Slashdot Mirror
Ask Slashdot: Can I Trust Android Rooting Tools?
Qbertino writes After a long period of evaluation and weighing cons and pros I've gotten myself a brand new Android tablet (10" Lenovo Yoga 2, Android Version) destined to be my prime mobile computing device in the future. As any respectable freedom-loving geek/computer-expert I want to root it to be able to install API spoofing libraries and security tools to give me owners power over the machine and prevent services like Google and others spying on me, my files, photos, calendar and contacts. I also want to install an ad-blocking proxy (desperately needed — I forgot how much the normal web sucks!). I've searched for some rooting advice and tools, and so far have only stumbled on shady looking sites that offer various Windows-based rooting kits for android devices.
What's the gist on all this? How much of this stuff is potential malware? What are your experiences? Can I usually trust rooting strategies to be malware-free? Is there a rule-of-thumb for this? Is there perhaps a more generic way for a FOSS/Linux expert who isn't afraid of the CLI to root any Android 4.4 (Kitkat) device? Advice and own experiences, please.
What's the gist on all this? How much of this stuff is potential malware? What are your experiences? Can I usually trust rooting strategies to be malware-free? Is there a rule-of-thumb for this? Is there perhaps a more generic way for a FOSS/Linux expert who isn't afraid of the CLI to root any Android 4.4 (Kitkat) device? Advice and own experiences, please.
My phone exploded, and I had to have one of my hands amputated.
Learn from my mistake. Don't do it. Your hands are too important.
http://forum.xda-developers.co...
A bullet may have your name on it, but artillery is addressed to " Whom It May concern"
I have had Android devices from Cupcake onward and have always rooted them. That being said, I don't presume that rooting will work and I always presume that I may end up with a bricked device. A reminder that as soon as you start rooting, you have voided your warranty. I have also bricked devices. I learned how to make a jtag that way.
Your milage may vary.
"Computer expert" is a broad, broad definition. Nobody's a "computer expert", except in their narrow field.
So ease off with the smug. One might be an expert in their field and totally suck at another, both computer-related.
...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
I've been running rooted for about 4 years on various phones.
There are quite a lot of tools that you can run while rooted that are impossible otherwise.
This includes the ROMs themselves which don't usually come with the normal Google tools at all.
Then you can leverage tools like AppOps (integrated into many of the custom ROMs) to control granularly what info apps can get.
You can run things like AdAway, which basically block ads systemwide (including in apps).
The F-droid app repository has quite a lot of open-source software, and you can build a perfectly functional phone without Google apps.
As already mentioned, XDA-developers is a good place to start, even just to find info about your specific device, and guides for rooting, etc.
On balance, my opinion is that, if you do your diligence and set things up correctly, a rooted phone can absolutely be more secure than not.
As a small suggestion, if you decide to jump in, I highly recommend using ClockworkMod (Koush) superuser manager, because it's open-source and let's you set a pin for SU without paying for an upgrade.
Most root exploits I've seen have two components to them: the attack vector, and the payload.
The attack vector is usually a series of commands that have to be run to get the payload onto the device. This part is fully auditable and usually "open source" in the sense that you can perform these commands yourself. If someone sends you a .bat script with a bunch of adb commands, you can always open up the script and read it and make sure nothing is malicious in there.
The real problem is that 99% of the root exploits out there have to upload some kind of a binary file to the device, which is then executed. In MOST cases, the source code to this binary is not disclosed, perhaps to make it harder for the manufacturers to fix the exploit, or to keep their attack methods secret, in case the code might expose some more general pattern of attack that would enable the manufacturers to close a whole series of root exploits.
So basically you are trusting someone who compiled a Linux binary *whose job is to obtain escalated privileges on your device* to then not use those privileges to install some kind of tracking malware, data siphon, or cookie exfiltrating software, or even just a rootkit providing them a backdoor, which initially does nothing but can be activated at any time when the author feels they need something from your device (like participating in a botnet, perhaps?).
I'm a little surprised that the comments so far haven't really tackled the crux of your question, which was NOT "how do I find root exploits", but "are they trustworthy". Remember, folks, just because it's posted on XDA, doesn't mean it's trustworthy. Anyone can register an account on XDA; absolutely anyone.
I've read statements from root exploit authors who've said in plain language that they have no motivation to bundle malware in their root exploits and thus don't ever do so, but that's like the NSA saying they don't spy on Americans. We have no way of verifying the statement, and several reasons to suspect the contrary.
If you are in doubt, I would suggest that you forego root exploits altogether. Instead, you should simply refuse to buy any Android device where the manufacturer does not provide you a means to unlock the bootloader. Once you have a (legit) unlocked bootloader using official tools from the manufacturer, you can then proceed to install any ROM you want -- even an open source ROM that you could audit yourself -- which then gives you root access. Remember, on an Android device, root is far less powerful than an unlocked bootloader, so that's really what you should be aiming for anyway, to have a truly "open" device as an enthusiast.
RTFM and get ready to build stuff yourself. You will need to do some research for your particular device and then decide for yourself.
When I started using Android, it was a Nexus 4. Since the Nexus 4 came from Google, and was widely used by developers, it was easy to unlock the bootloader and root it using tools that were open source and reputable.
When I purchased a new and less popular phone, I wanted to root it and give it the same treatment. Unfortunately, the only tools I could find for my new device were posted in threads on the XDA forum. Someone posts a recovery + kernel and everyone just downloads and flashes it. Amazing. Well I run a banking app on my phone, how do I know that this thing is only a recovery + kernel and not something extra?
My other problem with the stuff people post on XDA is that some of the contributors don't seem to really know what they are doing. There's one custom kernel for my device that has a whole slew of useless options and the comment "Please do not ask me to add something, I don't know much about kernel ". So I think there is some amount of "recipe following" by some of the people that contribute on XDA: they figure out a recipe that works, and generate kernels or ROMs without really understanding what it is that they are doing.
So, my ultimate solution to the problem was just to build everything myself. This took several days for me to scrape together all the information I needed from Google, my device vendor, and random places on the web. I ran into the same problem: I needed tools to do this (specifically a compiler toolchain and a few other tools for assembling the kernel and recovery the way my particular device needs it), but I'm not going to download some random binary from GitHub.
I'm running Ubuntu 14.04, and the gcc-arm-none-eabi compiler worked fine for building for my Android. I didn't have to download any mystery meat binaries. I rewarded myself by sticking my name into the kernel version, so it says "3.0.4-AnonymousCoward" instead of "3.0.4-SomeAssholeFromXDA"
RE devices: I've only ever purchased devices from vendors who will let you unlock your bootloader. If you have a device that the vendor doesn't want you to have control over, your only option is to wait for an exploit that can get root (something like Towel Root). I will never trust something like that since the source isn't published, but I would never purchase a device that I can't control completely.
Hope this is helpful
Here's an idea. If you are uncomfortable with Google and such, eyeing them as a big brother of some sorts and do not want any Google Play Services or anything Google touching the device... you should return that tablet. Buy a Nexus 9, or a used Nexus 10 or Nexus 7 (2013). This may look counter intuitive, however Nexus devices have pretty much some of the strongest following and modding community behind them and since Google releases the full source for these devices, they are the first to get AOSP variant roms such as CyanogenMod, SlimROM, and Paranoid Android. Once you get them, you can easily follow guides on XDA Developers ( http://www.xda-developers.com/ ) to Unlock the bootloader (Via Google released ADB/Fastboot tools), install a custom recovery (I recommend TWRP which is open source as well so you know what you're getting). Then, depending on your level of paranoid, you can sync the AOSP tree from Google itself and build the entire ROM from scratch yourself, or build or download a flashable zip file of any custom ROM such as CyanogenMod, SlimROM, Paranoid Android etc, and then load it onto the device. AOSP based roms such as these DO NOT have Google's Proprietary API's and Google Play Services. Straight Android. Plus, will full open source, you know what's in it. You will still have to deal with the proprietary blobs left in for display, modem, wifi, etc, however it's as close to full control as you can get for Android with a 100% fully functional Android device.
Considering the bloatware that the phones comes with as standard like Facebook (that spies on your address book) and a number of unwanted apps that have been granted unkonwn privileges by the phone vendor I'd trust a rooting tool more.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
Yep, if you have any qualms about doing stuff on Android, feel free to get a cheap Android tablet to experiment on, like the old $200 Nexus 7. Then you can feel free to fill that one with games and crapware and wipe and reload it regularly like a Windows gaming box. This lets you play without too much risk without compromising your primary Android device. If you use the same google Play account, you don't even have to buy your paid apps twice (though of course then you're exposing your google account that you use to pay for Google apps, but if you're like me, that's separate from your personal gmail account)
My primary Android device is my phone, and I just keep a bare minimum of essential apps on it so it runs fast and lean. After the Android 5 update, haven't even felt compelled to root it.