backtop


Print 15 comment(s) - last by lexluthermiest.. on Aug 4 at 2:38 AM

Google's modifications make root less powerful in Android 4.3, and that's good says Steve Kondik

Power users have long rooted their smartphones to gain access to capabilities not available to locked devices.  Apple, Inc. (AAPLactively fights rooting; Microsoft Corp. (MSFT) allows it, but only for developers; and Google Inc. (GOOG) and its OEM partners mostly condone and support rooting.

But the key issue with rooting is that it opens the device up to new attacks (one of the justifications Apple often gives for fighting rooting).

Steve "Cyanogen" Kondik -- a Washington-area Android developer whose CyanogenMod replacement firmware is currently used by over 5 million Android users -- points out that new APIs from Google make keeping root privileges active in aftermarket mods (like CyanogenMod) less essential.  He reveals:

Android 4.3 introduces some new and much needed security features which not only restrict setuid binaries on the system partition (su), but also limit the capabilities of processes. In the current architecture, even if you could get elevated privileges, you can't do anything out of the ordinary. Root in the shell via ADB is all I use, and it still works just fine.

Steve Kondik
Steve "Cyanogen" Kondik [Image Source: Google+]

In other words, Google is restricting root for security reasons.  But Mr. Kondik says Android's open source make this a virtual non-issue:

This isn't a problem for me, since I use CM. When there is a situation that I'd need root, I just modify the system to accomodate what I'm trying to accomplish in a secure way.
...
A few good use cases for root are:

* Firewalls and network software, potentially requiring raw sockets.
* Managing the DNS resolver
* Tweaking various sysfs nodes to control the kernel

All of these can be done without exposing root, and they can be done in a very secure way.

Cyanogen Mod
CyanogenMod is aiming to provide alternatives to full blown root access.

In a follow-up post, he continues to push his philosophy that deep firmware fan mods (such as his own CyanogenMod framework) are a superior alternative to using a stock ROM and simply leaving exploit-granted root privileges open.  He writes:

Now you can write your app and a whole new class of applications that you couldn't do without using the root sledgehammer before. Yeah, it's harder, and you need to learn the system architecture a bit, but the result is much better and more importantly it's not a gaping security hole.
...
I might be exploiting this as an opportunity to sell the ideas behind CM, but I think it's a powerful concept. If your app needs to do something that normally can't be done, you can easily bend the system to your will and do it right.



Android 4.3 cracks down on root's capabilities.

For those users who want root he reassures that he will continue to support it, writing in yet another follow-up:

Just to be clear- I have no intention of removing root from CM. What I want to see is the common use cases supported by the platform so that we can write more powerful apps.

But it's clear that he feels that leaving root open is a dangerous proposition, even for your average power-user. He also feels that regimented privilege extension via new API frameworks are a superior alternative.

Sources: Steve "Cyanogen" Kondik [1], [2], [3]



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Cool stuff.
By Monkey's Uncle on 7/29/2013 7:33:44 PM , Rating: 2
Good to hear 'spooty. Those look like sweet devices. & inc tablets are my sweet spot since they are the perfect size to use as a book reader. A bigger screen is better for HD porn, but meh! 7" displays will do in a pinch!

Reading this article reminded me that I still needed to re-root my 4.3 image on my 1st gen Nexus 7 (I installed a recovery image from Google so it wiped my old root/TWRP recovery) :/

As an argument for rooting - Titanium Backup requires root access to take full images of your device. Kinda need it for Nandroid backups too. I'm a backup freak and you really can't do a good image backup without rooting.


"This is from the DailyTech.com. It's a science website." -- Rush Limbaugh














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki