Root Root Security

[jakeotr]

I have yet to get my Incredible (should be a few days) but I want to root it soon after. I have been studying the forums for the correct methods, but have a few questions. Now I may be totally off-base with my assumptions, not knowing anything about the mobile market/android, but I use linux and understand the OS. My concerns with unrevoked are: if its a hacked exploit to root the phone and keep it rooted through the radio..couldn't someone else do it remotely? Also does running the phone in S-OFF create a security issue? I dont run my PC as root for obvious reasons. Do you S-OFF your phone only to install apps/roms and then put it S-ON for daily use?

Thanks in advance

 

[wayrad]

Never heard of rooting via the radio. Most of us here used unrevoked, which requires connecting the device to a computer via USB. And once you have s-off, the only reason to reverse it would be if you needed to unroot for a warranty return.

You might want to be a little more careful about reading app permissions after rooting, but honestly, there are only a small handful of Android malware apps (mostly from outside the Market) and none of them specifically target rooted phones AFAIK.

The sticky in this section should get you started on what you need to know about the rooting process.

 

[sdrawkcab25]

I have yet to get my Incredible (should be a few days) but I want to root it soon after. I have been studying the forums for the correct methods, but have a few questions. Now I may be totally off-base with my assumptions, not knowing anything about the mobile market/android, but I use linux and understand the OS. My concerns with unrevoked are: if its a hacked exploit to root the phone and keep it rooted through the radio..couldn't someone else do it remotely? Also does running the phone in S-OFF create a security issue? I dont run my PC as root for obvious reasons. Do you S-OFF your phone only to install apps/roms and then put it S-ON for daily use?

Thanks in advance

Rooting has nothing to do with the radio, it's all done locally. S-off allows you to install unsigned roms/programs and make changes to the nand without having to be in recovery. You will always keep your phone S-off unless you need to return it.
A program called "superuser" allows you to control what apps are allowed root access and will prompt you when a program tries to run as root.

 

[jakeotr]

What I meant is the security level is a flag stored on the radio. The makers of unrevoked forever have essentially gained control of the phone through an exploit, so I wonder if anyone else were able to do this...what possible security issues could this pose? Are other ways of rooting more secure?

 

[wayrad]

The makers of unrevoked forever have essentially gained control of the phone through an exploit

No, YOU have. They have no access to your phone.

That said, I vaguely remember a thread floating around here somewhere that recommends that rooted users in particular avoid a few apps that store passwords in a clear text database (I don't remember why this was worse if you were rooted; most likely because the database is user-inaccessible if you aren't). One of them was the HTC stock mail app. K-9 is better anyway IMO.

If you're nervous about security, once you're rooted you can run DroidWall.

PS. I don't know where the s-off info is stored, but even if it were in the radio...well, if I hide money in my AM/FM radio, can the news announcers steal it? Just because it's stored in the same place the radio part of the operating system is (if in fact this is the case) doesn't mean anything.