Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Can I Trust Android Rooting Tools?

Posted by timothy on from the spider-sense dept.

Qbertino writes After a long period of evaluation and weighing cons and pros I've gotten myself a brand new Android tablet (10" Lenovo Yoga 2, Android Version) destined to be my prime mobile computing device in the future. As any respectable freedom-loving geek/computer-expert I want to root it to be able to install API spoofing libraries and security tools to give me owners power over the machine and prevent services like Google and others spying on me, my files, photos, calendar and contacts. I also want to install an ad-blocking proxy (desperately needed — I forgot how much the normal web sucks!). I've searched for some rooting advice and tools, and so far have only stumbled on shady looking sites that offer various Windows-based rooting kits for android devices.

What's the gist on all this? How much of this stuff is potential malware? What are your experiences? Can I usually trust rooting strategies to be malware-free? Is there a rule-of-thumb for this? Is there perhaps a more generic way for a FOSS/Linux expert who isn't afraid of the CLI to root any Android 4.4 (Kitkat) device? Advice and own experiences, please.

42 of 186 comments (clear)

  1. I rooted once by Anonymous Coward · · Score: 5, Funny

    My phone exploded, and I had to have one of my hands amputated.

    Learn from my mistake. Don't do it. Your hands are too important.

  2. Try Here by rotorbudd · · Score: 5, Informative

    http://forum.xda-developers.co...

    --
    A bullet may have your name on it, but artillery is addressed to " Whom It May concern"
    1. Re:Try Here by asimons04 · · Score: 5, Insightful

      Mod parent up.

      I've been frequenting XDA Developers forums for years now, and haven't had any bad experiences or rootkit-type behavior on my devices. Lots of knowledge there, and I was finally able to add some of my own a little while back. Most of the insights I provided were based on years of knowledge learned from the same forums plus my own experimenting, but that's exactly what they're for.

      Depending on the version of Android you've got, you'll have to use different methods. Typically, but NOT ALWAYS, the rooting methods aren't device specific, but Android-version specific. So while you may not find instructions for rooting your exact device, you'll probably find a method to root your version of Android (unless the exploit is tailored specifically to a particular device).

      As always, make sure you read the forums and search thoroughly before you post a "I'm a n00b and I don't know what to do..."-type question. You won't get flamed out of the forums, but you will likely not receive much help as they do expect you to do some footwork beforehand and not just expect them to do everything for you.

      As always, do everything at your own risk.

    2. Re:Try Here by asimons04 · · Score: 2

      I re-read TFA and saw you're running 4.4 KitKat.

      I used jcase's Pie exploit on my KitKat Droid Maxx, but it may only be for the Droid series; you'll have to do your own research. Also, TowelRoot, I believe, works for KitKat. Hope that gets you started.

      PS: If you find an exploit that works, it's always considered good form to donate, even a small sum, to the author who created the exploit. Considering what you can do with your device after it's rooted, it's the least you can do.

    3. Re:Try Here by quenda · · Score: 3, Funny

      Not that cesspit of hackers!
      The only way to be safe from malware is to stick to respectable corporate sites like C|net's download.com.

    4. Re:Try Here by caseih · · Score: 3, Informative

      Ugg. xda-developers is a forum of very smart people, but it's a frustrating place to go to find information. Having to read through dozens of pages of posts trying to glean bits of information is rather fatiguing. Especially topics that stretch on for literally years with hundreds of posts. Sometimes the first posts are updated to provide latest information, sometimes you have to read through several pages of comments to find what you're looking for.

      Really all web forums just suck, plain and simple.

  3. Rooting - by joelwest · · Score: 5, Informative

    I have had Android devices from Cupcake onward and have always rooted them. That being said, I don't presume that rooting will work and I always presume that I may end up with a bricked device. A reminder that as soon as you start rooting, you have voided your warranty. I have also bricked devices. I learned how to make a jtag that way.

    Your milage may vary.

    1. Re: Rooting - by Anonymous Coward · · Score: 3, Informative

      You havent voided warranty on a rooted device. Most drvices all? Can be safely brought back to factory with all markers erased. Thats been my experience with samsung, asus, and motorola devices

    2. Re: Rooting - by Golden_Rider · · Score: 4, Informative

      You havent voided warranty on a rooted device. Most drvices all? Can be safely brought back to factory with all markers erased. Thats been my experience with samsung, asus, and motorola devices

      Not true for current Samsung devices (S4 onwards) with the KNOX-enabled firmware. If you root those, you will trigger an eFUSE which flags your phone as "warranty void" forever. So yes - you can root even those phones, but you WILL lose the warranty. http://omegadroid.co/wanted-kn...

    3. Re: Rooting - by Anonymous Coward · · Score: 4, Informative

      Not true for all... I've rooted the Note 3 without triggering the Knox. (KNOX is the reason my next phone won't be a Note 4 or 5, after owning Note 2 & 3).

    4. Re: Rooting - by Anonymous Coward · · Score: 5, Informative

      Not quite true. If you don't replace the bootloader KNOX won't be tripped. I have an S5 with an unlocked bootloader (t-mobile) that I have rooted without tripping KNOX, using ChainFire's rooting tools.

    5. Re:Rooting - by johanw · · Score: 2

      To brick the device is quite difficult (if you don't do it on purpose). Usually you can always reflash the original firmware. To end up in a bootloop, however, is easy and quite scary if you've never done this kind of stuff before.

    6. Re: Rooting - by drinkypoo · · Score: 4, Interesting

      Has this actually been tested in court? Seems to me like a root-capable su is compatible software for all intents and purposes and therefore dropping warranty support for users who root should be a violation of the Magnuson-Moss warranty act.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    7. Re: Rooting - by allo · · Score: 2

      i europe you cannot void the warranty by rooting.

  4. excellent question by raymorris · · Score: 2

    That's a good question. I don't think many of the tools and ROMs have been analyzed for security by qualified people. As someone else mentioned, http://forum.xda-developers.co... is the most popular source. You'd hope that if there were major issues with the tools used there someone would notice.

    You can extract a rooted ROM and compare the contents to the stock ROM.

  5. Re:No by war4peace · · Score: 4, Insightful

    "Computer expert" is a broad, broad definition. Nobody's a "computer expert", except in their narrow field.
    So ease off with the smug. One might be an expert in their field and totally suck at another, both computer-related.

    --
    ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
  6. XDA Forums by Raxxon · · Score: 3, Interesting

    In general, if you're computer-savvy, hitting the XDA Forums will be your best option (IMO) if you're concerned about security. The SuperSU Package can be sideloaded into the device via manual ADB commands for most devices out there (some of them are considerably more difficult than others eg: Current Samsung devices with KNOX). I've owned multiple devices from several vendors and I have yet to have an issue with the posted information from the XDA forums. I would expect that anyone attempting to pass shit-ware in there would get found rather quickly unless it's a very niche device with few people actually interested in it.

    Personally I've yet to use any of the "one click root" kinda options I've seen posted to various sites....

  7. do it yourself by Spacelord · · Score: 2

    My advice: don't rely on specialized tools that claim to do the work for you, but learn how to do it by hand with adb and fastboot.

    1. Re:do it yourself by Spad · · Score: 2

      Wow, you're funny. As tools which are part of the Android SDK, if you don't trust them then you probably shouldn't have an Android phone in the first place.

  8. Rooting an android by Anonymous Coward · · Score: 5, Informative

    I've been running rooted for about 4 years on various phones.

    There are quite a lot of tools that you can run while rooted that are impossible otherwise.

    This includes the ROMs themselves which don't usually come with the normal Google tools at all.

    Then you can leverage tools like AppOps (integrated into many of the custom ROMs) to control granularly what info apps can get.

    You can run things like AdAway, which basically block ads systemwide (including in apps).

    The F-droid app repository has quite a lot of open-source software, and you can build a perfectly functional phone without Google apps.

    As already mentioned, XDA-developers is a good place to start, even just to find info about your specific device, and guides for rooting, etc.

    On balance, my opinion is that, if you do your diligence and set things up correctly, a rooted phone can absolutely be more secure than not.

    As a small suggestion, if you decide to jump in, I highly recommend using ClockworkMod (Koush) superuser manager, because it's open-source and let's you set a pin for SU without paying for an upgrade.

  9. What - exactly - are you worried about here? by PsychoSlashDot · · Score: 3, Informative

    On the PC, typically Odin is the only Windows executable involved with rooting an Android phone. Standard security best-practices should keep you "safe" here. Obtain Odin from trustworthy sites such as XDA. Use a bi-directional firewall package that tells you when your PC tries to make an outbound connection. Odin shouldn't.

    On the phone, if you're just rooting, you're trusting the manufacturer of your phone, which isn't necessarily wise, but I see that's WHY you're rooting. So, you can get the XPosed Framework and XPrivacy, and set permissions for the various packages on your phone. Both are open-source.

    If you don't actually read the code, then by definition you're trusting, period. So what's the issue?

    --
    "Oh no... he found the .sig setting."
  10. Can you read Chinese? by damn_registrars · · Score: 2

    The last phone I rooted only had rooting tools available in Chinese. It seems to have worked, but ...

    --
    Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
  11. Manual steps vs. payload by allquixotic · · Score: 5, Informative

    Most root exploits I've seen have two components to them: the attack vector, and the payload.

    The attack vector is usually a series of commands that have to be run to get the payload onto the device. This part is fully auditable and usually "open source" in the sense that you can perform these commands yourself. If someone sends you a .bat script with a bunch of adb commands, you can always open up the script and read it and make sure nothing is malicious in there.

    The real problem is that 99% of the root exploits out there have to upload some kind of a binary file to the device, which is then executed. In MOST cases, the source code to this binary is not disclosed, perhaps to make it harder for the manufacturers to fix the exploit, or to keep their attack methods secret, in case the code might expose some more general pattern of attack that would enable the manufacturers to close a whole series of root exploits.

    So basically you are trusting someone who compiled a Linux binary *whose job is to obtain escalated privileges on your device* to then not use those privileges to install some kind of tracking malware, data siphon, or cookie exfiltrating software, or even just a rootkit providing them a backdoor, which initially does nothing but can be activated at any time when the author feels they need something from your device (like participating in a botnet, perhaps?).

    I'm a little surprised that the comments so far haven't really tackled the crux of your question, which was NOT "how do I find root exploits", but "are they trustworthy". Remember, folks, just because it's posted on XDA, doesn't mean it's trustworthy. Anyone can register an account on XDA; absolutely anyone.

    I've read statements from root exploit authors who've said in plain language that they have no motivation to bundle malware in their root exploits and thus don't ever do so, but that's like the NSA saying they don't spy on Americans. We have no way of verifying the statement, and several reasons to suspect the contrary.

    If you are in doubt, I would suggest that you forego root exploits altogether. Instead, you should simply refuse to buy any Android device where the manufacturer does not provide you a means to unlock the bootloader. Once you have a (legit) unlocked bootloader using official tools from the manufacturer, you can then proceed to install any ROM you want -- even an open source ROM that you could audit yourself -- which then gives you root access. Remember, on an Android device, root is far less powerful than an unlocked bootloader, so that's really what you should be aiming for anyway, to have a truly "open" device as an enthusiast.

    1. Re:Manual steps vs. payload by c · · Score: 4, Insightful

      I'm a little surprised that the comments so far haven't really tackled the crux of your question, which was NOT "how do I find root exploits", but "are they trustworthy".

      Well, the way I see it, I'll trust a random XDA developer pushing closed-source hacks way more than I trust my carrier and/or handset manufacturer.

      It'll grant you that it's a low bar.

      --
      Log in or piss off.
  12. RTFM by Anonymous Coward · · Score: 5, Interesting

    RTFM and get ready to build stuff yourself. You will need to do some research for your particular device and then decide for yourself.

    When I started using Android, it was a Nexus 4. Since the Nexus 4 came from Google, and was widely used by developers, it was easy to unlock the bootloader and root it using tools that were open source and reputable.

    When I purchased a new and less popular phone, I wanted to root it and give it the same treatment. Unfortunately, the only tools I could find for my new device were posted in threads on the XDA forum. Someone posts a recovery + kernel and everyone just downloads and flashes it. Amazing. Well I run a banking app on my phone, how do I know that this thing is only a recovery + kernel and not something extra?

    My other problem with the stuff people post on XDA is that some of the contributors don't seem to really know what they are doing. There's one custom kernel for my device that has a whole slew of useless options and the comment "Please do not ask me to add something, I don't know much about kernel ". So I think there is some amount of "recipe following" by some of the people that contribute on XDA: they figure out a recipe that works, and generate kernels or ROMs without really understanding what it is that they are doing.

    So, my ultimate solution to the problem was just to build everything myself. This took several days for me to scrape together all the information I needed from Google, my device vendor, and random places on the web. I ran into the same problem: I needed tools to do this (specifically a compiler toolchain and a few other tools for assembling the kernel and recovery the way my particular device needs it), but I'm not going to download some random binary from GitHub.

    I'm running Ubuntu 14.04, and the gcc-arm-none-eabi compiler worked fine for building for my Android. I didn't have to download any mystery meat binaries. I rewarded myself by sticking my name into the kernel version, so it says "3.0.4-AnonymousCoward" instead of "3.0.4-SomeAssholeFromXDA"

    RE devices: I've only ever purchased devices from vendors who will let you unlock your bootloader. If you have a device that the vendor doesn't want you to have control over, your only option is to wait for an exploit that can get root (something like Towel Root). I will never trust something like that since the source isn't published, but I would never purchase a device that I can't control completely.

    Hope this is helpful

  13. Fundamentally not secure by ponos · · Score: 2

    I had the same thoughts when I tried installing CM on an old Android device. In the end, the platform was never meant to be secure or really open to user scrutiny. I suppose with a considerable amount of effort you could achieve some sense of security by inspecting all major components, but if you are inclined to invest a considerable amount of effort, then you probably want much better security and are looking at the wrong place. Phones/tablets are fundamentally insecure, and this is probably by design.

  14. Trust android rooting tools? by someonesomewhen · · Score: 2

    Using CynogenMod version (android 4.4.4) on HP touchpad ... Haven't noticed anything very different than on Linux Mint on Asus laptop

  15. Usually, sure by drinkypoo · · Score: 2

    Especially if you get them from XDA-Developers, where people have reputations.

    Let someone else test the tools for you.

    At least some of the tools actually let you patch the hole they got in through, this is true of the exploit for Asus Cube.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  16. Paranoid? by WoodburyMan · · Score: 5, Informative

    Here's an idea. If you are uncomfortable with Google and such, eyeing them as a big brother of some sorts and do not want any Google Play Services or anything Google touching the device... you should return that tablet. Buy a Nexus 9, or a used Nexus 10 or Nexus 7 (2013). This may look counter intuitive, however Nexus devices have pretty much some of the strongest following and modding community behind them and since Google releases the full source for these devices, they are the first to get AOSP variant roms such as CyanogenMod, SlimROM, and Paranoid Android. Once you get them, you can easily follow guides on XDA Developers ( http://www.xda-developers.com/ ) to Unlock the bootloader (Via Google released ADB/Fastboot tools), install a custom recovery (I recommend TWRP which is open source as well so you know what you're getting). Then, depending on your level of paranoid, you can sync the AOSP tree from Google itself and build the entire ROM from scratch yourself, or build or download a flashable zip file of any custom ROM such as CyanogenMod, SlimROM, Paranoid Android etc, and then load it onto the device. AOSP based roms such as these DO NOT have Google's Proprietary API's and Google Play Services. Straight Android. Plus, will full open source, you know what's in it. You will still have to deal with the proprietary blobs left in for display, modem, wifi, etc, however it's as close to full control as you can get for Android with a 100% fully functional Android device.

    1. Re:Paranoid? by swillden · · Score: 4, Informative

      (Android security engineer here)

      Mod parent up.

      This is the only way to be sure of what you're getting. The various rootkits (almost?) all include some closed-source binary which gets uploaded and run as root. Rather than using some hack to exploit some defect in your device's security and upload some random binary which does unknown things to your device, buy a device with a legitimately-unlockable bootloader. All Nexus devices meet this requirement. There are some Motorola devices that do, too, and there may be a few others from other manufacturers. Then unlock your device, install your new ROM (ideally, build it from source, but that's optional) and re-lock your device.

      That will give you the control you want without exposing yourself to unnecessary risks.

      I'm not saying this approach doesn't expose your data to risks, it does. The various third-party ROMs intentionally subvert various aspects of the Android security model. To really understand the risks, you need to understand Android security (I recommend "Android Security Internals" by Nikolay Elenkov), understand how your chosen ROM alters it, and understand how that will impact your usage. But it does put you in control, rather than the author of some random rootkit.

      Oh, and note that it is important to re-lock your device. If you don't, anyone who gets your device can install their own custom ROM and get access to all of your data. Locking the bootloader ensures that the data partition gets erased before a new system is installed.

      (Disclaimer: I work for Google, but this is not an official statement of any sort. It's purely my own opinion.)

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    2. Re:Paranoid? by kenshin33 · · Score: 3, Informative

      ^^^what he said. On some nexus devices (recent ones) you can unlock later without wiping (BootUnlocker app for example, it's available in the play store and opensource ). You might consider building everything your self and SIGN your builds with your own keys (something other than the test key, as the private keys for those are available to anyone) and make sure any recovery you'd use enforces "signature verification" (and that it can not be disabled)

  17. Re:If you wanted ownership of the machine by bananaquackmoo · · Score: 2

    You do realize that you can have Android without Google right? That Android and Google Play are not the same thing?

  18. Re:If you wanted ownership of the machine by spire3661 · · Score: 2

    Im confused by point #1. Are you saying you cant have an android device without google services? You dont NEED gmail and Chrome, they are easily replaced.

    --
    Good-bye
  19. Re:Can you trust the hardware and firmware? by Z00L00K · · Score: 4, Insightful

    Considering the bloatware that the phones comes with as standard like Facebook (that spies on your address book) and a number of unwanted apps that have been granted unkonwn privileges by the phone vendor I'd trust a rooting tool more.

    --
    If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
  20. Re:If you wanted ownership of the machine by drinkypoo · · Score: 2

    1) Most of the important functionality (including the WebKit/Blink browser engine) are now embedded in Google Play Services, which you can't manage.

    This depends on how you define important functionality. You can't use any gapps without play services, and you will need another browser, but there are other browsers.

    Total ownership of a device with a proprietary radio isn't realistic - even if you managed to install straight Linux on the thing (unlikely) the underlying firmware is in the bag.

    Most of us like to have some kind of wireless communications, and that's going to be true of pretty much *. Including the Yoga 2 Pro.

    A rooting tool is inherently untrustworthy as it exploits flaws in the target system.

    That really doesn't follow.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  21. Re:Say goodbye to security by drinkypoo · · Score: 3, Insightful

    From your fine link:

    This is unfortunate. Even if you've encrypted your phone, anyone with physical access can simply reboot into recovery and reflash /system with something that'll stash your encryption key and mail your data to the NSA. Surely there's a better way of doing this?

    Anyone with physical access to your phone can, in theory, do anything they want to your phone. Including unlocking the bootloader, and then doing all that other stuff. What a fat waste of time that was.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  22. Required class action lawsuit against Google by Anonymous Coward · · Score: 2, Insightful

    Imagine if Windows PC manufacturers supplied PCs lacking Administrator access in Windows. People would quite rightly complain, and many would sue their respective PC manufacturers in order to gain full control over their own legal possession. But what if Administrator access were not being supplied because Microsoft did not provide it in Windows in the first place? In that situation, the many lawsuits would rapidly collapse into a single class action against Microsoft.

    That is exactly the situation we have today in respect of Google as developers of Android. Google has not provided any means for owners of Android tablets to gain root access to their own property and hence full ownership of it. This is not the fault of the equipment manufacturers at all but that of Google, and so Google should be legally actioned for it by Android equipment owners as a class.

  23. install applications, CAs, encrypt storage, set se by raymorris · · Score: 2

    That's an interesting thought. I imagine Google would have two responses to that. First, an Android user can install applications, set security policies such as requiring a PIN or pattern lock, encrypt the data storage - mostly the same things a Windows administrator can do. To say, completely wipe the disk and install a different OS, one does that via the bootloader, not in the OS. That can be done on many (most?) Android devices and is outside of Google's control anyway.

    Secondly, contrary to your claims, device manufacturers could include sudo in their ROMs if they wanted to. Cyanogenmod AMD others include root; there's nothing stopping Samsung from doing the same with their mods. That's Samsung's decision.

    Lastly, they could point out that for the relatively small percentage of users technically knowledgeable enough to modify the OS without breaking it, there are in fact simple ways for them to enable such access. For the majority of users, who don't knsow what "root" is, enabling it by default would reduce the security and reliability of the device. It would make it less good for the vast majority of consumers.

  24. Re: Disposable Androids by rwa2 · · Score: 5, Informative

    Yep, if you have any qualms about doing stuff on Android, feel free to get a cheap Android tablet to experiment on, like the old $200 Nexus 7. Then you can feel free to fill that one with games and crapware and wipe and reload it regularly like a Windows gaming box. This lets you play without too much risk without compromising your primary Android device. If you use the same google Play account, you don't even have to buy your paid apps twice (though of course then you're exposing your google account that you use to pay for Google apps, but if you're like me, that's separate from your personal gmail account)

    My primary Android device is my phone, and I just keep a bare minimum of essential apps on it so it runs fast and lean. After the Android 5 update, haven't even felt compelled to root it.

  25. To add more info: by thegarbz · · Score: 3, Informative

    The XDA-Developers forum is full of tinkerers and developers themselves. They get a lot of traffic so proposed roots and mods will have quite a bit of feedback allowing you to judge the quality before you attempt to do something.

    Additionally the XDA guys have a known history of calling out other people's shit. They are the ones who find questionable security practices, back to base datalogging and basically nearly everything negative or questionable you have heard about an Android manufacturer you'll have heard it on XDA first.

    I wouldn't trust any shady site for any kind of root exploit, just links from the XDA-Developers forum.

  26. Re:Cyanogen? by rwa2 · · Score: 2

    Really. Here's the "simple" 9-phase process with for the pretty common Nexus 5 :
    http://forum.xda-developers.co...

    Yes, it's pretty cool to go through that for the first phone or two, but after the 5th or 6th time it kinda gets old to have to spend an hour or two keeping track of how TWRP is replacing the clockworkmod bootloader, which exploit to use to root, backing up using Titanium or Helium, etc. After a while it feels less like you're learning new stuff and more like you're jumping through hoops just to get a new OS version that other people get automatically OTA :P But at least the adb and fastboot stuff from Google stays pretty consistent.

  27. Re:Cyanogen? by Harlequin80 · · Score: 2

    Thats not a 9 step process for rooting a nexus 5. That is all the stickies collected into 9 groups. I mean one of the sections is called "Defects" and talks about things like light bleed.

    To root a nexus 5 you don't need to do anything extravagant at all. Basically install the drivers, turn on the phone while holding down volume down, plug it into your usb and from a command prompt type "fastboot oem unlock"