1. Download our Official Android App: Forums for Android!

Root Does Rooting make the phone any less secure?

Discussion in 'Android Devices' started by clokwork, Oct 4, 2010.

  1. clokwork

    clokwork Well-Known Member
    Thread Starter
    Rank:
    None
    Points:
    15
    Posts:
    93
    Joined:
    Dec 16, 2009

    Dec 16, 2009
    93
    0
    15
    This may be a real stupid question, but it did cross my mind since I am not familiar with the files/processes used to root the phone with unrevoked. I am a gadget geek, just not a programmer :eek:
     

    Advertisement

  2. Jakaro

    Jakaro Android Enthusiast
    Rank:
    None
    Points:
    78
    Posts:
    601
    Joined:
    Apr 16, 2010

    Apr 16, 2010
    601
    55
    78
    Casino Surveillance
    North Idaho
    Yes it does, if you get an rogue app that uses superuser permisions, it can do anything to your phone. Make sure you get Super User on your phone that way apps have to ask for permision.
     
    clokwork likes this.
  3. clokwork

    clokwork Well-Known Member
    Thread Starter
    Rank:
    None
    Points:
    15
    Posts:
    93
    Joined:
    Dec 16, 2009

    Dec 16, 2009
    93
    0
    15
    Thanks for the reply!!

    Regarding having Super User permissions, I thought that came with the root process?
     
  4. dscribe

    dscribe Android Expert
    Rank:
    None
    Points:
    93
    Posts:
    818
    Joined:
    Jun 8, 2010

    Jun 8, 2010
    818
    140
    93
    Camden, AR, USA
    Root will cause your phone to ask for super user permissions. What the Superuser app does is log those apps you allow to have su access so that they don't have to re-ask again each time you use them. The best advise for people who root is very simply to pay attention because when the phone does not do all the work of protecting itself then you have to take some responsibility.
     
    clokwork likes this.
  5. wayrad

    wayrad Android Expert
    Rank:
    None
    Points:
    163
    Posts:
    1,177
    Joined:
    May 12, 2010

    May 12, 2010
    1,177
    148
    163
    Female
    Long Island
    There was a thread around here recently describing how some apps store passwords in clear text, which might make that information accessible to a rogue app with superuser permissions (if I understood it correctly). One of the listed apps using clear text was the stock HTC mail app. I switched to K9 Mail pretty quickly after that. :)
     
  6. dscribe

    dscribe Android Expert
    Rank:
    None
    Points:
    93
    Posts:
    818
    Joined:
    Jun 8, 2010

    Jun 8, 2010
    818
    140
    93
    Camden, AR, USA
    Good post. Actually, I could see where this could be an issue whether you are rooted or not.
     
  7. wayrad

    wayrad Android Expert
    Rank:
    None
    Points:
    163
    Posts:
    1,177
    Joined:
    May 12, 2010

    May 12, 2010
    1,177
    148
    163
    Female
    Long Island
  8. dscribe

    dscribe Android Expert
    Rank:
    None
    Points:
    93
    Posts:
    818
    Joined:
    Jun 8, 2010

    Jun 8, 2010
    818
    140
    93
    Camden, AR, USA
    I had seen this but not read it carefully. Thanks. I would think it would be useful to add this link too for people's info as well:

    Thread on some of the apps that store passwords as clear text and are accessible when rooted.
     
  9. wayrad

    wayrad Android Expert
    Rank:
    None
    Points:
    163
    Posts:
    1,177
    Joined:
    May 12, 2010

    May 12, 2010
    1,177
    148
    163
    Female
    Long Island
  10. clokwork

    clokwork Well-Known Member
    Thread Starter
    Rank:
    None
    Points:
    15
    Posts:
    93
    Joined:
    Dec 16, 2009

    Dec 16, 2009
    93
    0
    15
    Thank you!

    I follow you so far but with another question. If I am rooted and want to install an app, I am assuming that it is going to show me the permissions that the app requests before installing. Is that correct?

    If so, are you saying that some apps might try and ask for Super User permissions?
     
  11. wayrad

    wayrad Android Expert
    Rank:
    None
    Points:
    163
    Posts:
    1,177
    Joined:
    May 12, 2010

    May 12, 2010
    1,177
    148
    163
    Female
    Long Island
    The "one-click" Unrevoked method automatically installs the Superuser app. You'll get a request each time an app wants superuser permission, unless you authorize it to not have to ask every time. The Superuser app also lists the apps that have been granted permission, and you can have it put a hash mark in your notification bar when an app is using its permission.

    I don't see superuser permissions listed for individual apps when I look at permissions in the usual way - I suspect Google didn't take that into account when setting up the system of posted permission requirements. Usually you know because an app description says it requires root.
     
    clokwork likes this.
  12. clokwork

    clokwork Well-Known Member
    Thread Starter
    Rank:
    None
    Points:
    15
    Posts:
    93
    Joined:
    Dec 16, 2009

    Dec 16, 2009
    93
    0
    15
    Awesome! Thanks for all the replies. Definitely got my question answered.

    Im guessing the apps that ask for super user permissions are the apps that state you have to be rooted or some of the apps offered outside of the android marketplace?
     
  13. dscribe

    dscribe Android Expert
    Rank:
    None
    Points:
    93
    Posts:
    818
    Joined:
    Jun 8, 2010

    Jun 8, 2010
    818
    140
    93
    Camden, AR, USA
    Yes, if an app does not require root, it will not ask for su permissions. No need.
     
    clokwork likes this.
  14. pfp_az

    pfp_az Member
    Rank:
    None
    Points:
    15
    Posts:
    40
    Joined:
    Sep 28, 2012

    Sep 28, 2012
    40
    0
    15
    How does it affect security of the device from the aspect of it being lost or stolen?
     
  15. sdrawkcab25

    sdrawkcab25 Android Expert
    Rank:
     #67
    Points:
    423
    Posts:
    5,589
    Joined:
    Aug 5, 2010

    Aug 5, 2010
    5,589
    2,005
    423
    Male
    PA
    In what aspect? It being rooted doesn't give the stealer access to any more info than if it wasn't rooted. Always best to secure your phone with a good pin and install a security app that allows remotely wiping your phone (lookout, AVG etc ) if you are concerned of sensitive data on your phone.
     
  16. jake.ashford

    jake.ashford Lurker
    Rank:
    None
    Points:
    6
    Posts:
    6
    Joined:
    Feb 21, 2011

    Feb 21, 2011
    6
    1
    6
    Always a valid concern. As someone who has experienced 2 laptop thefts in my lifetime, I would seriously caution any user to consider the consequences of storing sensitive information on a portable device.

    I'd recommend keeping sensitive data stored on one machine and keep it encrypted (preferrably a desktop).

    I understand it is convenient to use mobile banking apps, etc from portable device like a smartphone, but it's so easy to have something as small as a phone or tablet become lost or stolen. My personal philosophy is DON'T DO IT...if you can live without that stuff on your portable then avoid it and you have less to worry about.

    If someone has physical access to a device and are savvy, they can get your data. And who knows how much time they've had the device before you discover the theft and initiate a remote wipe.

    If they could manage to load something like clockwork recovery, then AVG, lookout, screen locks, etc.. all become a moot point. They could use clockwork to dump a backup of your whole device. Encrypting your data would be a better route than relying on easily defeated security like a screen lock.

    Rooted or unrooted, if you're going to store sensitive info or engage in risky activity, then you have to be extremely diligent. Forget to encrypt one file and you're at risk. Regardless of the what type of device it is.
     

Share This Page

Loading...