Hi, are there some ways to have control of root access just for a person who knows some "root password" (for an administrator), and limit/disable root access for a normal user?
E.g. to change superuser or root access password? Set-up/change the root login password? Or some other ways?
Also what do you think of SuperSU, Hide my Root, and similar apps for this case?
I need to setup security/make limitations on "super user", or at least disable root temporarily when a normal user is using the device (and reenable root when an administrator needs to make system/app changes etc.)
Also: what is the way to hide (as much as possible) root access (and the fact that the device is rooted) from Apps and the normal user?
ROM is LG G3 d855 RESURRECTION REMIX 7.1.1_r9
Related
I spent much time searching, but fail to find answer to these questions:
1.- In an device with S-OFF: - can other than SuperUser apps touch any system data ?
2.- if an device is temp-rooted, then only SU-apps* can touch S-OFF'ed data areas ?
(by "su-apps" i mean apps that got granted "superuser" rights by "superuser" app)
3.- Visionary can temp root on each boot, or perm root - what's the difference ?
4.- does perm-root grant full rights to every application ? (so that any app can read any part of data it wants anytime ?)
5.-provided that I use S-OFF and temproot, - what secutity risks did I enable, provided that I trust the few applications that I allow to run as superuser ?
Thanks.
bump - anyone knows ?
AlCapone said:
I spent much time searching, but fail to find answer to these questions:
1.- In an device with S-OFF: - can other than SuperUser apps touch any system data ?
2.- if an device is temp-rooted, then only SU-apps* can touch S-OFF'ed data areas ?
(by "su-apps" i mean apps that got granted "superuser" rights by "superuser" app)
3.- Visionary can temp root on each boot, or perm root - what's the difference ?
4.- does perm-root grant full rights to every application ? (so that any app can read any part of data it wants anytime ?)
5.-provided that I use S-OFF and temproot, - what secutity risks did I enable, provided that I trust the few applications that I allow to run as superuser ?
Thanks.
Click to expand...
Click to collapse
Perm.Root, Basically Only Allows You To Have Root Access After A Reboot, Compared To Temp.Root, Which Requires The User To ReRoot After Every Reboot!!
No Matter Temp.Root or Perm.Root, You Still Have To Grant Which Ever App SU Permissions, For It To Run!!
Install "Lookout Security" If Your Sceptical Of A Certain App!!
Hope This Helps!!
Sent from my HERO200 using XDA App
Thanks.
PMGRANDS said:
Perm.Root, Basically Only Allows You To Have Root Access After A Reboot, Compared To Temp.Root, Which Requires The User To ReRoot After Every Reboot!!
Click to expand...
Click to collapse
Makes sense, but why does f.eks visionary have option to "temp root on each boot" ? - something is supposed to be different.
Or what is the exact mechanism behind this in Android? I have been using GNU/Linux for many years so I understand the original concept and would not want every app to have root privileges.
The Superuser app allows you to accept & deny all root apps. You can also choose to always allow certain apps, but you don't have to.
I don't quite understand this. Who gives the apps the privileges. I suppose the Superuser app is only the frontend for some system service. And does it work as a white list or as a black list. Meaning: Does every app get root priviliges by default on a rooted phone or do I have to manually give root privileges to desired apps but the rest doesn't even realize it's on a rooted phone.
By default, apps are denied root privileges. If I restore an app that runs as root in the background -along with its data - the app won't work until I launch it & grant it superuser permissions. Droidwall is a good example of this. Droidwall works by denying or allowing 3g and/or wifi access to apps based on your input. It does this by changing the iptables. If I flash a new ROM & restore with Titanium Backup, I usually forget that Droidwall isn't doing its job until I notice ads in an app that isn't supposed to connect. Once the app is launched & I choose to apply the rules, Superuser prompts me to allow the changes. If I do not make a choice within 10 seconds, SU automatically denies the root request.
In short, an app will never run as root (aside from superuser itself, if that counts) without you first allowing it. Also be aware that most everyday apps will never ask for root access as they don't need it to run. Only apps that are making changes to the system (reading or writing) will need root access. As far as accessing your contact data & other stuff you may worry about, any app can do that if it has permission (not root) to do so. When you first install an app, you will see a list of permissions - usually an app needs those permissions to run and there's nothing to worry about.
OK, thanks I understand it more now. What would happen if I didn't install Superuser. Is there a built in daemon for superuser privileges?
Don't fight the powers that be. Install superuser. You need it.
I'm pretty sure you'll get error messages from most root apps. I could be wrong, though. Next time I'm about to flash a new ROM, I'll remove Superuser after I do my backup, just because I'm curious. I'm pretty sure that Superuser or an alternative - if one exists - is necessary. I know the ability is there in the os, but I would think that it would need some kind of vehicle (such as an app) to relay the information. I certainly hope apps wouldn't automatically be granted root privileges, but I'm not sure. It's an interesting question, though.
Roms come pre-loaded with Superuser, and any auto-root method does as well. You would only be without it if you root manually, stay on stock, and choose not to push the app. Or, I guess, if you choose to remove it.
all these google play apps say : supersu permission needed, but the root features work 100% ok without supersu on my phone(its like my phone automaticly give them permission)
question is does superuser do anything and is it needed for safestrap install of rom(would it work without it?)
Superuser/SuperSU/etc only manages root access. If your device is already rooted and you don't have a root manager, then every app can get root.
The description for SU in the XDA-University dictionary explains it better than I could.
Hey guys,
This is the wrong place forum, but I like you guys, so I will ask you a question
Say there is an app that requires root (in this case Cisco AnyConnect rooted version), but I do not want to have root access enabled from within Android OS. Is there a way to install the app with automatic root access? E.g. by flashing it from within the recovery?
Thanks,
Su
Do it need root access or system permissions ?
If it needs root, you must have "su" in android OS.
If it needs system permisssions, you could push it in /system/app/ or /system/priv-app/ (more access than /system/app/)
Hmm, from the description, it seems like root access... ah well, from the CM11 SuperUser settings, seems like it is possible to automatically deny root access to all requests, and only allow selected apps.
Perhaps this is a better way to set up the device...
Sumanji said:
Hmm, from the description, it seems like root access... ah well, from the CM11 SuperUser settings, seems like it is possible to automatically deny root access to all requests, and only allow selected apps.
Perhaps this is a better way to set up the device...
Click to expand...
Click to collapse
every app that wants SU permission should be prompting you the first time to allow or deny it.
if any app gets SU permission without you allowing it, something is wrong.
what i dont understand is, you said the phone is NOT rooted, then mentioned cm11. if you are running cm11, your phone is already rooted.
Hello everyone, I don't want to root my device just yet due to the fact that it's still under warranty... So since I only want to remove ads, can you tell me if there's a way to block ads on an unroot device, like pushing the file on adb shell or something like that ? I don't want to use adblock plus it simply doesn't work.
Thanks in advance !
leomon32 said:
Hello everyone, I don't want to root my device just yet due to the fact that it's still under warranty... So since I only want to remove ads, can you tell me if there's a way to block ads on an unroot device, like pushing the file on adb shell or something like that ? I don't want to use adblock plus it simply doesn't work.
Thanks in advance !
Click to expand...
Click to collapse
There are only so many ways to replace a system (hosts in this case) file within Android and almost all of them require rooting the device or tripping Knox with TWRP. You might be able to do it with adb push/pull commands but that is quite an advanced technique. Even then, I've had it request root access in CM to run the adb commands on the system apps. In reality the easy ways to do it requires root and my advice would be to try using the adblock browser or another custom browser that blocks ads until you are ready to root it.
AlkaliV2 said:
There are only so many ways to replace a system (hosts in this case) file within Android and almost all of them require rooting the device or tripping Knox with TWRP. You might be able to do it with adb push/pull commands but that is quite an advanced technique. Even then, I've had it request root access in CM to run the adb commands on the system apps. In reality the easy ways to do it requires root and my advice would be to try using the adblock browser or another custom browser that blocks ads until you are ready to root it.
Click to expand...
Click to collapse
Thanks, that's actually just what I thought. It's weird because you can change the density and the resolution of that tablet with the adb push on the fly without root or knox tripping but I guess the whole file is read only and that's why root is needed (the hosts).
There is a proxy ad blocker on market. Works just fine and does not require root . search market and you find a few.
use hosts without root
I know a simple way to use hosts without root:
enter playstore
search: "virtual hosts"
you will see a green icon of the apk
download it
open it and then you will see a big switch button.
click on it and then choose the host that you want to use
(if you want to make the host to be on startup, just click the plus icon in the corner and then you will see an android icon. just click on it).