Originally Posted by teddyearp
If I may clarify. Pushing the su binary and then the subsequent chmod of said binary to 6755 (or something similar) is what gives ANY application, process or anything else superuser access to your android phone. Consider the Superuser.apk as the guardian. Without installing Superuser.apk AT THE SAME TIME your phone is vulnerable to ANY app using root privileges without your knowledge. That is why it is ABSOLUTELY IMPERATIVE to install Superuser.apk at the same time as the su binary. Do not let any version numbers, etc. get you confused, or even make you think about putting Superuser.apk in /data/app or anywhere else than /system/app. Please do not even speculate about this.
After all, those of you that have done this, every single time an app asks for su, Superuser pops up and asks for permission, right? Think about the alternative. Any app could call for su without your knowledge until you decide to install Superuser.apk from the market. And then, Superuser.apk will be installed to /data/app and a simple factory data reset will remove it until you reinstall it, all the while su will remain in /system/xxx wide open.
I hope this is clear enough and removes all doubt about how important it is to install Superuser.apk AT THE SAME time as the su binary.
I think that you actually can install just the su
binary without the Superuser.apk
app without any ill-effects or security issues. The reason I say this is these two parts from ChainsDD's website (Superuser
) about how the su
binary and the Superuser.apk
app interact with each other:
Superuser.apk runs as any other app and gives you, the user, a place to see what apps you have allowed or denied, as well as view a log of what apps have used su when.
The su binary is what other apps call when they need superuser rights. The binary checks the database maintained by Superuser.apk to determine if you have already granted rights to the requesting app, and if not tells Superuser.apk to display a prompt asking you for permission.
So, my impression is that if you don't make any su / root requests, then there's nothing to fail. If you do make an su / root request, then that request will fail because the Superuser app has not yet been installed (it won't execute if it can't get permission via the Superuser whitelist app).
I think this also clears-up John Markley's question about installing the Superuser.apk separately (presumably to support great devs like ChainsDD by downloading the app from the Market).
That's my take anyways