Rooting security concerns - myTouch 3G, Magic Android Development

So, I'm interested in rooting, but I'm also worried about security ramifications.
What's to keep a rooted ROM from forwarding all your keystrokes/passwords/etc. to some external server?
What will keep it from silently dialing some 900 number at 2am?
Am I just being paranoid?

as long as you don't download from shady websites you should be fine. there is nothing keeping the rom from doing what you mentioned above except for the moral of the rom cook.

Even more than the concern about the ROM itself is a concern that any app on the market could have a simple bit of code that compromises a rooted system completely and totally. Is that a valid concern?
Makes me nervous.

This is what Superuser is for.

Do you mean this?
http://www.cyrket.com/package/org.zenthought.android.su

Superuser is an app that requests permission for apps to run as root
keenerb said:
Do you mean this?
http://www.cyrket.com/package/org.zenthought.android.su
Click to expand...
Click to collapse

OK.
I rooted last night.
I see exactly what you mean. It has an Ubuntu (and Vista) style UAC built in.
Fantastic.

Related

Bricked my phone, got it fixed. Now I'm scared to root.

Long story short: I messed up with flashing a custom rom. But gladly, I got my phone fixed. Now, I wanna root again but I'm scared of rom flashing. I just wanna do the basic benefits of rooting like deleting stock aps and other things.
So what other 'rooting benefits' can I obtain without rom flashing? Or without having the risk of bricking my phone? The rooting process is kinda simple for me since I can use the z4root app.
Help? Anyone?
reyesryanmjaube said:
Long story short: I messed up with flashing a custom rom. But gladly, I got my phone fixed. Now, I wanna root again but I'm scared of rom flashing. I just wanna do the basic benefits of rooting like deleting stock aps and other things.
So what other 'rooting benefits' can I obtain without rom flashing? Or without having the risk of bricking my phone? The rooting process is kinda simple for me since I can use the z4root app.
Help? Anyone?
Click to expand...
Click to collapse
You can obtain lot of goodies, like install applications not coming from the market, i guess, edit system files, remove non needed system applications, do a lot of things, be sure when you flash a rom to have a fully charged battery, its really hard to brick it.
mmmmm ????
depending what phone you have?? Rooting is safe enough, you can "unroot" just as easy! I definitely recommend z4root If you flash another ROM be sure to do lots of research next time!!! If you experience any problems, dont forget google can be your best friend! You can count on the fact you wont be the only one having the same problem
I have LG p500. Basically, I'm now scared of anything that involves CMD. I can install non market apps like the ones from here. So yeah, after Z4root. what now?
These phones are great for bricking, because a lot of times they're easy to fix. Try out themes, custom roms, custom kernels, it's all available to you now.
Can you guide me a bit? Please
Sent from my LG-P500 using XDA App
Oh! I read this thread in the news section. If i understand it correctly it will allow me to uninstall preset apps without cmd?
Nalthos said:
I recently bought a Droid 2 Global and decided to get my feet wet with android development. To familiarize myself with the platform I wrote a simple utility for managing the bloat that came pre-installed on my phone. I thought there might be other people who would get some use out of this so I am posting it here. You will need to be rooted and have busybox installed to use this application. If you used z4root to root your phone then you should have everything you need.
The application is pretty simple. When you start it you are presented with a list of the Bloat that the application recognizes. Each item in the list has a checkbox that indicates whether it is enabled or not. To disable bloat you just uncheck the boxes next to what you don't want and then press the Apply button that appears at the bottom of the screen. You can save what you have disabled as a profile by pressing the options button and then choosing Save Profile. This is convenient because you are going to need to turn all of this bloat back on if you want to receive updates. If you have saved a profile and a new update becomes available you can launch Bloat Manager, press the options button, choose Enable All and then click Apply to get your phone ready for the update. After the update installs you can launch Bloat Manager, press the options button, choose Load Profile and then click Apply to turn the bloat back off.
The following applications can be toggled on or off using Bloat Manager:
Amazon MP3 /system/app/amazonmp3_1_8_14_signed_zipaligned_Signed_2010-09-09_15-23-51.apk
Blockbuster /system/app/Blockbuster.apk
City ID /system/app/CityID.apk
Friend Feed /system/app/FriendFeed.apk
Kindle /system/app/Kindle-1_0_2-OEM-SingleSign_Signed_2010-09-20_17-31-57.apk
My Net /system/app/Mynet.apk
My Verizon /system/app/MyVerizon.apk
News Widget /system/app/NewsWidget.apk
Performance Manager /system/app/PerformanceManager.apk
Skype /system/app/Skype_mobile.live.apk
Social Messaging /system/app/SocialMessaging.apk
Social Share /system/app/SocialShare.apk
VZNavigator /system/app/vnav_6.1.0.160_Droid2Global_rel_PROD_signed.apk
Visual Voice Mail /system/app/Vvm.apk
Weather Widget /system/app/WeatherWidget.apk
World Clock Widget /system/app/WorldClockWidget.apk
When you disable an application using Bloat Manager it simply renames it to .bak. When you re-enable an application it is renamed back to .apk.
Bloat Manager remounts your /system partition as writable in order to make changes to applications. I came up with this list based on what other people have had success with removing, but I have not personally turned off everything on the list. Changing things in your system partition is always dangerous so please be careful.
Click to expand...
Click to collapse
Sent from my LG-P500 using XDA App
Sent from my LG-P500 using XDA App
Lol, rooting is so easy a baby could do it. OneClickRoot FTW.
reyesryanmjaube said:
Long story short: I messed up with flashing a custom rom. But gladly, I got my phone fixed. Now, I wanna root again but I'm scared of rom flashing.
Click to expand...
Click to collapse
Thanks for sharing, yo.
Sent from my weak Wildfire, can't wait to trade in for HD2, also, not afraid to root.
So yeah aside from this feature, what else can I do without. Using cmd?
Sent from my LG-P500 using XDA App
Iinstead of asking and waiting for responses, search on the forum or read a sticky or something to expand your knowledge if you aren't comfortable with cmd you probably shouldn't be messing with root privileges. And bricked phones are dead phones, you can only recover from a brick by replacing hardware
xxmonsterx said:
Iinstead of asking and waiting for responses, search on the forum or read a sticky or something to expand your knowledge if you aren't comfortable with cmd you probably shouldn't be messing with root privileges. And bricked phones are dead phones, you can only recover from a brick by replacing hardware
Click to expand...
Click to collapse
Wow. Since you put it that way.
But there's just too much. You cant blame me for being like this. I bricked my phone and they replaced the mother board (for free) and I am worried to do this again. I tried learning, I failed. And I don't like to be a wannabe developer of some sort, I just want to maximize my phone to it's potential and do what most people do.
You can say that I haven't exerted too much effort. In that case, maybe you're not the person I should me asking help from. Sorry, I was hurt.
reyesryanmjaube said:
So yeah aside from this feature, what else can I do without. Using cmd?
Sent from my LG-P500 using XDA App
Click to expand...
Click to collapse
CMD (command shell in windows,mac or linux) is only used when you change ROMs or unlock the bootloader (the program that loads the ROM) apps and themes have nothing to do with it, you will read ADB a lot which is basically a way to access the whole device remotely, most of this you do on the handset itself. Root is a term the same as apples jailbreak, which gives you complete access to everything (most is protected bloatware (apps) that network providers don't want you to delete, there is also a percentage of protection stopping you messing up bits that bricking your phone! Bricking doesn't mean screen wont work, force closes or not booting...it means DEAD! If see something cool that you fancy doing, research a little first and if you don't know what it is or means...DONT DO IT! Its that simple root is what you make it, it opens a lot of options but there's no rush to get to the end, the you learn doing little bits, the quicker you'll be confident flashing ROMs and maybe even developing your own customisations
reyesryanmjaube said:
Wow. Since you put it that way.
But there's just too much. You cant blame me for being like this. I bricked my phone and they replaced the mother board (for free) and I am worried to do this again. I tried learning, I failed. And I don't like to be a wannabe developer of some sort, I just want to maximize my phone to it's potential and do what most people do.
You can say that I haven't exerted too much effort. In that case, maybe you're not the person I should me asking help from. Sorry, I was hurt.
Click to expand...
Click to collapse
If you want to maximize your phone's full potential you have to deal with thoses things, e.g.: joy 845 comes with the stock rom, which is slow and contains many things not needed, thus you have to flash another rom, better, faster etc...so yeah you have to be a wannabe in the end if you want to do what you want.
Check out Youtube how-to vids on rooting. Some are invaluable, especially the longer ones. Most of these guys take you step by step in detail.
Sent from my ADR6300 using XDA App

[Q] Security

Does rooting make a phone less secure?
Siborg90 said:
Does rooting make a phone less secure?
Click to expand...
Click to collapse
Because Rooting is somewhat built into an App(super user) which has to request permissions - that you must accept, I would say no, i'ts not really less secure.
There was an attempt at malware by some vicious people (which google quickly prevented) who had created an app that had found a way to create it's own super user rights (and automatically root your phone from within the app) but that is completely different and you can read about patching to prevent that from happening (although google already long pulled the apps)
Just be careful what "other" kinds of apps (meaning unknown sources) you put on your phone, and you should be just fine (and if an app asks for super user permissions and you don't think it should need them, hit deny and research the app)
Thanks, good answer.
EB16 FROYO
EB16 DARK_FROYO
EA11 Voodoo Kernel
Rooted with superoneclick

[APP][1.6+] PDroid - the better privacy protection app - will you use it?

Hi,
I have recently developed a privacy protection application for Android.
You can use it to block access for any installed application to the following data separately:
Device ID (IMEI/MEID/ESN)
Subscriber ID (IMSI)
SIM serial (ICCID)
Phone and mailbox number
Incoming call number
Outgoing call number
GPS location
Network location
List of accounts (including your google e-mail address)
Account auth tokens
Contacts
Call logs
Calendar
SMS
MMS
Browser bookmarks and history
System logs
SIM info (operator, country)
Network info (operator, country)
For device ID, phone and mailbox number, SIM serial, subscriber ID and device location it also allows supplying custom or random values.
Unlike others (e.g., Permissions Denied or CM) this does not make applications crash when access to private data is blocked.
The following short video shows some of its functionality.
PDroid does not require ROOT or any Android permission to function, nor does it need any services running in the background. But it does require patching some ROM components, so that it needs to be ported to different devices. Currently it is available for Nexus One, Nexus S, Desire HD (Gingerbread) as well as Magic with CM 6.1 (Froyo).
So I am wondering if I should release it for public use and maybe port to other devices. I will only do so if you would like to use it, since it requires some fine-tuning to be more user-friendly. So please vote if you would like to use PDroid.
I would love to use this app on my galaxy s and tab.
Especially the point to give the apps random or custom information instead of just blocking the access is important.
If you need help testing the app on those mentioned devices just let me know
I hope you get enough positive feedback to port and continue developing this app.
I ll love to have such an app on my Xperia X10 mini pro (cyanogenmod 7)
so basicly it's a LBE replacement? The major disadvantage of that one is being closed-source. Do you plan to open-source yours?
I would like to give this app a shot too with my devices (Nexus S 4G, EVO 3D and Epic Touch 4G). Does not require root, but assume that root is ok? Also seen that you have for Nexus S, but was not sure if that implies to the NS4G as well. Looks promising.
XlAfbk said:
so basicly it's a LBE replacement?
Click to expand...
Click to collapse
Kind of. The functionality is similar to that of LBE while I tried to account for its disadvantages, such as not being able to disallow access to some data (e.g., system logs, incoming and outgoing call numbers etc.), requiring root or being unreliable since LBE requires its protection service to be running so that malicious apps still can steal data if they are started before LBE after boot.
XlAfbk said:
The major disadvantage of that one is being closed-source. Do you plan to open-source yours?
Click to expand...
Click to collapse
Most likely yes (depends on how much spare time I can allocale to this project).
Tahde said:
Does not require root, but assume that root is ok?
Click to expand...
Click to collapse
Yes, it won't interfere
Tahde said:
Also seen that you have for Nexus S, but was not sure if that implies to the NS4G as well.
Click to expand...
Click to collapse
Yes, basically any device, for which Android can be directly built from AOSP (and this includes Nexus 4G) is supported right now.
Love to see it for the T-Mobile G2x especially if it is open.
svyat said:
You can use it to block access for any installed application to the following data separately...
Click to expand...
Click to collapse
That's a nice list. I'd really like a version for my Motorola Defy.
How hard would it be to reuse the code to make it run like LBE, i.e. make an apk that works on every phone without having to patch ROMs for every type of device?
I too would like to use this app, sounds awesome. If you need any beta testers, I volunteer
rogier666 said:
How hard would it be to reuse the code to make it run like LBE, i.e. make an apk that works on every phone without having to patch ROMs for every type of device?
Click to expand...
Click to collapse
Impossible, since the actual application logic performing the data access control is based on the Android application framework and not the SDK. Plus, doing it the LBE way requires root and will never be 100% reliable. In other words, there is no way of creating a proper solution without patching the ROM.
I would like to have this for t-mobile US Vibrant since we're getting no Gingerbread love from t-mo or Sammy and I'm all flashed out with nothing else to do.
I would like to give your app a spin to see how it works
KB0SDQ said:
I would like to give your app a spin to see how it works
Click to expand...
Click to collapse
I am also interested in this app... Sounds very promising and I hope this will get ported for the G2/DesireZ, so I can get some freakin' privacy!
If I can help in any way, any way at all, I'd be very happy to do so.. I'm running CM7.1.0 on my DesireZ @ 1.2ghz...
Thanks a lot!
Looks great. I'd love to get that on my Thunderbolt (CM7) would there be anyway to block permissions like internet and SD card access, I know Cyanogenmod lets you disable them but you have to reset your phone after a change for them to take effect. Also I don't know if it falls into the scope of what this project is intended for but I've seen people ask about making certain apps work on 3G that only work on wifi or the other way around if you could make an app think it was using one or the other for a connection I think that would be very helpful to some folks.
I'd test this on the t-mo Galaxy S2 if you're willing to do it...
Sent from my SGH-T989 using xda premium
I guess this is TISSA (http://www.csc.ncsu.edu/faculty/jiang/pubs/TRUST11.pdf) ?
I would like to see for Desire , Great to have this kind of app! I'll help which ever way
IvanNCase said:
would there be anyway to block permissions like internet and SD card access
Click to expand...
Click to collapse
Not in near future. Doing that would require modifying the kernel and that, in turn, would make PDroid much less portable.
IvanNCase said:
Also I don't know if it falls into the scope of what this project is intended for but I've seen people ask about making certain apps work on 3G that only work on wifi or the other way around [...]
Click to expand...
Click to collapse
Nope, it doesn't
ukanth said:
I guess this is TISSA (http://www.csc.ncsu.edu/faculty/jiang/pubs/TRUST11.pdf) ?
Click to expand...
Click to collapse
Nope, I've developed PDroid completely from scratch as a part of my Master's Thesis.
svyat said:
Not in near future. Doing that would require modifying the kernel and that, in turn, would make PDroid much less portable.
Nope, it doesn't
.
Click to expand...
Click to collapse
Fair enough.
By the way how do you install this does the ROM patching need to be done by the original creator or done with a zip file through recovery?
svyat said:
Nope, I've developed PDroid completely from scratch as a part of my Master's Thesis.
Click to expand...
Click to collapse
That's great to hear. Good job done ! I can't wait to see you release. I'll surely try to port it for Desire

[Q] question about how the app "superuser" works... (behind the scenes)

Hello,
I have a question about how the "superuser"-app works behind the scenes.
As far as i know: The "superuser"-app can be used to grant root-permissions only to the programs, that I want. All other programs are still not running in root. Is this right?
If I'm right on that... Why does only the app super-user does have root after rooting the phone via e.g. the zergrush-exploit and other apps still not have root permissions although the phone has been rooted? Isn't there a security gap ?
In my point of view it could be possible, that any other app could take the root-rights just like the app "superuser" does it. If I'm not right, I don't get it, why only "superuser" gets root and all other apps can't get root unless "superuser" gives them root...
Isn't it a security gap? I just don't get it... how is this achieved?
Is it absolutely (or nearly absolutely) safe, that no other programs can get root-permissions when I use "superuser"? As I already said before, I'm really curious about, why or how this can be achieved and "guaranteed"...
Thanks in very much advance.
Kind regards
mr. salt
I think it's barely possible, that I'm the only one who is interessted how this app is working or wondering about the same security issues, which come along with my questions above?
I would appreciate an sophisticated answer very much!
greetings
mr. salt
sea_salt said:
Hello,
I have a question about how the "superuser"-app works behind the scenes.
As far as i know: The "superuser"-app can be used to grant root-permissions only to the programs, that I want. All other programs are still not running in root. Is this right?
If I'm right on that... Why does only the app super-user does have root after rooting the phone via e.g. the zergrush-exploit and other apps still not have root permissions although the phone has been rooted? Isn't there a security gap ?
In my point of view it could be possible, that any other app could take the root-rights just like the app "superuser" does it. If I'm not right, I don't get it, why only "superuser" gets root and all other apps can't get root unless "superuser" gives them root...
Isn't it a security gap? I just don't get it... how is this achieved?
Is it absolutely (or nearly absolutely) safe, that no other programs can get root-permissions when I use "superuser"? As I already said before, I'm really curious about, why or how this can be achieved and "guaranteed"...
Thanks in very much advance.
Kind regards
mr. salt
Click to expand...
Click to collapse
Ok let me see if I can explain this the best way I can. When you root your phone you are giving yourself the ability to run apps that require root. This ability is turned off by default in android. Now lets compare this to Linux, when you run an app as root you have t run the sudo command and then enter your password each and every time you want to run it with rooted rights. SuperUser is an app that when prompted will remember the selection you choice so you dont have to allow it every time you run the app and with out opening a terminal to type the commands to allow it to run as root.
You are looking at the app of super user more as a stand alone app instead of being a front end UI for the commands that you would have to run to get the same out come.
As for the security, to be honest the best security is common sense. As it is a simple fact that PC, phone, internet, server ect security is only as good as the hacker trying to get into it. If he/she really wants your info they are gonna get it. Take a look at what happened to the US DOD and they have a far more secure setup then anything on the market.

[Q] blocking ads in apps

hello all,
i just bought nexus 5.... i am kind of noob when it comes to android.
is there i can block all annoying ads that crops up within apps and browser?
i dont want to risk rooting my phone.
pls suggest me easiest, secure way to do this....
thanks.
You can try opting out from Ads from Google Settings but the only way to get rid of all the ads is to use an app like adaway which needs root. I don't know why you think it's a risk rooting your phone?? You can get back to stock anytime to claim warranty.
vin4yak said:
You can try opting out from Ads from Google Settings but the only way to get rid of all the ads is to use an app like adaway which needs root. I don't know why you think it's a risk rooting your phone?? You can get back to stock anytime to claim warranty.
Click to expand...
Click to collapse
hello
since i am new to android, i dont want to mess up/experiment on my phone. atleast till i get hang of it.
i used play a lot with my N95 before. so, till i get firm grasp on android inner workings, i wouldnt want to do anything with its in built features.
further, rooting is bit too technical for me..... there is no application that can root with just a click like it existed with S60 V3 OS.....
so will wait till such a thing comes up.
Try to find in playstore
lambo98 said:
Try to find in playstore
Click to expand...
Click to collapse
thank u for this grt suggestion.
fyi: all ad blocking apps r removed from playstore. only detectors r whats there.
ags84 said:
further, rooting is bit too technical for me..... there is no application that can root with just a click like it existed with S60 V3 OS.....
so will wait till such a thing comes up.
Click to expand...
Click to collapse
Even though there are tools available to do this (simple search on xda will locate those), you really should take the time to understand the 4-5 (simple) steps involved in rooting. That way, you know exactly what is happening (versus a toolkit that will attempt to do everything for you, and just tell you "all done" - without you having a clue about what really happened). The advantage of understanding these steps is that later, if you want to install an update or want to switch kernels and read a guide that tells you to flash "xyz", or restore from nandroid etc, you will not be clueless. Or if somebody tries to help you with an issue, and asks you to go your recovery, you won't be asking "how do I go to recovery screen"
My suggestion: If you are ever planning to root your Nexus 5, read the first 2 posts at http://forum.xda-developers.com/goo...ide-nexus-5-how-to-unlock-bootloader-t2507905 - especially the parts highlighted in red.
Then, read it again <-- repeat till you understand it. If you have questions, read/search that thread to see if somebody already asked that question - and if not, ask in that thread.
The Nexus is probably the easiest device to root. But don't root till you are comfortable with it, and understand the steps involved.
Since you mentioned in your first post that you didn't want to root, you could try https://adblockplus.org/en/about
I must admit that I tried it once and wasn't able to get it to work right, and so I just installed adaway (that requires root) instead.
jj14 said:
Even though there are tools available to do this (simple search on xda will locate those), you really should take the time to understand the 4-5 (simple) steps involved in rooting. That way, you know exactly what is happening (versus a toolkit that will attempt to do everything for you, and just tell you "all done" - without you having a clue about what really happened). The advantage of understanding these steps is that later, if you want to install an update or want to switch kernels and read a guide that tells you to flash "xyz", or restore from nandroid etc, you will not be clueless. Or if somebody tries to help you with an issue, and asks you to go your recovery, you won't be asking "how do I go to recovery screen"
My suggestion: If you are ever planning to root your Nexus 5, read the first 2 posts at http://forum.xda-developers.com/goo...ide-nexus-5-how-to-unlock-bootloader-t2507905 - especially the parts highlighted in red.
Then, read it again <-- repeat till you understand it. If you have questions, read/search that thread to see if somebody already asked that question - and if not, ask in that thread.
The Nexus is probably the easiest device to root. But don't root till you are comfortable with it, and understand the steps involved.
Since you mentioned in your first post that you didn't want to root, you could try https://adblockplus.org/en/about
I must admit that I tried it once and wasn't able to get it to work right, and so I just installed adaway (that requires root) instead.
Click to expand...
Click to collapse
thank you for the insight.
i am reading it and will root only after i fully understand it.
i did try adblockplus. got it when i searched on google.
as u said, it doesnt work right..... so i thought of asking it here as it is comman problem faced by many android users.
cheers.
ags84 said:
thank you for the insight.
i am reading it and will root only after i fully understand it.
i did try adblockplus. got it when i searched on google.
as u said, it doesnt work right..... so i thought of asking it here as it is comman problem faced by many android users.
cheers.
Click to expand...
Click to collapse
Ad Block Plus got nuked by Google, unfortunately. You need root to do this for all apps and on all connection types.
ags84 said:
i am reading it and will root only after i fully understand it.
Click to expand...
Click to collapse
Good on you to take the time to learn.
Short of rooting your phone and installing an ad-blocker, you would have to pay for "pro" versions of apps you use, which often remove ads from the app as part of the upgrade.
MoaAB hands down is the best add blocker! But u need root...
(Mother of all Add Blockers)
Nothing is going to fully block ads without root. Nope. ?
For unrooted try Andblock (not ABP) http://code.google.com/p/andblock/
You need to import a host file (menu > import), and set Port to 8080
Blocks web ads only
Lord Childe said:
For unrooted try Andblock (not ABD) http://code.google.com/p/andblock/
You need to import a host file (menu > import), and set Port to 8080
Blocks web ads only
Click to expand...
Click to collapse
So just for browsers you mean? If that's the case you can just use AdBlock Plus extensions/addons for your respective browser.
Adblock (unrooted, side load APK) will still work for WiFi just not on a data connection and needs to be setup as a proxy, or is it just for data? Can't remember.
bblzd said:
So just for browsers you mean? If that's the case you can just use Ad Block Plus extensions/addons for your respective browser.
Adblock (unrooted, side load APK) will still work for WiFi just not on a data connection and needs to be setup as a proxy, or is it just for data? Can't remember.
Click to expand...
Click to collapse
It’s plugged as ‘Andblock’, yet the app is named ‘Adblock’ – very confusing. And I’m sure it’s intentional, given the similarities with ABP.
Before I rooted my device I used Andblock (Adblock) – it works with 3g/4g, whereas ABP unrooted only works over wifi. Anyway, standalone ABP for Android is riddled with bugs and inconsistencies – brilliant as a FF addon in Windows, might be good as a browser ext. for Android - but if you're unrooted and use a browser that hasn’t got an ABP ext. then you’re buggered.
A device isn’t completely free of ads even with root - the famed MoaAB doesn't block every app ad.

Categories

Resources