How-To Geek

Why Android’s OTA Updates Remove Root (and How to Keep It)


Android’s OTA (over-the-air) updates remove root access, forcing you to root your phone again if you depend on root-only apps. There are ways to preserve this root access, and re-rooting a device will be easier on some devices than others.

This can be annoying on a Nexus device that receives regular updates straight from Google. On an old device that never receives Android updates, it’s not something you’d even think about.

Why You Lose Root

What’s the Difference Between Jailbreaking, Rooting, and Unlocking?
Compared to a PC, phones and tablets are fairly locked-down devices. Jailbreaking, rooting, and unlocking are all ways of bypassing... [Read Article]

Android is based on Linux, so Android devices come with a “root” user that functions like the Administrator user account on Windows. By default, Android doesn’t give you access to the root account. Rooting is the process of enabling access to the root account, installing the su binary. Applications can call su to gain elevated privileges, so they can break free from Android’s security sandbox and do more powerful things. Android doesn’t come pre-rooted because of the security problems this could lead to, especially for less technically inclined users.

The root process also installs an application like SuperSU or Superuser. This application controls access to the su binary, so you can choose which applications are allowed to have root access.

You’ll usually lose your root access when you install an operating system update. The OTA update sets your Android system partition back to its factory state, removing the su binary. (Or, in the case of newer versions of Android, the OTA may not work at all if your system partition has been altered by SuperSU, forcing you to manually restore it to its factory state before updating.)

If you have the Xposed Framework installed, you may need to uninstall it first before running the OTA update as well. You’ll see an error message and the update will refuse to install if you don’t.


SuperSU’s OTA Survival Mode

Some tricks allow you to keep root access, but they aren’t foolproof. They may work only with minor updates. Even if these tricks have worked in the past, they may not work with future versions of Android. In other words, you may be able to keep root after updating — but don’t count on it.

For example, SuperSU has an “Survival mode” option you can enable before accepting an OTA update. This requires the paid version of SuperSU — SuperSU Pro — that costs $2.49. It also isn’t guaranteed to work, and isn’t available on Android 5.0 Lollipop and above. It worked great for us on a device running 4.4.3, however.

OTA RootKeeper is a free app that worked in a similar way, but it no longer works with Android 4.3 and newer versions of Android.




Three Ways to Root

So if those aren’t an option, what’s an Android rooter to do? It all depends on how you rooted your device in the first place. There are generally three ways to root:

  • Unlock the Bootloader: Google and device manufacturers don’t officially support rooting, but they do provide an official way to gain low-level access to some devices. For example, Nexus devices are intended for developers, and you can easily unlock the bootloader with a single command. You can then root your device by flashing a .zip file containing the su binary from the recovery screen. Tools like the Nexus Root Toolkit for Nexus devices automate this process. Other manufacturers also offer ways to unlock the bootloader, but only for certain devices.
  • Exploit a Security Vulnerability: Some devices are locked down. Their manufacturers provide no official way to unlock their bootloaders and tamper with their software. These devices can still be rooted, but only by discovering a security vulnerability on the device and exploiting it to install a su binary onto their system partition. An OTA update might fix the security vulnerability as well as unroot the device. For example, there was an $18,000 bounty for the first person who could root a Samsung Galaxy S5 running on Verizon or AT&T. A vulnerability was found, but future updates could prevent the vulnerability from working and remove the ability to root the Galaxy S5.
  • Flash CyanogenMod or Another Custom ROM: Technically, this is an extension of one of the above methods. Unlocking the bootloader and exploiting a security vulnerability can each allow you to flash Custom ROMs like CyanogenMod, which often come pre-rooted. CyanogenMod includes a simple toggle on its settings screen that allows you to enable or disable root access. Upgrading to a new version of CyanogenMod or your custom ROM won’t unroot your device if the ROM comes with an integrated way to enable root.


How Hard Is Re-Rooting?

5 Reasons to Install a Custom Android ROM (and Why You Might Not Want To)
Android is open source, so developers can take its code, add features, and build their own operating system images for... [Read Article]

If you’ve unlocked your bootloader and rooted your phone, you may not be able to run the OTA update in the first place. Devices running Lollipop and above will only update if the system partition is unaltered. Unfortunately, SuperSU alters the system, so you’ll have to restore your phone completely to stock before you can accept Google’s OTA update. (The method for doing so varies from phone to phone, so you’ll have to Google around for how to return your device to stock first.)

Alternatively, you can update by downloading the update as a flashable ZIP file (from a community like XDA Developers) and flash it through your custom recovery, just like you would SuperSU or a ROM.

Once you’ve updated, you’ll no longer have root, and you’ll have to connect your Android device to your computer and root the same way you did the first time. For example, you could run the Nexus Root Toolkit or manually root it with adb.

On a locked-down device that can only be rooted with a security exploit, you may be able to install the OTA update, but don’t do it just yet. Check if there’s a way to root the new version of Android before you apply the update. If the security vulnerability was patched, you may not want to upgrade until a new root exploit is found. Of course, if you don’t care about rooting your device, there’s no harm in updating.

If you’d like to update your device without having to root it again each time, you may want to flash CyanogenMod or another custom Android ROM with integrated root access. These ROMs don’t get Google’s normal OTA updates–instead they serve their own updates. So when, say, CyanogenMod finishes their version of Marshmallow (likely awhile after the official Marshmallow update is available for your phone), you’ll get a notification to update to the latest version of CyanogenMod. It’s often the slowest way to get those updates, but it also takes the least amount of work.


Image Credit: claudia.rahanmetan on Flickr, Danny Choo on Flickr

Chris Hoffman is a technology writer and all-around computer geek. He's as at home using the Linux terminal as he is digging into the Windows registry. Connect with him on Google+.

  • Published 07/2/14

Enter Your Email Here to Get Access for Free:

Go check your email!