1. Are you ready for the Galaxy S20? Here is everything we know so far!

To root or not to root? What are the pros and cons of rooting?

Discussion in 'Android Rooting' started by THpubs, Aug 9, 2015.


To root or not to root?

  1. Root

    3 vote(s)
  2. Do not root

    2 vote(s)
  1. THpubs

    THpubs Newbie
    Thread Starter

    Im thinking of rooting my note 3 (sm-n900) and installing CM 12.1. The main reason to do this is to eliminate the bloatware, increase the speed, get the latest updated (improvements, updates, security fixes, etc). By doing this, I will loose some cool features I love (like the smart stay, s view cover, S pen features, etc). So, what do you think? To root or not to root?

    1. Download the Forums for Android™ app!


  2. Hadron

    Hadron Smoke me a kipper...
    VIP Member

    Well I think you've pretty well covered it. Except that the question was "root or not?", and some of the consequences (loss of Samsung features) only happen if you install a ROM that is not based on Samsung's software. Some of the other benefits (e.g. bloatware removal, better backup options, firewalling and other features that need root to work well) can be gained by just rooting but otherwise sticking with your current ROM, or by installing custom ROMs based on Samsung software.

    (Note: I don't have a Note 3, so am not au fait with the ROM options for that device. Hence I'm just making a very general comment).
    THpubs likes this.
  3. Jfalls63

    Jfalls63 Android Expert

    If you root, uninstall the apps you never use and don't want, install the ones you like and maybe add a different launcher and keyboard, there you have it. A THpubs custom rom.
    THpubs likes this.
  4. THpubs

    THpubs Newbie
    Thread Starter

    Well actually one of the reasons to root is to experience cyanogenmod :)
    Jfalls63 likes this.
  5. Blu8

    Blu8 Android Expert

    Sorry to butt in but if you already have your mind set on rooting and flashing you're better off with an AOSP rom like BrokenOS instead of CM12.1, just my two cents
  6. Crashdamage

    Crashdamage Android Expert

    You seem to have thought much of the prod and cons through already. To me, removing bloatware is a minor advantage. Loading a Touchwizz-less ROM would be the main reason I'd wanna root this thing.

    I would expect any speed improvements to be minor. No Touchwizz will help there. Blu8 probably has the right idea.

    Something that always bothers me is this: There are legitimate reasons to be concerned about the effect rooting has on the security of Android devices. Call me crazy, but I think this needs more consideration.

    The #1 rule of Linux security is Never Run as Root unless necessary to perform administrative tasks. This basic concept is largely ignored by users rooting their devices.

    "But," they say, "I'm not running as root, I have to su to root.". You may not be running as root, but an exploit has already been used to enable su to gain root access. IOW rooting breaks built-in security features of Android such as sandboxed apps, user permissions, etc.

    I used to root every phone I had. But I no longer root my daily driver phone that I cannot do without. As hardware and software has improved the need to root has declined. Now I do not recommend rooting unless you have a specific need or just want to experiment on a spare device.



    Blu8 likes this.
  7. EarlyMon

    EarlyMon The PearlyMon
    VIP Member

    As your first article clearly states, you lose sandboxed apps when you grant root rights to an app.

    SuperSU is like sudo in Linux - you have to use it properly.

    If anything tries to remount my /system partition as read-write (I keep it read-only) SuperSU stops it until I allow it.

    Kondik said that the main reasons were firewalls and dns control, things you can do now without root.

    Really? How, exactly, do you get access to the ipchains and set up a whitelist mode firewall without it?

    As for root opening an exploit - that depends on the phone and the user.

    Stagefright is all the rage and the researcher responsible gave 4 possible actions leading to an actual exploitation.

    OK - so that's easy to simulate.

    Supposedly a root maker might be installed behind my back without my knowledge.

    Let's skip that part and pretend it succeeded, I installed a named example myself - and ran it.

    It failed.


    But let's imagine that I couldn't see that, it was a fictional version without a front end.

    Look at my status bar - that glyph in the upper left is telling me that my firewall is unhappy.

    Let's look.


    So right at the top is an app that threatened me, via a Stagefright failure simulation.

    Stopped dead in its tracks.

    And if it had tried to do anything else in system, I'd have more than a good chance of being alerted to it.

    I agree - most rooters today act like teenagers with a bottle of whisky and the keys to the convertible.

    But - if one stops, reads just a little, and exercises best practices, then root can be a ticket to higher security.

    Taking on root means that you're going to be the security administrator, not someone else. And that's a first principle - know your security admin.

    Now - if you're not interested in doing right, don't do it - like the sign says, you must be this tall to ride.

    Final notes -

    Much is said about Android being inherently safe and everyone only needs to use their noggins.


    I've been to two sites this year where the entire site had been hijacked. The only way a lot of people found out was by visiting.

    I have over 240,000 entries in my hosts file sending attempts at redirects and payloads from dirty sources straight to the bit bucket at /dev/null.

    That's not perfect - but it's another layer of security.

    Finally the stackexchange article discussing bootloader exploits does so strictly in the context of physically having the Android and connecting it to a pc. By that time, it's game over isn't it?

    Rooting is not for everyone.

    But it can increase security if that's what you set out to do.

    I wish more people would.
    #7 EarlyMon, Aug 13, 2015
    Last edited: Aug 14, 2015
  8. Crashdamage

    Crashdamage Android Expert

    Hmmm...I've gotta take some time to stuff that in my pinhead...I'll get back to ya...but I think we're actually not far apart.
    #8 Crashdamage, Aug 13, 2015
    Last edited: Aug 14, 2015
  9. Crashdamage

    Crashdamage Android Expert



    I don't think he said you don't or shouldn't need root to setup firewalling. Here's what he said:

    '...new APIs from Google make keeping root privileges active in aftermarket mods (like CyanogenMod) less essential. He reveals:

    "Android 4.3 introduces some new and much needed security features which not only restrict setuid binaries on the system partition (su), but also limit the capabilities of processes. In the current architecture, even if you could get elevated privileges, you can't do anything out of the ordinary. Root in the shell via ADB is all I use, and it still works just fine."'


    'In other words, Google is restricting root for security reasons. But Mr. Kondik says Android's open source make this a virtual non-issue:

    "This isn't a problem for me, since I use CM. When there is a situation that I'd need root, I just modify the system to accomodate what I'm trying to accomplish in a secure way.
    A few good use cases for root are:

    * Firewalls and network software, potentially requiring raw sockets.
    * Managing the DNS resolver
    * Tweaking various sysfs nodes to control the kernel

    All of these can be done without exposing root, and they can be done in a very secure way."'

    What I take from that is he's saying you do need root and you should need root, but that by cleanly modifying the system to include use of su instead of cracking it and sticking it in, the system can remain more secure. "Without exposing root" or as I would put it, without abusing root by breaking the system to enable root. Put very simply, he's just saying include the ability to su to root in a manner more like it's implemented in desktop Linux. I don't see where he says there's no need for root to set firewalling or DNS.


    Yes...demonstrates proper firewalling. Good!

    And here is where I start to really have a problem with rooting. Way too many users are rooting after hitting the whisky instead of before. They don't read, they don't exercise best practices, they don't firewall properly and they don't take being security administrator seriously.

    In the above you demonstrated that you do all of those things and that your system is secure. How many rooters do you think know how to do that? And out of those that could, how many do you think bother to actually do it?

    Exactly. But no one is checking rooter's height.

    Yet another example of you going the extra mile to do things right. Respect. But how many rooters do you think do that? One in a hundred? You are not the problem, that's a Good Thing. What about others?

    Yeah, it is. I realize it requires physical access to the phone for this to be a threat. it is a little over the top to be worried about it. I kinda threw that in, just to show what's possible.

    No, it's not. I wish so many people would quit acting like it is. There's no magic in root.

    Exactly. But I say again, with rare exceptions like you, they don't. That's the problem. Lack of knowledge combined with lack of effort. The average rooter should not be rooting.

    See? I told you we weren't far apart about this stuff.
    #9 Crashdamage, Aug 14, 2015
    Last edited by a moderator: Aug 14, 2015
    scary alien, Blu8 and EarlyMon like this.
  10. EarlyMon

    EarlyMon The PearlyMon
    VIP Member

    It's a horse, water, drink situation.

    It's an information problem.

    It's an Internet issue.

    In the years before Google+ and lower occurrence of independent blogs, people relied on forums for rooting information.

    People were afraid of bricks and the threat level was low.

    Back then a common first post was, "I'm new here, I need help understanding what a nandroid backup is, I'm want to try rooting." Further discussion revealed lurking occurred before selecting one or more forums.

    Today, forum traffic is down everywhere and the common first post is either, "I bricked my unnamed phone and I don't see why I should include more information, plz help fix it right away, it's urgent," or, "I accidentally erased all of my partitions and I don't have a nandroid backup, what's my next move?"

    We had an epidemic of that earlier this year when our own sister news site ran a low rate story of how easy it was go clickity clack, get rooted, and rush over to XDA to find out how to fix your phone by installing a new rom (with a don't forget, CM is teh bestest).

    I complained to deaf ears. They've run that story often before and they're going to again for the same reason that all of the blogs, big and small, do it - clicks and lots of them.

    Let's talk about piracy, it's absolutely related.

    Once upon a time, someone would ask how to root and get warez - and be flamed by a hundred voices to wake up.

    No more. Another popular first post, "I'm having trouble pirating warez, help me right away." And it's rarely reported or posted against outside of staff.

    But here's a statistic that is not made up - 5/6 of the known Android infections due to a bad app came from piracy.

    And what lesson did Stagefright teach that so far as I know, I'm the only one who mentioned it with no ensuing discussion?

    That it may have been possible all along to become completely compromised by movie piracy directly from the movies instead of just from the distributing web sites.

    And only one known hole is getting plugged.

    We are very close on this issue but we're also far apart.

    When you give anti-anti-virus advice or say don't root, you're expressing your holistic approach in parts.

    That's why I always enjoy our discussions on this - I want lurkers to see the full picture.

    If I'm one in a hundred and people are asking, I don't think that the answer is that rooting makes you less secure as a con, and hope to reduce the number of rooters.

    I want to increase the ratio of getting it done right because people are going to do it anyway.

    I'd like a lot more people to see what I see all of the time -

    You install an app that seems straightforward - and the next thing you know, your firewall is unhappy or worse, Network Connections says that your new flashlight app just had a long conversation with a server in China.

    Or you visit a good website, see a thoughtful comment with a link that explains more, you click it and you get - page not available - but it is on your pc.

    Safe practices are not enough for most people, and I'm talking about knowledgeable folks who are actually trying to follow safe practices. They're still susceptible to those attacks and have fallen victim often without ever knowing.

    For the first six months of advising the use of a proper firewall for Android here and elsewhere, I was generally ridiculed. That changed after one other guy spoke up in favor. Then it started to spread.

    In my pro reasons for rooting I try (and probably fail) to be consistent - the advantages are the firewall, ad blocking (because it's not just ads, it can block toxic sites), and better backups.

    And if you're not rooting, yes, a security suite to at least try to help with what rooting can help you achieve, and using your not fastest browser in favor of one that will help you ad block. That's a distant second to rooting.

    I've been torn since I've known what I showed here about sharing my Stagefright simulation in the Stagefright thread or other security threads.

    On the one hand, I want people who root to know that you can protect yourself from the unknown - evidence suggests that if the bad guys had gotten there first, I would have been safe from the threat.

    But the danger is that too many people these days would do a TL/DR and say, oh root protects me, where's Google - ah unsafe Chinese clickity clack rooter, no problem... :(

    Anyway, thanks for the correction on Kondik's name. The danger of a learning keyboard - misspell it once and it corrects the wrong spelling forever after. You're going to see a moderator edit mark on your post and my previous one to fix only that out of respect for the man.

    And if Kondik said that you can take steps to make your system more secure on the key points mentioned without root - have you?

    Has Google?

    I don't think so.
  11. EarlyMon

    EarlyMon The PearlyMon
    VIP Member

    PS - @electricpete also firewalls correctly.

    So do many others thanks to getting the word out.
    scary alien and Crashdamage like this.
  12. Blu8

    Blu8 Android Expert

    Wow all that really got me thinking. Thank you for sharing that EarlyMon. Could you maybe do me a solid and direct me to some info on firewalling and the like for root users? TIA
    scary alien and EarlyMon like this.
  13. Crashdamage

    Crashdamage Android Expert

    Nice rant. I agree with about 90% of it. We are close regarding our views on this stuff. We still differ a little, but I wouldn't say so much as far apart on anything.

    I suppose it's fair to say I take a holistic approach. Interesting, I never thought about it that way.

    Anyway, we split here:

    I say most people should not root because they don't have the knowledge and are unlikely to take the time to learn. And they will delete whatever, not firewall, etc etc then beg for help.

    People will say "I have no computer and I know nothing about them. But I heard about this rooting thing. Could you tell me step by step how to root with one click and no computer?". And someone gung-ho about rooting will try to walk them through replacing the OS even though they may not be capable of installing an app.

    Now, I would just say forget about rooting. To me, the glass is half empty and I'm not gonna try to fill it.

    You're saying, OK, I'll help you learn basic proper rooting practices and we'll go from there. To you, the glass is half full and we can fill it up if they're willing to get the ice cubes.

    I guess I have less confidence in people than you do. Maybe I'm just getting old...
    #13 Crashdamage, Aug 14, 2015
    Last edited: Aug 14, 2015
    EarlyMon and Blu8 like this.
  14. EarlyMon

    EarlyMon The PearlyMon
    VIP Member

    Check out this thread to learn some about the built-in firewall -


    Check out "AFWall+ (Android Firewall +)"


    Make sure that you show the LAN as well as the wifi and cell, and make sure it's active for when you change networks.

    Make sure that you're in whitelist mode - nothing gets permission until you say so. Blacklist mode gives everything permission until you say no - and by then it's too late.

    For each app ask yourself three simple questions -

    Does it have any business on my home LAN?

    Does it have any business talking out on wifi?

    Does it have any business talking out on my cellular network?

    Now, I advise against public wifi networking in general. But if you feel you have to do that (it's convenient at your local library or hospital but not ok at Starbucks etc) - then only let your banking app talk via your carrier (if you trust your carrier).

    So, it's situational (and I purposefully chose controversial examples to further discussion).

    As a beginner, that advice alone is going to do you a world of good - and I purposefully set up my firewall simply for the earlier Stagefright example in the event that someone might ask - and I really thank you for doing so! :)

    To go further, turn on logging for a while and see how to learn what talks to who in the outside world.

    The Network Connections app is your friend with that.

    You can go from there and get quite sophisticated but there's a good start, hope it helps.
    #14 EarlyMon, Aug 14, 2015
    Last edited: Aug 14, 2015
  15. Blu8

    Blu8 Android Expert

    Sorry I was caught up on something. But thank you very much for the information, I will definitely look into that as soon as I get the chance. I really appreciate the nudge in the right direction!
    EarlyMon and scary alien like this.
  16. scary alien

    scary alien not really so scary
    VIP Member

    Very interesting and enlightening discussion above guys! :thumbups: :)

    I got a few other thoughts for you guys:

    Let's also keep in mind that rooting and installing a custom ROM after two very different things (likely related, but very different).

    If you root but basically stay stock (which I typically do) and you do not intend flash a custom ROM (and therefore also won't likely take a Nandroid backup to cover your butt), how do you intend to un-root when you decide you want to take the OTA that's been nagging you for a couple of days now?

    Answer: you're not likely to be able to figure out how to do that [1].

    Rooting usually means you've given up any desire or hope of taking or installing an OTA. Attempting to force the install will likely result in a boot loop (ask me how I know :p [I did that on purpose, though ;)]).

    Un-rooting nowadays means that you'll have to flash your system back to a different and/or stock ROM, losing all of your prior setup as a consequence.

    Most folks don't know that going in :(.

    ~ ~ ~ ~ ~

    [1] I'm assuming that you're running a pretty recent version of Android (that has SELinux enforcing enabled) and that you had to flash (via a custom recovery) one of Chainfire's recent Update-SuperSU-xxx.zip files. In order for root to work, Chainfire had to do some very clever things...unwinding those things are NOT straightforward and are not for the faint of heart (or those not able to: use adb, boot into custom recovery, remount /system in rw mode, use Linux commands, read and interpret what the SuperSU .zip file's updater-script (update-binary, actually) did to your system to root it, and un-do those functions).
    #16 scary alien, Aug 14, 2015
    Last edited: Aug 14, 2015
    Crashdamage, EarlyMon and Blu8 like this.
  17. Blu8

    Blu8 Android Expert

    That's very true, I see many many people asking how to root their brand new S6, note 4 and the like. Phones that haven't been out for three months, but they have heard the hype about rooting and how all the cool kids are doing and say hey why not. What they don't about is, they trip knox and that means no more Samsung Pay, and possibly no maintenance even if under warranty. Then they realize what they did and want to go back, but the only way to "untrip" knox is replace your motherboard, which is absolutely not worth it if it could have been avoided with a little research on root.

    Updater binary*
    The SuperSu.zip updater script is a dummy file [emoji16]
    Crashdamage and scary alien like this.
  18. scary alien

    scary alien not really so scary
    VIP Member

    Thank you for the reminder--very true and I fixed my reference above! :)
    Blu8 likes this.
  19. Jfalls63

    Jfalls63 Android Expert

    Serious topic and I apologize for my first reply. Lesson learned not to drink and post.
  20. Vlad Soare

    Vlad Soare Well-Known Member

    I rooted my Galaxy S5 because I wanted the phone to be more customizable than the manufacturer would allow it to be. Now I can turn off the camera shutter sound, I can have an automation app turn the airplane mode on or off under certain circumstances, I can use BetterBatteryStats to view partial wakelocks, I can get rid of bloatware, and so on.

    As for security, as I understand, applications will not be running by default under the root user. They will need to perform an su. And if an application makes an su request, then SuperSU will display a pop-up message, asking me to allow or deny it. So there should be no risk, unless I inadvertently grant the su permission to the wrong app.
    Is that correct?
  21. EarlyMon

    EarlyMon The PearlyMon
    VIP Member

    No risk = 0% probability of risk

    0% probability is a mathematical impossibility. So is 100% probability.

    The risk factor is calculated by this ratio -

    Complexity / Maturity

    What does that mean?

    If something isn't complicated and it's been established for a long time, it has low risk.

    If something is highly complicated and hasn't been done before it has very high risk.

    So your target is a low risk factor.

    I find that the risk of rooting isn't low enough. I find that the risk of general phone use isn't low enough either, and I've put them together.

    So I engage in risk mitigation as I've discussed including - extreme caution before installing anything, reasonable caution with networking and web use, password caution, use caution, ad (site) blocking, and firewalling.

    If you limit the scope of your question to a narrow definition, you're anecdotally correct, there's not much risk of something wanting system access and getting past SuperSU.

    If you're properly configured.

    Quick - tell me right now if your /system is read-only. What other factors are you checking?

    My point is that even if the answer would be yes, I can add reasonable questions until the complexity gets so high that you may have doubts.

    The risk consequences you face are high.

    Don't put all of your eggs into the risk factor for SuperSU basket.

    Mitigate your risk by adding layers to protect yourself. Linux firewall - low risk factor. Host file routing - low risk factor. Both are open to you now.

    And watch what you install and where you go. You're part of the equation.
  22. Vlad Soare

    Vlad Soare Well-Known Member

    My /system is mounted read only. I'll look into installing a firewall; I have none right now.
    I understand what you're saying about the mathematical meaning of "no risk". When I said "no risk" I didn't mean exactly 0%, but rather "low enough for practical purposes, considering the way I'm using the phone". :)

    Even when the device is brand new and unrooted there's some level of risk. Poorly written apps that cause the phone to hang, or malicious apps that access your private data and send it to China, or anything like that, can be easily installed on non-rooted devices. That's an inherent risk of using a smartphone, and you can avoid that by being careful what you install and how you use what you've already installed.

    So, let me rephrase my question. An unrooted device is subjected to certain risks, which can be mitigated by being very careful. If a rooted device has SuperSU installed and the /system mounted read only, is it subjected to higher risks than the unrooted one, provided you're as careful in both cases?
  23. Crashdamage

    Crashdamage Android Expert

    I would say risk probability is impossible to determine unless you know what the attack is. And obviously, both rooted and unrooted devices will be vulnerable to some of the same threats. Malware is malware and can still hit either one. But I'll venture to guess that a really well-hardened rooted device, like EarlyMon's clearly is, would be less likely to be compromised that a stock, unrooted device. Can you say 50% less likely or 30% less likely? No. Can you say safe enough for practical purposes, for daily use? Yes! I'd certainly take my chances with EarlyMon's setup on my phone!

    You are on the right track for sure. You have /system mounted read-only, you're working on getting a firewall setup and maybe most important, you're asking questions and trying to learn to do it right.

    The real problem is I'd wager that the percentage of rooters who have the knowledge to do it and put forth the time and effort to properly harden their rooted devices is low. VERY low. That's why I keep saying the average rooter has no business rooting unless just to experiment and learn on a spare device. Don't take chances on a device you depend on until you really know exactly how to do it right.
    Blu8, scary alien and EarlyMon like this.
  24. Vlad Soare

    Vlad Soare Well-Known Member

    I see. Thank you.
    I have also installed a custom recovery and made a full backup. I'll make further backups from time to time, so that if something really bad happens I'll be able to restore everything to a stable and recent enough state.
    I don't know if this thread is the right place to ask, but since we're talking about firewalls, I could use some recommendations. There are many firewalls available, and I don't know which one to choose. I was thinking about DroidWall, which seems to be quite praised, but on the other hand I've read that it doesn't get along too well with Lollipop (some bugs affecting the Wi-Fi functionality, or something like that). What would be a good and reliable firewall to start with? It doesn't have to be free.
  25. EarlyMon

    EarlyMon The PearlyMon
    VIP Member

    DroidWall is deprecated and hasn't been updated since 2011. The code was picked up and eventually turned into Android Firewall, now also deprecated and discontinued from the Play Store.

    It went from there to AF Wall+ and that's what I linked earlier, along with some tips.

    If you know how to write firewall config files by hand for Linux, you can do that without an app (and you may have used the original Linux networking and firewall bible in the process of learning if you've been doing it long enough, I'm listed in the foreword for contributing the first scripts and validation processes for that (and now Crashdamage and a few others probably know who I am out in the world lol)).

    So please believe me when I tell you that you don't need to pay extra for a helper that writes out those files for you thinking that will give you a safer firewall than open source.

    Do however visit the AF Wall+ site at http://forum.xda-developers.com/showthread.php?t=1957231 and if you do have money and want to contribute, please consider the dev's preferred charity - http://www.giveindia.org/

    Hope that helps, hope no one is offended by the commercial.
    Crashdamage, Jfalls63 and scary alien like this.
Similar Threads - root root are
  1. Marvin P Droid
  2. Yesi Trotamundos
  3. enby_dashie
  4. Yesi Trotamundos
  5. Yesi Trotamundos
  6. Yesi Trotamundos
  7. asiopat9
  8. kumaranil13k
  9. CrunchyShadow
  10. kumaranil13k

Share This Page