER provided because the hardware manufacturers and software providers don't want to provide them. Providing deeper access to the software and hardware means you can do more things, including circumvent protections and such. They'd rather make it as hard as possible to do this, and rooting is harder than using a sanctioned app.
In an ideal world, we'd have all the functionality we need straight up and "rooting" wouldn't even exist as a term.
You missed the point--he's saying that root access might one day no longer be necessary, not that it'll become impossible to root an Android device.
Most things which required me to root my phone should be preinstalled
-backup
-firewall
-disable any service *which i do not need*
He's not talking about root going away, he's talking about reducing the need for it, in order to have much of the freedom provided by a rooted phone without the associated security risks. Whether or not root is available is a separate, and orthogonal question, and he clearly never wants to lose the ability to root, just the need.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Root will be nesessary until the carriers allow us to freely uninstall their bloatware, and other useless/quasi-hostile junk (for me, that means facebook).
So the only people who will need it will be the carriers and NSA.
Wi-Fi carriers such as cable and DSL ISPs typically don't provide a subsidized tablet. Nor do cellular carriers outside North America and maybe Japan. So what do "carriers" necessarily have to do with rooting, especially with rooting a Wi-Fi-only device?
-remove any app *which i do not want*
now we need to go OSS in diesel cars
I don't care if I don't root my phone until I can write to the hosts file.
You missed the point--he's saying that root access might one day no longer be necessary, not that it'll become impossible to root an Android device.
Exactly.
The reason people root phones is to get around arbitrary restrictions imposed by the carriers or the manufacturers.
Remove those restrictions, by providing APIs that allow users to do every legal thing, and virtually all reason to root disappear.
When you can remove bloatware, change carriers, bypass carrier restrictions, change the UI, and maybe even change the OS, all without requiring root, what would be the point of rooting?
There will still be those who will root simply because they can. These are the same kids that always ran their Linux machines at root because they were so 133t.
Sig Battery depleted. Reverting to safe mode.
there's an extremely common mistake made which needs to be pointed out: the clue is in the phrase "This kind of top-down thinking". the fundamental assumption is that there is a concept of "more privilege is required than before" to achieve privileged tasks. people imagine that security is hierarchical - that the further towards "the top" you get, the more access you are permitted. this is simply NOT TRUE. the classic example is "root", which is a drastic binary oversimplification which is simply very convenient.
so, people invent new security systems, but they invent them without actual proper thought towards design, and they invent them thinking that this "top down" hierarchical approach is the only way. thus, new APIs have to be invented.
there is another way: it's called SE/Linux (and there's a variant called SE/Android). SE/Linux follows the FLASK model, which basically says that based on the current context, the current application, that a new executable is given a COMPLETELY new security context, where the new privileges have to be explicitly given. the most important implication of this model is: it absolutely does not matter how "powerful" you were in the previous context - the one that fires up the new executable; the new one is literally a completely and utterly separate security context.
to give an example: take a 5 Star General, and send him to a security base. when he gets there, standard security procedure: they take away his passport and all his credentials, and they give him a security pass (a new context). that security pass has a pre-prepared set of restricted corridors and rooms that the 5 Star General can go to. he can go to the conference room, and the bathroom. if he tries to leave without returning the security pass, he has no passport, and no papers.
this incredibly powerful security model - FLASK basically fits on top of an OS *without* interfering with it. it's particularly fascinating because it can watch which programs exec() other programs, and it can watch what APIs those programs use.... *without* needing to actually modify those programs.
basically what i'm saying is that the problem that cyanogen is trying to solve already has a way in which it can be solved, if the SE/Android team haven't already solved it. and that's because, under SE/Linux and SE/Android, you can operate both the normal "root access" system *in parallel* with SE/Linux. all you need to do is create a FLASK security context which restricts access to only those applications that *should* be accessing the restricted APIs. you don't need to modify the applications, nor do anything special to the underlying OS.
You missed the point--he's saying that root access might one day no longer be necessary, not that it'll become impossible to root an Android device.
Yes, this. You shouldn't root your device "just because you can", which seems to be the mentality some people have. It greatly increases your attack surface for security vulnerabilities. I'm certain that the ability to root will stick around "forever", but for most people having a well thought out API which allows separation of privileges is going to lead to better results.
Good news! You haven't needed root to do that for a Long Time now. You can just click the "Disable" button in the app's details page, or drag it to the trash can from the apps drawer, and it's disabled.
Bad news! You can only disable apps that your carrier has decided that they want to allow you to disable.
You don't need root to image a new ROM. You need an UNLOCKED BOOTLOADER. Two completely different things.
Good news! You haven't needed root to do that for a Long Time now. You can just click the "Disable" button in the app's details page, or drag it to the trash can from the apps drawer, and it's disabled. Sure, it's taking up a few MB of space on your system image, but, "oh well."
Good news, I just took a dump on your doorstep! Don't worry though, you can just throw your doormat over it. It will still stink, but "oh well"
It's not just carrier bloatware. The Galaxy S4 comes with some Samsung junk that can't be disabled either, for example.