Quick Links

Back in the day, rooting Android was almost a must in order to get advanced functionality out of your phone (or in some cases, basic functionality). But times have changed. Google has made its mobile operating system so good that rooting is just more trouble than it's worth.

What Is Rooting?

 

Since Android is based on Linux and uses a Linux kernel, "rooting" effectively means allowing access to root permissions in Linux. It's really that simple---these permissions aren't granted to normal users and apps, so you have to do some special work to gain them.

So, what can you do with a rooted phone? Lots of stuff! If you find that your phone limits you in some way, or find yourself saying "man, I wish I could <do this thing> with my phone," then there's probably a solution that can be achieved by rooting.

Sounds great, right?

Well...hold your horses.

Let's talk about why it's probably not worth the trouble these days.

Android Is Much Better Than It Used to Be

IMG_9474

I'm a lifelong Android user (Android's life, not my own), and when I first started using Google's mobile OS, you couldn't even take screenshots on the phone without being rooted---you had to connect it to a computer and use the Android Debug Bridge command line tool.

And that's one of the simpler examples. Back in Android's early days, the software wasn't really optimized all that well, which resulted in poor performance. Thus, rooting to overclock the CPU was pretty common. Even little things like the ability to disable GPS from a widget required the system to be rooted. There were really a whole slew of reasons---which were different for many users---to root Android back in the day.

Related: Seven Things You Don't Have to Root Android to Do Anymore

Fast forward to today, and nearly all of the limitations---from big to small---have basically been addressed in the stock operating system. So many things that once required rooting and hours worth of tweaking are now right there out of the box.

As the operating system has been further opened, a lot more advanced tasks are now even available from third-party applications. For example, Android used to require root access to customize the status bar. Stock Android now has the System UI tuner to help with that, but even phones that omit this option---like the Samsung Galaxy phones, for example---can get access via a third-party application. It's quite brilliant.

I don't want to bore you more specifics since they're clearly different for each person, but the moral of the story is: phones are much, much better now. I literally have all the functionality on my phone today that I needed to root for just a few years ago.

Now, all that said, there are viable reasons to still root your phone---and I will undoubtedly hear about many of them in response to this very post---but far, far fewer people will find themselves needing it, especially for how difficult and risky it is.

Rooting Is Just as Much of a Hassle---If Not Moreso---Than It Ever Was

Most Android devices are not designed to be rooted. The system is locked by default, with no way of legitimately unlocking it. The primary exception here is for Google phones, like the Nexus or Pixel line, which have the ability to unlock for easy rooting.

Other phones, though, are not as easily rootable. They're designed to be locked down and stay that way. In those cases, a workaround (or "exploit") is required to gain root access. And just as quickly as determined Android hackers find these exploits, the manufacturers are patching them.

As a result, rooting an Android handset can be incredibly hard. Back in the earlier days of Android, things were a little easier, as exploits were aplenty and generally very simple. Now, however, it can sometimes take months after a phone is released before a workable exploit is found, and can often be fairly difficult to achieve.

Because of this added complexity, it takes a certain level of savvy to "safely" root a most modern handsets. You'll need to wade through a ton of forum posts and different guides to find the right tools and exploits for your specific phone, and it can be extremely difficult and time consuming. And even when you do figure it all out, you can damange your phone permanently if something goes awry.

What kind of risks? How about bricking your phone? In some cases this may mean something fixable---known as a "softbrick"---but in others it can mean a permanent and unfixable brick. Even in the cases where it can be fixed, this generally means a lot of research and work. It's tough, and not as worth the risk as it once was.

Rooting Is Bad for Your Phone's Security

Rooting also makes it harder to update your phone. That means, most importantly, no security patches, which is bad.

If we use the recent Spectre and Meltdown vulnerabilities as a reference, you can see how the lack of security updates can quickly become a problem. Google has already released Android security patches for Spectre (Meltdown is another story altogether), but if your phone can't receive updates, you're out of luck. And that's just the tip of the iceberg when it comes to security issues with rooted handsets.

Related: The Security Risks of Unlocking Your Android Phone's Bootloader

Have you ever asked yourself why root access isn't available out of the box on Android? The answer is simple: because it's an inherent security risk. Basically, when you root your phone, you're opening it up to not only execute the tasks you want, but also the tasks that malicious code might want to run. You still have to grant root permissions to individual apps, but you're putting even more trust in the developers of those apps than you normally would---and not all of them are necessarily trustworthy.

Plus, there are new malicious apps for Android discovered all the time---some of them can even root your handset without your knowledge and install system apps quietly behind the scenes. More recently, the first Android malware with the ability to inject code was discovered. While you're not guaranteed to get a virus just by using a rooted handset, it is absolutely something to consider.

Further, you'll also lose certain functionality on rooted handsets---like Android Pay access. This is because of the SafetyNet API that Google put in place to make sure the most sensitive of data---like your credit card and bank information in the case of Android Pay---is kept as safe as possible.

The bottom line here is this: if you're not willing to put all of your data at risk, then don't root your phone. I'm not trying to be hyperbolic and scare you into thinking all of your personal info is going to end up in the wrong hands just because you rooted your phone, but I am suggesting that the possibility is real and something you need to be aware of.

Even Custom ROMs Are Not Perfect

I know the argument for custom ROMs is coming, so let's go ahead and talk about it. If you're all-in on the rooting scene, then you might also be running a custom ROM. Cool! You can in effect bypass a lot of the above-mentioned hassles by doing that...and also introduce yourself to a new set of hassles.

Since custom ROMs are generally based on stock Android, one could argue that it's easier for ROM developers to keep things up-to-date with security patches and whatnot. That said, "easier" doesn't always mean "practical." In fact, some of the most popular ROMs out there are maintained by a small team of just a few people (or even a single person), and therefore not completely up to date because they just don't have the time to keep on top of things.

In other words, running a custom ROM based on stock Android isn't an automatic improvement. In fact, since most ROMs are rooted out of the gate, they're inherently less secure than a non-rooted system, current security patches be damned.


All in all, root still has its place among the Android modding crowd, and I don't want to discourage that. I'm really just suggesting that it's not worth it for most users---even among the more tech savvy. Most of what could only be achieved with root access before can now be done natively in Android, and a lot of what can't is now accessible through third-party apps. If there's something you want to do that requires root access, we're at a place where you really need to ask yourself: is the reward really worth the risk?