Root Why do people get a Nexus from Google and then root it?

[Bren S.]

I've always wondered why anyone would buy a Nexus from the Play Store that is as pure Android as you can get and then root it??

 

[marctronixx]

same reason people get a car and put on aftermarket wheels and ditch the factory wheels, etc. personal choice and to personalize it...

rooting opens up the device and pushes it to its limits. rooting allows one to design the device to work the way THEY want it to , not what the manufacturer wants...

 

[jj14x]

Stock Android is (IMO) much better than the skinned versions that other manufacturers sell. But, it isn't perfect.

Forget about custom OS or custom Kernels for a moment. Simple things such as the ability to reboot (instead of powering off and then turning it on) are missing in Kitkat. Not sure if 5.0 will add that, but if not, rooting will allow for that.

Want to block ads? Rooting will allow for that...
Want to have a permissions manager (that allows you to choose what permissions an app can access)? Root apps will allow for that. (rumor has it that Android L may bring something for permissions management - though nothing has shown up in the preview images)

And so on

 

[scary alien]

[Stock] Android has certainly gotten better, more feature-rich, stable, secure, etc. over the years and the need for rooting to get some functionality like screen capture is certainly gone.

Some other specific reasons (touched on or implied above) off the top of my head:

1. Full filesystem navigation (without root, there's a ton of things hidden from view or inaccessible)

2. Overclocking / underclocking, etc. (although many (most?) devices are pretty powerful nowadays)

3. Themes, Xposed modules (zillions of features/options)

4. Freezing (disabling) / thawing (enabling) apps

 

[jhawkkw]

A couple of other popular reasons to root not yet mentioned are the following:

1) Titanium Backup requires root

2) Hostfile based ad-blocking apps usually require root.

3) The app I use to control my kernel settings and utilize special functions for the kernel requires both root and busybox (FauxClock).

 

[jj14x]

2) Hostfile based ad-blocking apps usually require root.

Slightly OT, but is there exception to this? I seem to recall someplace that it may be possible to ADB push a hostfile onto an unrooted device - is that true? Trying to figure out if I can afford to skip rooting this time.

 

[jhawkkw]

Slightly OT, but is there exception to this? I seem to recall someplace that it may be possible to ADB push a hostfile onto an unrooted device - is that true? Trying to figure out if I can afford to skip rooting this time.

I've honestly never tried it. It might be an interesting experiment to try right before flashing the official factory image on my Nexus 5 for lollipop.

 

[EarlyMon]

You can push files to some unrooted devices - unlock the bootloader, mount /system r/w and go for it. (Or build an appropriate zip to fastboot flash.) Why go that far and not root escapes me.

I really just dropped in to mention that a proper firewall requires root.

 

[scary alien]

You can push files to some unrooted devices - unlock the bootloader, mount /system r/w and go for it. (Or build an appropriate zip to fastboot flash.)

^^^ Yep! :thumbup:

The Moto Triumph comes to mind.

They (owners) realized that they could monkey with all of the partitions at will...

 

[jj14x]

You can push files to some unrooted devices - unlock the bootloader, mount /system r/w and go for it. (Or build an appropriate zip to fastboot flash.) Why go that far and not root escapes me.

I really just dropped in to mention that a proper firewall requires root.

Thanks EarlyMon
With the Nexus 6, it looks like it will require a change to the kernel to get root working. How that will impact the built in security model (given that Knox is supposedly contributing to Android 5's underlying security now) is why I was checking out the options.

The main reasons why I root are to use adaway (modify hosts file), and for XPrivacy via XPosed. Google mentioned something (very vague) about "Universal data controls" in Google I/O which was supposed to help with app permissions. If that gives a good level of control over app permissions (similar to how XPrivacy does), the only other thing I really need is something to get rid of ads. For now, I think I can live without other root features.

My N5 is rooted, with unlocked bootloader. I'm not going to relock it. Hopefully, I'll figure out what to do by the time I get my N6 (assuming Google Play ever allows me to order it - sheeeeeeeesh)

 

[scary alien]

How that will impact the built in security model (given that Knox is supposedly contributing to Android 5's underlying security now) is why I was checking out the options.

Did you mean SELinux instead of Knox?

Google has started ratcheting-up the security in SELinux from the permissive to enforcing model which certainly impacts root (getting root and running root apps) but makes the device more secure--something very important for businesses wanting to use Android devices.

By the way, if your N5 is rooted, you can lock/relock outside of fastboot and without wiping your device using an app like segv's BootUnlocker for Nexus Devices.

 

[EarlyMon]

Yeah - I'm not sure about Samsung Knox contributing to all Android or not. Maybe you know, I'll have to search that.

Knox pretty much completed the secure Linux (SELinux) model on a mobile device - including the bootloader - so Samsung could go after the enterprise market.

If the Nexus ever comes with a bootloader that can't be unlocked, I don't think that would be good.

And, Nexii still follow the HTC model, so even unlocked, you still have an encrypted signature security on the bootloader itself. I wouldn't be surprised if the wheel turns full circle to s-off Nexus exploits lmao.

http://www.androidpolice.com/2014/1...ew-modified-kernels-may-become-a-requirement/

So yeah, new kernel required etc etc etc.

Meanwhile - if you feel adventurous and have an etc/hosts file to try -

Check out "ZIPme"

https://play.google.com/store/apps/details?id=zip.me

EXTREME FREAKING CAUTION TO ALL READERS -

If you're not sure, don't know what you're doing, are arrogant about what you're doing, or think what could possibly go wrong, don't try it.

If you actually know what you're doing and you end up causing bad things, up to including ending life as we know it, I am not responsible.



Best luck my friend!

 

[jj14x]

Did you mean SELinux instead of Knox?

Actually, I was referring to Knox integration could be the key to Android in the enterprise - TechRepublic
Maybe that is what SELinux evolved into?

 

[jj14x]

Best luck my friend!

Thanks Hopefully, a custom kernel won't get the enterprise exchange admin ticked off, and I can safely root. I just know that I need an ad-blocker on my device - one way or another.

 

[scary alien]

Actually, I was referring to Knox integration could be the key to Android in the enterprise - TechRepublic
Maybe that is what SELinux evolved into?

Ah, cool! Thanks for that!

I don't know how much of Knox that Samsung has contributed or Google adopted for 5.0/Lollipop, but hopefully some of the issues will be eventually/hopefully be addressed soon .

 

[name777]

I rooted my N5 only for one reason - I hate the default message about high volume harmful to my hearing. So I installed Xposed framework, and rid that bitch forever.
EDIT: Actually there's a couple more reasons, Call Recording being one of them. I know - illegal stuff, but no one knows

 

[EarlyMon]

Actually, I was referring to Knox integration could be the key to Android in the enterprise - TechRepublic
Maybe that is what SELinux evolved into?

Good stuff! I thought I'd followed Knox closely but I missed that entire chapter. Many thanks for the link amigo!

Thanks Hopefully, a custom kernel won't get the enterprise exchange admin ticked off, and I can safely root. I just know that I need an ad-blocker on my device - one way or another.

So far as I recall, and I bow ahead of time to anyone with more current info - and speaking strictly about Samsung Knox during its release:

One of the features was that unlocking the bootloader to accomplish root, or the similar if I've misstated that, sets a "Knox tampered" flag down to the bootloader. In the schematics that I saw, it's actually setting a reserved flag in what we believed at the time to be located on the SoC (main processor) itself. (If you're familiar with the HTC bootloader, it will indicate unlocked, s-off and previously tampered with even if you lock and go back to s-on. However - those are simple flags in the bootloader image that you can spoof off with a hex editor. Last I followed it, no one had found a way to reverse that on the Samsung.)

So - it's possible that it will come down to how deeply they integrated Knox.

The big takeaway for me from that article is that Android 5 will have separate profiles for personal and enterprise use.

That alone is huge and has screwed up enterprise users that didn't get that feature.

Ah, cool! Thanks for that!

I don't know how much of Knox that Samsung has contributed or Google adopted for 5.0/Lollipop, but hopefully some of the issues will be eventually/hopefully be addressed soon .

My takeaway from that article isn't the key strength but what it implies.

They're evidently building for responsible organizations and users - but not actually for hard-core physical attack.

The corporate user won't care about key strength - they can already access sensitive information as a user anyway.

In the case of breach, theft or rogue employee, they expect a sufficiently timely report so that they can respond with a full remote wipe to protect data access.

It's an interesting model and perhaps plenty for a large segment of the target market.

If you buy the theory that any lock can be broken then I think that the better key simply buys more time.

You can't remote wipe a device in airplane mode and I'm sure that I didn't just give away a state secret to organizations or individuals prepared to break encryption for evil purposes.

Anyway - this last use case stuff is 100% just my opinion. If any security experts reading this are laughing like hell, you're entirely welcome and happy Halloween!

 

[Rxpert83]

Extremely late to the convo here, but my 2 cents:

On other devices many times people will root in order to be able to run slimmed down AOSP based ROMS. However, the ROMS are never really that stable because the developers have to try and reverse engineer proprietary things such as the device drivers to get these ported ROMS working. There always seem to be nagging bugs that just never go away. This isnt the developers fault, they aren't given the tools they need from device manufacturers. Some devs won't develop for non-nexus phones because of this.

On a nexus, AOSP is already built to run on it. The base is already stable, so when ROM devs add features the finished product is as stable as the stock ROM.

The stability of stock AOSP, the features of a custom ROM - Thats why I root and ROM a nexus

 

[wtherrell]

I've always wondered why anyone would buy a Nexus from the Play Store that is as pure Android as you can get and then root it??

Rooting & romming is the ONLY reason!

 

[teddyearp]

To sort of expand on what Rxpert83 said, first off I too am late to this convo.

I am spoiled in a way as I started my Android journey with the Motorola A855. After that, many devices had locked bootloaders, something that wasn't even mentioned on the A855. Did we even know about unlockable or locked bootloaders back then? Going forward for me without an unlockable bootloader, one cannot install any custom recovery; the very basis to being able to recover from a "Oh crap".

Since then my purchasing of new devices was always steered towards a device that a full custom recovery could be installed on and booted directly into. The Galaxy Nexus was my next and now the HTC One m8; S-Off. I also have a Motorola XT907 on my desk, bootloader unlocked. I will not own any device otherwise.

So for me, it not only about being able to root the device. I will only own one that custom recovery can be installed and booted to. I have read plenty of horror stories of those who could root their device but could only install a 'custom' recovery via "Safestrap" or "Boot strap" or a variety of other means, but this leaves one vulnerable (IMHO) as that usually resides in /system and if you screw /system up, well you are screwed.

As for a custom kernel, well this may have been coming for a while. Did not one of the root methods for the Gnex include flashing an unsecured kernel? It seems to have evolved, and I will have to just read up some more.

 

[EarlyMon]

The big kernel mod seems to come down to modifying the ramdisk to control when the su daemon runs.

Not the sky is falling stuff going around the popular press.

My two cents - http://androidforums.com/showthread.php?p=6778477

 

[davey11]

Ad blocking is right up there with needing root. They are pretty annoying.
The ability to unencrypt is important imo. Maybe this procedure just involves unlocking the BL I'm not sure. I've read that encryption cripples the performance of the N6 by 50% or more.
Now that we know there is an led light on the n6, root will let you use it. I would prefer that over active display.
There are tons more reasons, but those are at the top of the list.

 

[scary alien]

FYI, haven't checked for a few days, but Chainfire got a flashable root .zip package that does not require patching the boot.img.

I used that beta flashable to re-root my N5 when the Lollipop OTA came in.

I think there were some subtle boot-loop issues he was trying to work through on some devices, but I'm guessing it'll be widely available for 5.0+ anytime soon.