So, I'm interested in rooting, but I'm also worried about security ramifications.
What's to keep a rooted ROM from forwarding all your keystrokes/passwords/etc. to some external server?
What will keep it from silently dialing some 900 number at 2am?
Am I just being paranoid?
as long as you don't download from shady websites you should be fine. there is nothing keeping the rom from doing what you mentioned above except for the moral of the rom cook.
Even more than the concern about the ROM itself is a concern that any app on the market could have a simple bit of code that compromises a rooted system completely and totally. Is that a valid concern?
Makes me nervous.
This is what Superuser is for.
Do you mean this?
http://www.cyrket.com/package/org.zenthought.android.su
Superuser is an app that requests permission for apps to run as root
keenerb said:
Do you mean this?
http://www.cyrket.com/package/org.zenthought.android.su
Click to expand...
Click to collapse
OK.
I rooted last night.
I see exactly what you mean. It has an Ubuntu (and Vista) style UAC built in.
Fantastic.
"Give a man a fish and he will eat for a day. Teach a man to fish and he will eat for a lifetime.”
What i am trying to say is if someone can lay down the foundation of Rooting an Android Device. I am not talking about any specific device, or the different Methods of Rooting (i.e. through recovery, through script, etc.) I am speaking about what file systems/files are being modified, replace, etc?
From what i understand Android release their OS's rooted, then third parties, (i.e. Samsung, Moto, Tmobile etc) take those releases and make changes. What changes do they make besides the themed, and service ones? the changes that unroot the phone.
If you wish you can lay down the foundation of sudo/su thats cool. However, i am not asking for the history of it.
Side Note:
Pls no trolling.
Posting comments like- "you shouldn't try this..", "Leave it to the experts..", and "You're going to break your device..." are Un-Welcome.
Thanx.
Rooting my touch 4g benefits or drawbacks
I wanted to find out if there are things that work differently like the market or other things if you root a phone. What are some of the benefits to rooting? I want to use my phone as a wifi hotspot for our computer without paying for it. Is that only possible with a rooted phone? Is a phone able to be unrooted if it needs to be? Thank you for your help.
rooted the HTC BEE WILDFIRE CDMA
i have rooted the HTC BEE WILDFIRE CDMA. it is different than the HTC BUZZ WILDFIRE GSM. using the [APP]SuperOneClick v1.5.5 (Root, Unroot, Enable Non-Market App, Get UNLOCK code)
now i cant find a recovery img that will work can any one point me the right way. there is no thread in for this phone.
There's nothing fundamentally changed when you root your phone. Make yourself familiar with Linux security and you're (almost) done. Your phone executes under the control of this model, be it rooted or not. In an unrooted phone, there are nevertheless a lot of processes running with root privileges so of course there's a "root" in an unrooted phone. But it is not available to the normal user, only to system processes.
The only difference is that on a rooted phone there is a way for a non-root process to acquire root privileges, i.e. run as root. That's just about all. Except for some, umhh, minor thing: You cannot install the program required to do so (e.g., su) as long as you're non-root. Only root can install any piece of code which changes the current user into root. Apps run as their own user (to each app, a separate user "account" is assigned, none of those having root privileges) and so can't install such a thing, at least not normally.
Some trick is needed (running an exploit, changing the ROM) to achieve this and this is what makes rooting such a tricky thing.
The fundamental thing to understand what is changed when you root your phone (and that barely anything changes really) is the Linux user/group security concept. It's all open, there's no hidden secret.
mizch said:
There's nothing fundamentally changed when you root your phone. Make yourself familiar with Linux security and you're (almost) done. Your phone executes under the control of this model, be it rooted or not. In an unrooted phone, there are nevertheless a lot of processes running with root privileges so of course there's a "root" in an unrooted phone. But it is not available to the normal user, only to system processes.
The only difference is that on a rooted phone there is a way for a non-root process to acquire root privileges, i.e. run as root. That's just about all. Except for some, umhh, minor thing: You cannot install the program required to do so (e.g., su) as long as you're non-root. Only root can install any piece of code which changes the current user into root. Apps run as their own user (to each app, a separate user "account" is assigned, none of those having root privileges) and so can't install such a thing, at least not normally.
Some trick is needed (running an exploit, changing the ROM) to achieve this and this is what makes rooting such a tricky thing.
The fundamental thing to understand what is changed when you root your phone (and that barely anything changes really) is the Linux user/group security concept. It's all open, there's no hidden secret.
Click to expand...
Click to collapse
thanx for taking the time to write this but i am hoping for something alittle more descriptive.
I've got an HTC Desire and want to root it in order to install some lag-fix to make smoother.
Question is: will rooting affect the updates I get from HTC?
Sent from my HTC Desire using XDA App
Hello,
I have a question about how the "superuser"-app works behind the scenes.
As far as i know: The "superuser"-app can be used to grant root-permissions only to the programs, that I want. All other programs are still not running in root. Is this right?
If I'm right on that... Why does only the app super-user does have root after rooting the phone via e.g. the zergrush-exploit and other apps still not have root permissions although the phone has been rooted? Isn't there a security gap ?
In my point of view it could be possible, that any other app could take the root-rights just like the app "superuser" does it. If I'm not right, I don't get it, why only "superuser" gets root and all other apps can't get root unless "superuser" gives them root...
Isn't it a security gap? I just don't get it... how is this achieved?
Is it absolutely (or nearly absolutely) safe, that no other programs can get root-permissions when I use "superuser"? As I already said before, I'm really curious about, why or how this can be achieved and "guaranteed"...
Thanks in very much advance.
Kind regards
mr. salt
I think it's barely possible, that I'm the only one who is interessted how this app is working or wondering about the same security issues, which come along with my questions above?
I would appreciate an sophisticated answer very much!
greetings
mr. salt
sea_salt said:
Hello,
I have a question about how the "superuser"-app works behind the scenes.
As far as i know: The "superuser"-app can be used to grant root-permissions only to the programs, that I want. All other programs are still not running in root. Is this right?
If I'm right on that... Why does only the app super-user does have root after rooting the phone via e.g. the zergrush-exploit and other apps still not have root permissions although the phone has been rooted? Isn't there a security gap ?
In my point of view it could be possible, that any other app could take the root-rights just like the app "superuser" does it. If I'm not right, I don't get it, why only "superuser" gets root and all other apps can't get root unless "superuser" gives them root...
Isn't it a security gap? I just don't get it... how is this achieved?
Is it absolutely (or nearly absolutely) safe, that no other programs can get root-permissions when I use "superuser"? As I already said before, I'm really curious about, why or how this can be achieved and "guaranteed"...
Thanks in very much advance.
Kind regards
mr. salt
Click to expand...
Click to collapse
Ok let me see if I can explain this the best way I can. When you root your phone you are giving yourself the ability to run apps that require root. This ability is turned off by default in android. Now lets compare this to Linux, when you run an app as root you have t run the sudo command and then enter your password each and every time you want to run it with rooted rights. SuperUser is an app that when prompted will remember the selection you choice so you dont have to allow it every time you run the app and with out opening a terminal to type the commands to allow it to run as root.
You are looking at the app of super user more as a stand alone app instead of being a front end UI for the commands that you would have to run to get the same out come.
As for the security, to be honest the best security is common sense. As it is a simple fact that PC, phone, internet, server ect security is only as good as the hacker trying to get into it. If he/she really wants your info they are gonna get it. Take a look at what happened to the US DOD and they have a far more secure setup then anything on the market.
OK... I know I have been full of questions and really I just posted another question in the general forum a moment ago but I am trying to stick to the specific forums for specific questions so don't get mad at me ._.
ANYWAY... Looking at the underlying processes and other apps I will never use how does one safely remove these? I have heard of "freezing" things so you can defrost them later just in case you decide otherwise.
Any thoughts? Would this require a root?
Zadeis said:
OK... I know I have been full of questions and really I just posted another question in the general forum a moment ago but I am trying to stick to the specific forums for specific questions so don't get mad at me ._.
ANYWAY... Looking at the underlying processes and other apps I will never use how does one safely remove these? I have heard of "freezing" things so you can defrost them later just in case you decide otherwise.
Any thoughts? Would this require a root?
Click to expand...
Click to collapse
You'll need to be rooted and Titanium Backup Pro will allow you to freeze apps.
StingerDog said:
You'll need to be rooted and Titanium Backup Pro will allow you to freeze apps.
Click to expand...
Click to collapse
Ah thank you. Now in terms of doing that isn't there a list somewhere that lists all the "safe" apps to freeze? I have found lists pertaining to other tablets but not specifically the Tab 7 plus yet. Unless I'm just blind and it's been right in front of me (which is very likely) xD
I have not seen such a list but I haven't looked for one either.
Ah OK. I think I had found one for the Galaxy Tab (which I am assuming is the 10.1) and another one (which I forget what it was) so I figured I would ask.
Thank you all for your input though!
what bloatware are in your gtab?
Well, I'm getting ready to go somewhere so I can't look but all share comes to mind since I will never use it. That and for some reason after rooting my Tab (did it last night and I am quite happy) the samsung screen saver thing came back! Even though I uninstalled it.
The thing is about 50 megabytes of showcase video of the very tablet I am using...
Zadeis said:
Well, I'm getting ready to go somewhere so I can't look but all share comes to mind since I will never use it. That and for some reason after rooting my Tab (did it last night and I am quite happy) the samsung screen saver thing came back! Even though I uninstalled it.
The thing is about 50 megabytes of showcase video of the very tablet I am using...
Click to expand...
Click to collapse
If for any reason you boot into recovery there is a "hidden" partition that will re-install all that crap. If you install garyd9's CWM recovery it will not do this.
I have uninstalled almost 50 programs on my gtab that I dont use. Its stripped down to a bare tab. I HATE unwanted un needed programs.
antiochasylum said:
I have uninstalled almost 50 programs on my gtab that I dont use.
Click to expand...
Click to collapse
50? Can you list these apps?
I cleaned (froze with TB to be exact) and it's not even close to 10, but I am overly cautious so not to break the Tab. For example, I froze Polaris Office, AP Plus widget, etc.
Yes I will. Ill compare it tomorrow and post what I removed about to go to bed for now.
Sent from my ICS'd themed Galaxy Tab 7+
Is it OK to freeze these apps with Titanium Backup:
1). Apps
- Media Hub
- My files
- Samsung Apps
- Social Hub
- Talkback
- SNS related apps:
- Disclaimer
- Facebook
- Twitter
- LinkedIn
2). Built-in widgets, such as:
- AccuWeather.com (widget)
- AP Mobile (widget)
- Buddies now (widget)
- Digital Clock (widget)
- Dual Clock (widget)
- Yahoo! Finance
3). Built-in wallpapers (live or static)
- Aurora 2 (wallpaper
- Blue sea (wallpaper)
You can easily remove all apps that you don't need. You just need rooted device and root explorer or something similar. Then go to system/app and remove app you want.
gregy74 said:
You can easily remove all apps that you don't need. You just need rooted device and root explorer or something similar. Then go to system/app and remove app you want.
Click to expand...
Click to collapse
that didt work for me... im getting root error issues...
str8addicted said:
that didt work for me... im getting root error issues...
Click to expand...
Click to collapse
I got an error too when I intially tried to use Root Explorer, i opened up superuser (didnt actually do anything accept check the settings), then tried again, and access was granted properly. I already had the latest binaries via busybox so I'm not sure what happened.
jblade1000 said:
I got an error too when I intially tried to use Root Explorer, i opened up superuser (didnt actually do anything accept check the settings), then tried again, and access was granted properly. I already had the latest binaries via busybox so I'm not sure what happened.
Click to expand...
Click to collapse
I think this is an issue with SuperUser itself.
The problem is, I cannot set the Automatic Response to "Prompt". If I do use that, then ANY apps that requires root access will be automatically DENIED. The only solution is to set the Automatic Response to "Allow", which I don't want to.
I tested this with LBE Privacy apps. With "Prompt" set in SuperUser, after every reboot, 2 out of 3 times LBE failed to start. I had to open SuperUser and start LBE again and it works. When I set to "Allow", no more problem.
First off, great forum, tons of awesome information.
I apologize in advance as I am sure these questions have been answered a million times but being new to a Rooted device, I'm looking for a little clarity and guidence.
I have the AT&T variant of the LG G3, awesome awesome device.
I rooted the device with Stump Root (doesn't get any simplier then that)
I then installed "Xposed Installer", "Titanium Backup", "SuperSu", and "G3 Tweak Box".
Questions,
Xposed
1) Seems pretty straight forward, is there anything as a newbie I should know, avoid, lookout for?
Titanium Back Up
1) Well, it all looks like chinese to me. First off, I have backed up all my apps, but when I check "Backup/Restore" I still see certain apps as "No Backup Yet". Why?
2) Also, how often should I backup the apps? Is once enough?
3) After backing up bloatware, is it then safe to remove and delete?
4) Schedules, should I be enabling either option?
5) Main Menu, whats the most important actions to take here?
SuperSu
1) Seems fairly straight forward, what are "logs" and do I need to pay attention to them?
2) Settings, is there any options I need to change, take advantage of? Anything I should avoid tampering with?
Misc Questions
1) When system updates come out, will this cause me to lose Root access, if so why and how do I avoid that?
2) Is there any prevenitive measures that I need to take to protect my device against any crashes, bricking, or any other general screw ups a newbie might cause with Root access?
3) Also, how do I not destroy my device while learning to take advantage of Root access?
4) In addition to what I have already installed, is there any other must have apps for the Rooted user?
I appreciate any & all help, thanks alot in advance!
I'll answer what I can, as best I can.
Vic098 said:
Xposed
1) Seems pretty straight forward, is there anything as a newbie I should know, avoid, lookout for?
Click to expand...
Click to collapse
Make sure you have BusyBox installed as well.
It's best to change one setting at a time. It's tedious, especially if you have to reboot after changes, but if something goes awry, it's much easier to track down the conflict or bug, especially if you're using multiple modules.
Titanium Back Up
1) Well, it all looks like chinese to me. First off, I have backed up all my apps, but when I check "Backup/Restore" I still see certain apps as "No Backup Yet". Why?
Click to expand...
Click to collapse
There's a definite learning curve with TB. I'm not sure why some apps might not back up. It could be because they're core components of the OS and are write protected.
2.) Also, how often should I backup the apps? Is once enough?
Click to expand...
Click to collapse
When talking about batch backups, "enough" is at your discretion. No harm in doing them periodically, especially if you install a bunch of new apps. Backing up individual apps is good to do before updating them, in case you decide you preferred the older version. Or a game you don't want lose progress in or revert to an old "save".
3) After backing up bloatware, is it then safe to remove and delete?
Click to expand...
Click to collapse
Depends on the bloat. Some apps by AT&T or LG might seem unnecessary or unwanted, but actually are necessary and can cause crashes or force closes ("unfortunately XXXXX process has stopped"). Always back them up first, and remove them one at a time. It's better to freeze them first, then delete after testing. Personally, I don't delete bloat, just freeze it.
4) Schedules, should I be enabling either option?
Click to expand...
Click to collapse
Both, if you want to schedule period backups rather than just doing them youself. Again, your discretion .
5) Main Menu, whats the most important actions to take here?
Click to expand...
Click to collapse
Batch actions and Preferences (where to store them) are all you really should be messing with now. At least until you learn more.
SuperSu
1) Seems fairly straight forward, what are "logs" and do I need to pay attention to them?
Click to expand...
Click to collapse
The logs keep track of what was granted SU access and when. Not really necessary.
2) Settings, is there any options I need to change, take advantage of? Anything I should avoid tampering with?
Click to expand...
Click to collapse
PIN code is your choice. If you're the only one that ever uses your phone, it's not really necessary, but if if you let others use it frequently(for games, or to browse or log into Facebook), you might want to use a PIN so they don't simply hit "grant" whenever SuperSU requests rights. I use "prompt" as the default action, so I know what needs to access the system. For example, some apps that don't require root (like Clean Master) have additional functions if you are rooted, and this might not be clear in the description in Play. That way you know, and you won't accidentally screw something up. Also, malicious apps that have no business with root access can be identified and blocked.
Misc Questions
1) When system updates come out, will this cause me to lose Root access, if so why and how do I avoid that?
Click to expand...
Click to collapse
You can sometimes (usually?) lose root access after an update, but it's usually possibly simply to re-root with the same method. If not, it's best to wait to do the update until others can confirm/deny. SuperSU has a "survival mode" that can try to keep root during an update, but again, it's best to wait for confirmation by others.
2) Is there any prevenitive measures that I need to take to protect my device against any crashes, bricking, or any other general screw ups a newbie might cause with Root access?
3) Also, how do I not destroy my device while learning to take advantage of Root access?
Click to expand...
Click to collapse
Read, ask, and learn. It's easy to grow confident and think you're more clever than you really are and really screw something up (I know from experience). If you look at the first couple pages of general Q&A/Help forums, you'll see lots of people who did stupid stuff and now have bootloops and crashes and bricks. Do lots of searches, here, on google, and youtube. You can often find guides for what you're wanting to do.
4) In addition to what I have already installed, is there any other must have apps for the Rooted user?
Click to expand...
Click to collapse
AdAway or other ad blocker. Not only does it block ads in your browsers, it blocks Google ads in free apps. Apart from being cleaner and more convenient, since ads don't get loaded, pages load faster and you consume less data.
BetterBatteryStats gives you much more info on what's draining your battery than the stock Android function.
Some sort of root browser/explorer is essential. You can use it to completely delete folders/data that got left behind even after an app is deleted (which can sometimes cure Google Play Store errors), among other things.
I personally like ROM Toolbox Pro. It doesn't really do anything special, just packs a ton of utilities that you can get elsewhere into a single app.
SQLite editor is necessary to do some things, but you'd better make sure you know what you're doing before doing anything with it.
WiFi Tether Router might be able to bypass AT&T's tether app. Changing some settings with SQLite might be necessary. You'd have to research this for your device.
Those are the root apps I use, as well as Xposed and assorted modules to do theming or other functionality tweaks. Xposed is quite powerful, and you should familiarize yourself with what the multitude of different modules can do. The possibilities are seemingly endless, as developers come up with no mods every day to do new things that nobody else has done yet (or ported other mods to work with other devices).
I appreciate any & all help, thanks alot in advance!
Click to expand...
Click to collapse
Good luck and have fun!
Planterz said:
I'll answer what I can, as best I can.
Make sure you have BusyBox installed as well.
It's best to change one setting at a time. It's tedious, especially if you have to reboot after changes, but if something goes awry, it's much easier to track down the conflict or bug, especially if you're using multiple modules.
There's a definite learning curve with TB. I'm not sure why some apps might not back up. It could be because they're core components of the OS and are write protected.
When talking about batch backups, "enough" is at your discretion. No harm in doing them periodically, especially if you install a bunch of new apps. Backing up individual apps is good to do before updating them, in case you decide you preferred the older version. Or a game you don't want lose progress in or revert to an old "save".
Depends on the bloat. Some apps by AT&T or LG might seem unnecessary or unwanted, but actually are necessary and can cause crashes or force closes ("unfortunately XXXXX process has stopped"). Always back them up first, and remove them one at a time. It's better to freeze them first, then delete after testing. Personally, I don't delete bloat, just freeze it.
Both, if you want to schedule period backups rather than just doing them youself. Again, your discretion .
Batch actions and Preferences (where to store them) are all you really should be messing with now. At least until you learn more.
The logs keep track of what was granted SU access and when. Not really necessary.
PIN code is your choice. If you're the only one that ever uses your phone, it's not really necessary, but if if you let others use it frequently(for games, or to browse or log into Facebook), you might want to use a PIN so they don't simply hit "grant" whenever SuperSU requests rights. I use "prompt" as the default action, so I know what needs to access the system. For example, some apps that don't require root (like Clean Master) have additional functions if you are rooted, and this might not be clear in the description in Play. That way you know, and you won't accidentally screw something up. Also, malicious apps that have no business with root access can be identified and blocked.
You can sometimes (usually?) lose root access after an update, but it's usually possibly simply to re-root with the same method. If not, it's best to wait to do the update until others can confirm/deny. SuperSU has a "survival mode" that can try to keep root during an update, but again, it's best to wait for confirmation by others.
Read, ask, and learn. It's easy to grow confident and think you're more clever than you really are and really screw something up (I know from experience). If you look at the first couple pages of general Q&A/Help forums, you'll see lots of people who did stupid stuff and now have bootloops and crashes and bricks. Do lots of searches, here, on google, and youtube. You can often find guides for what you're wanting to do.
AdAway or other ad blocker. Not only does it block ads in your browsers, it blocks Google ads in free apps. Apart from being cleaner and more convenient, since ads don't get loaded, pages load faster and you consume less data.
BetterBatteryStats gives you much more info on what's draining your battery than the stock Android function.
Some sort of root browser/explorer is essential. You can use it to completely delete folders/data that got left behind even after an app is deleted (which can sometimes cure Google Play Store errors), among other things.
I personally like ROM Toolbox Pro. It doesn't really do anything special, just packs a ton of utilities that you can get elsewhere into a single app.
SQLite editor is necessary to do some things, but you'd better make sure you know what you're doing before doing anything with it.
WiFi Tether Router might be able to bypass AT&T's tether app. Changing some settings with SQLite might be necessary. You'd have to research this for your device.
Those are the root apps I use, as well as Xposed and assorted modules to do theming or other functionality tweaks. Xposed is quite powerful, and you should familiarize yourself with what the multitude of different modules can do. The possibilities are seemingly endless, as developers come up with no mods every day to do new things that nobody else has done yet (or ported other mods to work with other devices).
Good luck and have fun!
Click to expand...
Click to collapse
Thanks for the detailed response. Just a follow up, when googling AdAway, I see some long threads and what I think are different versions, is there a link, or a place that I can find the latest (and safe??) version to download?
Again, appreciate the feedback.
Vic098 said:
Thanks for the detailed response. Just a follow up, when googling AdAway, I see some long threads and what I think are different versions, is there a link, or a place that I can find the latest (and safe??) version to download?
Click to expand...
Click to collapse
http://d-h.st/BZs
If you haven't done so already, you'll have to go into your settings and check the box to allow app installation from unknown sources. Then just go to that link on your device, download the .apk, then install. Go to a site with a heavy amount of ads like phonearena.com (Verizon ads up the wazoo) and see how long it takes to load. Then reboot, and load the app. It'll update sources, and it'll be good to go. Go back to that website and marvel at how quickly it loads without the ads.
Vic098 said:
Thanks for the detailed response. Just a follow up, when googling AdAway, I see some long threads and what I think are different versions, is there a link, or a place that I can find the latest (and safe??) version to download?
Again, appreciate the feedback.
Click to expand...
Click to collapse
Is this a Xposed Module or some APK off the google market? Because if it's an Xposed Mod then links are direct.
Radigen said:
Is this a Xposed Module or some APK off the google market? Because if it's an Xposed Mod then links are direct.
Click to expand...
Click to collapse
Gotchya.
Planterz said:
If you haven't done so already, you'll have to go into your settings and check the box to allow app installation from unknown sources. Then just go to that link on your device, download the .apk, then install.
Click to expand...
Click to collapse
The link downloads a file called mobogenie. Is that correct?
Vic098 said:
The link downloads a file called mobogenie. Is that correct?
Click to expand...
Click to collapse
No. I don't know what that is, and I can't recreate whatever you did to get that. Whatever it is, don't install it.The file to download will match the name in the description. Make sure you're not clicking an ad (oh, the irony).
Try this link instead. https://f-droid.org/repository/browse/?fdid=org.adaway or try downloading on your computer to Dropbox or Drive or whatever cloud storage you use, or just download it to your computer, plug in your phone, copy it to your phone's storage, and run it from there.
Radigen said:
Is this a Xposed Module or some APK off the google market? Because if it's an Xposed Mod then links are direct.
Click to expand...
Click to collapse
Neither. It's not an Xposed module, just a regular app, but it's not available from the Google Play Store because they don't want you blocking your ads, so you have to side load it.
Planterz said:
No. I don't know what that is, and I can't recreate whatever you did to get that. Whatever it is, don't install it.The file to download will match the name in the description. Make sure you're not clicking an ad (oh, the irony).
Try this link instead. https://f-droid.org/repository/browse/?fdid=org.adaway or try downloading on your computer to Dropbox or Drive or whatever cloud storage you use, or just download it to your computer, plug in your phone, copy it to your phone's storage, and run it from there.
Neither. It's not an Xposed module, just a regular app, but it's not available from the Google Play Store because they don't want you blocking your ads, so you have to side load it.
Click to expand...
Click to collapse
Oh alright, thanks then, good thing we're all developers here.