SEARCH

How-To Geek

The Case Against Root: Why Android Devices Don’t Come Rooted

image

We’ve written about rooting your Android smartphones and tablets before, but why don’t they come rooted? Google argues that rooting is a mistake for security reasons, as it subverts Android’s security model.

Over the years, Google has added more and more formerly root-only features to Android – from screenshots to support for encryption and VPNs. The goal is to minimize the need for rooting.

What is Rooting, Anyway?

Android is based on Linux, where the “root” user is equivalent to the Administrator user in Windows. The term “rooting” means gaining root access to your smartphone or tablet and being able to run applications with that root permissions – full system access, in other words.

A standard rooting process will also an application like Superuser or SuperSU. This application supervises access to root. Applications on your device can’t just get root permissions whenever they want – they have to prompt you and you can confirm or deny the request.

image

Breaking Out of Android’s Security Model

Android uses Linux’s security model in a different way. Every Android app runs with its own user ID, or UID. In other words, every app runs as its own user account. This means that every app has its own data isolated from every other app. If you install your bank’s app, its data will be stored so that it’s only accessible by the bank’s app – other apps on your device can’t snoop on it.

On a standard Android configuration, no app can access any other app’s data, no matter how many permissions the app asks for.

This all changes when you run an application as root. The application is no longer running in a sandboxed area – it has access to the entire system. An app with root permissions can read other apps’ data – this is how the excellent Titanium Backup works and why it requires root.

Root Permission Prompts and Malware

The full system access means that malware could potentially exploit root access to do much more damage than it normally could. Once an app is granted root access, it can do anything – run a key logger in the background without telling you, extract your account information from other apps, or even mess up your device by deleting critical system files.

If you know what you’re doing and only download trusted root apps, you can avoid this. However, this is worth remembering when you consider how many less-technical users use Android. They don’t care about running Titanium Backup and having access to the entire root file system – they just want it to work, place phone calls, and play Angry Birds.

In other words, you probably shouldn’t root your relatives’ smartphones and tablets as a favor to them.

image

With Great Power Comes Great Responsibility

The problems don’t only extend to malware. With full access to the root file system, you can delete critical system files in the root file system or disable critical system apps and prevent your device from functioning properly. Windows goes to great pains to prevent average users from mucking around in the C:\Windows folder for the same reason. If the average user doesn’t understand what they’re doing, they can do serious damage to their operating system.

image

Warranty Considerations

Some manufacturers or carriers may try to refuse you warranty service if you have a rooted device. If you’ve used root access to modify your system files and the software no longer works properly, this makes some sense – although you should be able to restore the device to its factory default settings and fix it on your own.

If the device’s hardware is failing, rooting can’t be the cause (unless you’ve installed an overclocking app that required root and killed the hardware with heat). To prevent any arguments, you should unroot the device before taking it in for service.

This is yet another reason why you wouldn’t want to root a non-technical family member’s device – it may cause them problems if they ever need it fixed or replaced.


In summary, rooting grants you great power – more power than Android is designed to give you. (However, it’s Linux underneath, and Linux works just fine with root access.) An app with root access isn’t bound by any permission restrictions and has the potential to cause some serious problems. If you know what you’re doing, you should be okay – but you’ll need to be more careful.

However, this power is only a liability for the average Android user. This is why Android doesn’t come rooted – if any app could pop up a root permission prompt and gain complete access to the system, many less-technical users would allow the access so they can continue using the app. Some apps might even refuse to run without root access just to display nastier ads, just as many ad-supported apps ask for a long list of permissions today. The lack of root helps protect average users.

Chris Hoffman is a technology writer and all-around computer geek. He's as at home using the Linux terminal as he is digging into the Windows registry. Connect with him on Google+.

  • Published 12/31/12

Comments (28)

  1. Bill

    To me, rooting allows me to get rid of 95% of the annoying pop-up ads, or browser ads. Ads used to be non-invasive, but greed has taken over and there is not a webpage, nor application that uses restraint in selection and/or placement of ads. They blink, move, jump, flash and annoy trying to get your attention. I have probably only clicked on ads five or six times over the 20+ years I’ve been online. I search out products I buy rather than have them shoveled down my throat. If/when moderation prevails, I’ll not longer root. Until then…. hello AdBlock+….

  2. YB

    Rooting also allows for Android users to remove all of their manufacturer’s bloat that came pre-installed on the tablet/smartphone. This could in turn free up space and allow you to install more apps on the system internal drive. It also allows you to use a Modified Host file for blocking advertisement and malicious links. With these small 7-10 inch screens, I do not need to see an ad that takes up 40% of my screen space

  3. Grammar Cop

    Not to be too critical and act like another grammar cop or anything, but in the second section titled, “What is Rooting, Anyway?“, the very first sentence in the second paragraph makes absolutely no sense and may be key to understanding the whole article! It screwed me up so bad I couldn’t finish reading this. It says: A standard rooting process will also an application like Superuser or SuperSU. What The F—?!

  4. Steve

    A standard rooting process will also “require” an application like Superuser or SuperSU

  5. mooseman645

    They should ask you if you’re “technologically savvy” on the phone contract and issue you a rooted phone. Then if you break it the phone company is off the hook

  6. Michael Fusion

    “ A standard rooting process will also an application like Superuser or SuperSU.”
    I cannot wrap my head around what this sentence could mean.

  7. thom

    Root gives me cron and rsync for a really useful app and data daily backup that is fast and efficient. :-)

  8. rKiller

    Everyone knows why (everyone is not ment yo be a SU )

  9. henry

    Mine wasn’t rooted until I accidently drove my car over it.

  10. BobbyPhoenix

    To me rooting is a safety and security measure. With needing root permission to do anything “odd” I have the knowledge that if an app is trying to misbehave I will know about it. Getting the pop up for access lets me know just what has permission to what. Also like others have said you can get rid of those stupid ads that blink, and do everything else under the sun (I know there is an app now that doesn’t need root, but it’s not as deeply implemented). As soon as I get a new phone I root, and install AdAway. Boom all ads are gone, and I’m now in control of my phone.

  11. Rishabh Mathur

    This article cleared all my doubts. I as going to root my phone without this critical info, but now i would think thrice before rooting. You guys always get important news to people.

  12. Igotyourrootrighthere

    If you don’t have some Unix or Linux background then you don’t need to be monkeying around with rooting you phone or tablet. If you do then get the backup program 1st thing and backup everything. But if you screw the os up you might not be able to restore anything anyway.

  13. RonMan811

    Chris…..another excellent article from you and the other writers that provide this information to us on HTG on a continual basis. Keep up the good work…..I am looking forward to reading more articles from all of you in 2013.

  14. Paul Silvan

    I just got a Nexus 7 tablet and rooted it for 2 reasons. I have also had 2 Android phones, both of which I have rooted with no problems or ill effects. Although I am tech savvy I am not a programmer or an expert in Linux. Here are the reasons I root my Androids.

    1. Titanium Backup: allows you to back up and restore applications AND/OR their DATA which cannot be done without root access.

    2 Datasync: allows the transfer of application data between devices which cannot be done without rooting.

    There are other advantages to rooting which are beyond the scope of this reply. I don’t recommend rooting for the average clueless user but if you use your device for more than just phone calls and photos it can certainly be useful and even prevent disasters.

  15. Paul Gadebusch, III

    Seems the comments are missing the main point of the article. It is not only a description of the rooting process but really a warning for those with a desperate need to make other people’s phones ‘better’. Once you root someone’s phone you have automatically signed up to be their tech support for anything and everything regardless of whether it has anything to do with your changes. I don’t put Nitrous in my mother-in-law’s car, I don’t clean my wife’s closet, and I don’t ‘improve’ friend’s phone without being asked.
    My rule is ‘ Ask what THEY want, then do that.’

  16. gordon

    If you want root access but also worried about general security you can use the paid versions of superuser and supersu or the free voodoo rootkeeper to temp unroot and then reapply root when needed.

    This does have the downside of stopping things like overclocking, undervolting and other tweaking apps that need root to apply settings on boot

  17. SteveJ

    I have a quick question, is there an Android equivalent of Sandboxie, as something like that would be far more straightforward. I would root my phone, but there’s so much junkware for mobile phones in general, not just Android, unless I know if an app is 100% genuine and not a threat I probably woudn’t install it unless I had some Sandboxie type software

  18. Mike

    Hey Paul nitrous in the monster-in-laws car…
    Great idea, but don’t forget to cut the brake line!

  19. Fyrewerx

    As YB stated earlier, I can no longer tolerate the bloatware put on by the provider (in my case, Virgin Mobile). The LG Optimus V only comes with 156 MB of space for OS and apps. While a miniscule few apps can be moved to the SD card, most of the useful ones cannot. I would love to be able to root my “V”, remove the idiotic (for me, at least) apps, then unroot the phone again … minus the junk. Is that something one of the previous rooting tools is best at doing?

  20. LizO

    @Fyrewerx: go to androidforums.com. You’ll find every phone and there are good instructions on rooting the Optimus V. I rooted mine but I still ran out of room even with getting rid of some of the bloatware.

    I switched to an LG Optimus Elite and glad I did. A lot more space for apps, faster processor and bigger screen. I have yet to root it (waiting a couple more weeks to make sure it doesn’t have any bad hardware) but it’s a better phone than the V. My LG Optimus V was a great phone for the little that I used it, in the beginning but started to outgrow it six-seven months in. Got the new one on Christmas and probably grow out of this one in 6 months too.

    Hope that helps.

  21. Fyrewerx

    Thanx for the info LizO. I’ll check it out. I just need to make the V last a bit longer, then on to something better.

  22. Dave

    From someone rather new at this: I’ve had an Android for a few months, and intend to root it when I get around to it (I should buy a couple cases of round tuits, actually) just so I can delete all the crapware that Verizon has installed and won’t let me delete. So the questions: Is there a way of deleting the crapware without rooting? Or, alternatively, might it be possible to root, delete crapware, then “unroot”?

  23. Randy

    If I root my Razr Maxx, will I get the program Superuser or SuperSU? Do I need to download it first?
    If I root my phone can I turn it into a hotspot without my cell carrier know I am tethering and charge me the tethering fee?

  24. rick

    @Bill, it was probably just a typo, but AdBlock+ is the one that *doesn’t* require root. Perhaps you meant Adaway.

  25. Big Al

    Very useful article. Gives you facts and the rest is up to you. I’ve rooted In the past and was amazed by the difference it made to the phone. I was not aware of the security issues. So in the future I’ll be more careful with the apps I download. Cheers!

  26. Matthew

    The only reason I rooted my phone (ZTE Blade) was to update it to gingerbread, ice cream sandwich and then jelly bean otherwise I would still be running Android 2.1

  27. manuelmatz

    yeah, GrammarCop; also very poorly written and redundant.

  28. Hullb

    A bit naive, but helpful. Consider that if we all had superuser access, it would be trivial to share pirated apps, remove bloatware, and otherwise threaten the Android business model on which Google, OEMs and carriers rely. What all the “security” protects us from is lost profit for industry, just like IRL.

Get Free Articles in Your Inbox!

Join 134,000 newsletter readers

Email:

Go check your email!