Pinterest Stumbleupon Whatsapp
Advertisement

Some manufacturers are making it more and more difficult to root your Android device (and some carriers are making it impossible), but there are still a lot of people who enjoy nothing more than shaking off the shackles and customizing their phones Want To Customize Your Android Device, But Not Sure Where To Start? Want To Customize Your Android Device, But Not Sure Where To Start? Android’s openness is one of its greatest strengths and makes it possible for most devices to be modified in a number of ways. Customizing your device can add new features and make it feel like... Read More .

Despite the popularity of rooting, there are several reasons why you shouldn’t root your device. I’m not here to discuss all of them — in this article I want to focus on the security aspects.

What risks are you opening yourself up to by giving yourself root access?

1. Update Problems

Rooting your device will almost certainly render it unable to receive over-the-air (OTA) updates. Some apps try and bypass this shortcoming, but given the way rooting now works, it’s becoming harder and harder to circumvent.

Root Android Update

But what’s the problem?

Advertisement

Aside from missing out on some fun and important new features, you’re leaving yourself vulnerable from a security standpoint.

Phone manufacturers will typically push out several new security patches each year. They’re not doing this for the good of their health — they’re doing it because the patches close dangerous, and previously unseen, security vulnerabilities.

For example, Google’s most recent update to their Nexus devices closed a loophole that could have allowed hackers to remotely execute code within the kernel. Affected devices would be permanently compromised; the only way to repair them would be to reinstall the operating system.

2. Can You Trust a Custom ROM?

Okay, lots of people don’t install custom ROMs — they just want to keep the vanilla operating system and delete all the manufacturer-specific bloatware.

But some people will install custom ROMs 6 Reasons You Need to Be Using a Custom ROM 6 Reasons You Need to Be Using a Custom ROM Custom ROMs are the best thing about having an Android phone! Don't miss out! Read More , either by choice or by accident. When I rooted my first Android phone — a Samsung Galaxy 2 — I accidentally installed a custom ROM without realizing. I was new to the process and simply followed the wrong set of instructions. Plenty of people will make similar errors.

Let me make this clear: custom ROMs are not all bad. But it’s foolish to think they are as robust, secure, and as frequently updated as the vanilla OS.

Google, Motorola, Samsung, Sony, et al all have mega budgets, and hundreds of people developing, testing, and refining their products. They can react quickly to any new threats and roll-out out updates to protect the vast majority of their user base. The guys behind custom ROMs have no such power.

And then there is the issue of deliberately malicious ROMs. Again, if you’re au fait with the rooting process and its surrounding community you’re unlikely to become a victim. But the vast majority of people don’t really understand the processes behind what they’re doing — they’re just following some step-by-step instructions they found online. People have been, and will continue to be, caught out.

3. Giving Root Access to Apps

If you’ve ever rooted one of your devices Take Control: Android Rooting Guide Take Control: Android Rooting Guide As of the writing of this guide, approximately 80% of the world's population owns their own cellphone. Out of those, 1.08 billion are smartphones. Read More , you’ll be familiar with some apps requesting root access via a pop-up message.

And I bet there have been many occasions where you blindly clicked on “Allow” without stopping to consider what you’re actually doing.

Root Superuser Request App

By allowing an app to have root access, you’re giving it access to your phone’s entire operating system. This totally bypasses all the built-in security that Android offers and lets it see sensitive data that’s stored deep inside your OS.

Apps with root access can also install other software without your knowledge. This software can include programs such as fake keyboards, key-loggers, and fake email apps. And they all have one goal in mind — to steal your personal information and feed it back to cyber-criminals.

4. Malware Threat

As I’ve written elsewhere on this site, anti-virus apps for Android 6 Android Security Apps You Should Install Today 6 Android Security Apps You Should Install Today Android security apps - capable of blocking malware and phishing attempts - are necessary if you wish to run a safe and secure smartphone. Let's look at some of the best Android security apps currently... Read More are largely obsolete. There is a reason that all the market leaders in the sector now advertise their products as security suites; they need to bundle more features to make them worthwhile.

These apps are largely obsolete for one reason: the vanilla Android OS is now really secure. Google have added more and more features down the years, and Android 7 is the most robust edition so far.

Rooting your device will evade lots of these OS-level security features. You’ll be instantly more vulnerable to worms, viruses, spyware, and Trojans. These can be delivered in the form of drive-by downloads, malicious links, and infected apps. One slip and you’ll be exposed; the device won’t be there to bail you out.

Tell Us Your Stories

These four points are not scaremongering, they are legitimate and real concerns that you need to be aware of. The worst thing you can do is take a “it won’t happen to me” approach — tens of thousands of people have done that, and tens of thousands of people have been caught out.

I’m not trying to dissuade you from rooting. There are some awesome benefits to unlocking 10 Amazing Android Customizations Worth Rooting For 10 Amazing Android Customizations Worth Rooting For Haven't rooted your device yet? Once you get a look at all this awesome root-only customizations, you might change your mind. Read More your device’s full potential. But you need to be aware of the downsides so you can make an informed decision.

As ever, I’d love to hear your stories. Did you root your device and later regret it? Have you been unlucky enough to be infected by a virus on your device? Are you still inclined to take a hands-off approach to your device’s security?

You can leave your thoughts, feedback, and tales in the comments section below.

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. AStarbucks
    February 16, 2017 at 7:35 am

    One of the more balanced articles around. But it still side-steps so many reasons why rooting is a must and an essential thing to do.
    1. Backup. How can one claim to know anything about proper IT security unless one has proper backups? Rooting is the only way to back up your device's by imaging partitions or the whole device. After all, I do it with my Windows laptops and PCs.
    How the hell else can you do a Nandroid backup with TWRP or CWM unless you root? Its the first thing I do with a new phone that I root. Its not just the security, its the convenience of being to flash it back to its original condition when I first break it out of the box.
    How else can any faecal-stirrer talk about IT security without having Titanium Backup to backup (a) apps; and (b) data in each app? With a single tap, I restore all the game data or app setting data for each app which would otherwise take me hours to do for my hundreds of apps. See point (3).
    When I get a new phone, I root it immediately in order to have Titanium Backup restore the data in each app from my previous phone. Not only that, to freeze or uninstall bloatware (which only leaks your data - see point 2.
    If an app is pulled from the Play Store (cue Flappy Birds for instance), or an updated version of a favourite/essential app sucks or is buggy, I just restore the previous version from Titanium Backup. What? The unrooted users never knew this was possible?
    2. Firewall. How can anybody talk about the "Security of not Rooting" when your unrooted phones have all sorts of bloatware and user installed apps from Play Store haemorraghing and uploading your data to dubious developers all the time - while making you, the idiot consumer, pay for it with mobile data over-runs and suffering battery drain?
    I root any new phone immediately to install open source AF+Wall so that only whitelisted apps are allowed to have either internet access via Wifi or mobile data (or both or none).
    I NEVER come close to my monthly data quota. Even though I have the minimal 2 to 3GB plans only. Even though I may regularly use more than 50GB per month. Cos my firewall restricts the heaviest bandwidth hoggers like my news apps to WIFI ONLY! That is security. G.E.D.D.I.T?!
    Its fundamental cow sense for anybody who wants to talk about security ain't it? But no writer or blogger or other ilk of manure-stirrer actually knows this? Surely I can't be the only one?
    3. Speaking of (1) and (2), firewalls like that work best with Xposed framework, which is another fundamental thing about security and just as importantly usability. It opens the doorway to have Gravitybox which allows me to restore so many settings and functions from my previous phone to any new phone. Restored via Titanium Backup of course.
    One tap enables all the wide ranging UI features that would otherwise not be available on the new phone or will take me half an hour to hunt for and configure in a new phone's system settings.
    4. Speaking of security, have all the dung-stirrers talking about a lack of security with rooted phones ever considered what SuperSU etc. are there for? If the open source community can think of rooting, they've obviously thought about security controls too (like firewalls etc. duh...).
    That's the difference - talkers talk. The Do-ers like the open source community have thought about it, solved it, done it and used it.
    5. Greenify, Power Nap, Amplify, MacroDroid/Tasker, CF lumen, Boot Manager, Trimmer, SD Maid ad nauseum etc, etc, - enough said.

  2. David
    October 31, 2016 at 10:57 pm

    I'm sorry but this entire article demonstrates a complete lack of security knowledge. Rooting your Android can a tool to making it entirely MORE secure. CyanogenMod is great alternative to the stock ROMs. Just because it's rooted doesn't mean every app will automatically get root privileges. There are a ton of things you can do to harden it, that can't be done on stock ROMs. You can get rid of the bloatware and spyware that comes bundled with phones. Manufacturers are slow to push out Android updates so you're able to get security updates a ton faster on CyanogenMod.

    Saying that you're automatically vulnerable to malware is patently false, and shows how little you know about rooting and security.

    • Dan Price
      October 31, 2016 at 11:57 pm

      Of course you *can* make it more secure, but it's not a direct benefit of rooting and not easy for an average user. What percentage of people who root are taking those extra steps? Very, very few.

      At the moment you root, you are instantly more vulnerable to malware (unless you take the aforementioned extra steps) - I don't believe that statement to be false.

      "Just because it's rooted doesn't mean every app will automatically get root privileges" -- not sure where I say or suggest that?

      • Doc
        November 2, 2016 at 2:02 pm

        "'Just because it's rooted doesn't mean every app will automatically get root privileges' — not sure where I say or suggest that?"

        It's implied that rooting your device lets EVERY program have root access, even though operating systems like Windows and Linux require explicit permission just like Android does in the "superuser" picture you included. Your article seems to imply "we (often) blindly clicked on Allow," when that's not the case, either. If you root your device, you're taking control of it - along with the consequences. Just like every Windows (Visa and up - UAC prompts), Mac OS, or Linux user, ever.

        • AStarbucks
          February 16, 2017 at 7:36 am

          One of the more balanced articles around. But it still side-steps so many reasons why rooting is a must and an essential thing to do.
          1. Backup. How can one claim to know anything about proper IT security unless one has proper backups? Rooting is the only way to back up your device's by imaging partitions or the whole device. After all, I do it with my Windows laptops and PCs.
          How the hell else can you do a Nandroid backup with TWRP or CWM unless you root? Its the first thing I do with a new phone that I root. Its not just the security, its the convenience of being to flash it back to its original condition when I first break it out of the box.
          How else can any faecal-stirrer talk about IT security without having Titanium Backup to backup (a) apps; and (b) data in each app? With a single tap, I restore all the game data or app setting data for each app which would otherwise take me hours to do for my hundreds of apps. See point (3).
          When I get a new phone, I root it immediately in order to have Titanium Backup restore the data in each app from my previous phone. Not only that, to freeze or uninstall bloatware (which only leaks your data - see point 2.
          If an app is pulled from the Play Store (cue Flappy Birds for instance), or an updated version of a favourite/essential app sucks or is buggy, I just restore the previous version from Titanium Backup. What? The unrooted users never knew this was possible?
          2. Firewall. How can anybody talk about the "Security of not Rooting" when your unrooted phones have all sorts of bloatware and user installed apps from Play Store haemorraghing and uploading your data to dubious developers all the time - while making you, the idiot consumer, pay for it with mobile data over-runs and suffering battery drain?
          I root any new phone immediately to install open source AF+Wall so that only whitelisted apps are allowed to have either internet access via Wifi or mobile data (or both or none).
          I NEVER come close to my monthly data quota. Even though I have the minimal 2 to 3GB plans only. Even though I may regularly use more than 50GB per month. Cos my firewall restricts the heaviest bandwidth hoggers like my news apps to WIFI ONLY! That is security. G.E.D.D.I.T?!
          Its fundamental cow sense for anybody who wants to talk about security ain't it? But no writer or blogger or other ilk of manure-stirrer actually knows this? Surely I can't be the only one?
          3. Speaking of (1) and (2), firewalls like that work best with Xposed framework, which is another fundamental thing about security and just as importantly usability. It opens the doorway to have Gravitybox which allows me to restore so many settings and functions from my previous phone to any new phone. Restored via Titanium Backup of course.
          One tap enables all the wide ranging UI features that would otherwise not be available on the new phone or will take me half an hour to hunt for and configure in a new phone's system settings.
          4. Speaking of security, have all the dung-stirrers talking about a lack of security with rooted phones ever considered what SuperSU etc. are there for? If the open source community can think of rooting, they've obviously thought about security controls too (like firewalls etc. duh...).
          That's the difference - talkers talk. The Do-ers like the open source community have thought about it, solved it, done it and used it.
          5. Greenify, Power Nap, Amplify, MacroDroid/Tasker, CF lumen, Boot Manager, Trimmer, SD Maid ad nauseum etc, etc, - enough said.

      • Bill
        November 23, 2016 at 4:45 pm

        Reading your article, it does seem implied that root access will be given to apps - you fraise it as blindly taping allow. Who is this article aimed at? Getting root access (especially nowadays) isn't that easy & I can't imagine people doing it, to then 'blindly tap allow' - moreover which malicious apps are people downloading that request this access?

        I don't see how you came to this buzzfeed-esque list of 4 reasons, when you could have 1 simple and concise reason...which you actually touched on in the article - the possibility to give malicious apps root access to your system. Also the OTA updates, that is a right pain.

        Could you also clarify your following paragraph please?
        "You’ll be instantly more vulnerable to worms, viruses, spyware, and Trojans. These can be delivered in the form of drive-by downloads, malicious links, and infected apps. One slip and you’ll be exposed"

        Specifically, how would being rooted, on a browser (with no root access) make you more exposed than being on a stock system?

        Anyway, I need to go - i just downloaded an app called "FREE movies and games 100% FREE and hot singles near you" and it's requesting root access.

        *tapping allow blindly*