Does Rooting make the phone any less secure?


Last Updated:

  1. clokwork

    clokwork Well-Known Member This Topic's Starter

    Joined:
    Dec 16, 2009
    Messages:
    93
    Likes Received:
    0
    This may be a real stupid question, but it did cross my mind since I am not familiar with the files/processes used to root the phone with unrevoked. I am a gadget geek, just not a programmer :eek:
     

    Advertisement
  2. Jakaro

    Jakaro Well-Known Member

    Joined:
    Apr 16, 2010
    Messages:
    601
    Likes Received:
    55
    Yes it does, if you get an rogue app that uses superuser permisions, it can do anything to your phone. Make sure you get Super User on your phone that way apps have to ask for permision.
     
    clokwork likes this.
  3. clokwork

    clokwork Well-Known Member This Topic's Starter

    Joined:
    Dec 16, 2009
    Messages:
    93
    Likes Received:
    0
    Thanks for the reply!!

    Regarding having Super User permissions, I thought that came with the root process?
     
  4. dscribe

    dscribe Well-Known Member

    Joined:
    Jun 8, 2010
    Messages:
    818
    Likes Received:
    140
    Root will cause your phone to ask for super user permissions. What the Superuser app does is log those apps you allow to have su access so that they don't have to re-ask again each time you use them. The best advise for people who root is very simply to pay attention because when the phone does not do all the work of protecting itself then you have to take some responsibility.
     
    clokwork likes this.
  5. wayrad

    wayrad Well-Known Member

    Joined:
    May 12, 2010
    Messages:
    1,177
    Likes Received:
    148
    There was a thread around here recently describing how some apps store passwords in clear text, which might make that information accessible to a rogue app with superuser permissions (if I understood it correctly). One of the listed apps using clear text was the stock HTC mail app. I switched to K9 Mail pretty quickly after that. :)
     
  6. dscribe

    dscribe Well-Known Member

    Joined:
    Jun 8, 2010
    Messages:
    818
    Likes Received:
    140
    Good post. Actually, I could see where this could be an issue whether you are rooted or not.
     
  7. wayrad

    wayrad Well-Known Member

    Joined:
    May 12, 2010
    Messages:
    1,177
    Likes Received:
    148
  8. dscribe

    dscribe Well-Known Member

    Joined:
    Jun 8, 2010
    Messages:
    818
    Likes Received:
    140
    I had seen this but not read it carefully. Thanks. I would think it would be useful to add this link too for people's info as well:

    Thread on some of the apps that store passwords as clear text and are accessible when rooted.
     
  9. wayrad

    wayrad Well-Known Member

    Joined:
    May 12, 2010
    Messages:
    1,177
    Likes Received:
    148
  10. clokwork

    clokwork Well-Known Member This Topic's Starter

    Joined:
    Dec 16, 2009
    Messages:
    93
    Likes Received:
    0
    Thank you!

    I follow you so far but with another question. If I am rooted and want to install an app, I am assuming that it is going to show me the permissions that the app requests before installing. Is that correct?

    If so, are you saying that some apps might try and ask for Super User permissions?
     
  11. wayrad

    wayrad Well-Known Member

    Joined:
    May 12, 2010
    Messages:
    1,177
    Likes Received:
    148
    The "one-click" Unrevoked method automatically installs the Superuser app. You'll get a request each time an app wants superuser permission, unless you authorize it to not have to ask every time. The Superuser app also lists the apps that have been granted permission, and you can have it put a hash mark in your notification bar when an app is using its permission.

    I don't see superuser permissions listed for individual apps when I look at permissions in the usual way - I suspect Google didn't take that into account when setting up the system of posted permission requirements. Usually you know because an app description says it requires root.
     
    clokwork likes this.
  12. clokwork

    clokwork Well-Known Member This Topic's Starter

    Joined:
    Dec 16, 2009
    Messages:
    93
    Likes Received:
    0
    Awesome! Thanks for all the replies. Definitely got my question answered.

    Im guessing the apps that ask for super user permissions are the apps that state you have to be rooted or some of the apps offered outside of the android marketplace?
     
  13. dscribe

    dscribe Well-Known Member

    Joined:
    Jun 8, 2010
    Messages:
    818
    Likes Received:
    140
    Yes, if an app does not require root, it will not ask for su permissions. No need.
     
    clokwork likes this.
  14. pfp_az

    pfp_az Active Member

    Joined:
    Sep 28, 2012
    Messages:
    40
    Likes Received:
    0
    How does it affect security of the device from the aspect of it being lost or stolen?
     
  15. sdrawkcab25

    sdrawkcab25 Well-Known Member

    Joined:
    Aug 5, 2010
    Messages:
    5,577
    Likes Received:
    1,958
    In what aspect? It being rooted doesn't give the stealer access to any more info than if it wasn't rooted. Always best to secure your phone with a good pin and install a security app that allows remotely wiping your phone (lookout, AVG etc ) if you are concerned of sensitive data on your phone.
     
  16. jake.ashford

    jake.ashford Member

    Joined:
    Feb 21, 2011
    Messages:
    6
    Likes Received:
    1
    Always a valid concern. As someone who has experienced 2 laptop thefts in my lifetime, I would seriously caution any user to consider the consequences of storing sensitive information on a portable device.

    I'd recommend keeping sensitive data stored on one machine and keep it encrypted (preferrably a desktop).

    I understand it is convenient to use mobile banking apps, etc from portable device like a smartphone, but it's so easy to have something as small as a phone or tablet become lost or stolen. My personal philosophy is DON'T DO IT...if you can live without that stuff on your portable then avoid it and you have less to worry about.

    If someone has physical access to a device and are savvy, they can get your data. And who knows how much time they've had the device before you discover the theft and initiate a remote wipe.

    If they could manage to load something like clockwork recovery, then AVG, lookout, screen locks, etc.. all become a moot point. They could use clockwork to dump a backup of your whole device. Encrypting your data would be a better route than relying on easily defeated security like a screen lock.

    Rooted or unrooted, if you're going to store sensitive info or engage in risky activity, then you have to be extremely diligent. Forget to encrypt one file and you're at risk. Regardless of the what type of device it is.
     

Share This Page

Loading...