Some manufacturers are making it more and more difficult to root your Android device (and some carriers are making it impossible), but there are still a lot of people who enjoy nothing more than shaking off the shackles and customizing their phones.
Despite the popularity of rooting, there are several reasons why you shouldn’t root your device. I’m not here to discuss all of them — in this article I want to focus on the security aspects.
What risks are you opening yourself up to by giving yourself root access?
1. Update Problems
Rooting your device will almost certainly render it unable to receive over-the-air (OTA) updates. Some apps try and bypass this shortcoming, but given the way rooting now works, it’s becoming harder and harder to circumvent.
But what’s the problem?
Aside from missing out on some fun and important new features, you’re leaving yourself vulnerable from a security standpoint.
Phone manufacturers will typically push out several new security patches each year. They’re not doing this for the good of their health — they’re doing it because the patches close dangerous, and previously unseen, security vulnerabilities.
For example, Google’s most recent update to their Nexus devices closed a loophole that could have allowed hackers to remotely execute code within the kernel. Affected devices would be permanently compromised; the only way to repair them would be to reinstall the operating system.
2. Can You Trust a Custom ROM?
Okay, lots of people don’t install custom ROMs — they just want to keep the vanilla operating system and delete all the manufacturer-specific bloatware.
But some people will install custom ROMs, either by choice or by accident. When I rooted my first Android phone — a Samsung Galaxy 2 — I accidentally installed a custom ROM without realizing. I was new to the process and simply followed the wrong set of instructions. Plenty of people will make similar errors.
Let me make this clear: custom ROMs are not all bad. But it’s foolish to think they are as robust, secure, and as frequently updated as the vanilla OS.
Google, Motorola, Samsung, Sony, et al all have mega budgets, and hundreds of people developing, testing, and refining their products. They can react quickly to any new threats and roll-out out updates to protect the vast majority of their user base. The guys behind custom ROMs have no such power.
And then there is the issue of deliberately malicious ROMs. Again, if you’re au fait with the rooting process and its surrounding community you’re unlikely to become a victim. But the vast majority of people don’t really understand the processes behind what they’re doing — they’re just following some step-by-step instructions they found online. People have been, and will continue to be, caught out.
3. Giving Root Access to Apps
If you’ve ever rooted one of your devices, you’ll be familiar with some apps requesting root access via a pop-up message.
And I bet there have been many occasions where you blindly clicked on “Allow” without stopping to consider what you’re actually doing.
By allowing an app to have root access, you’re giving it access to your phone’s entire operating system. This totally bypasses all the built-in security that Android offers and lets it see sensitive data that’s stored deep inside your OS.
Apps with root access can also install other software without your knowledge. This software can include programs such as fake keyboards, key-loggers, and fake email apps. And they all have one goal in mind — to steal your personal information and feed it back to cyber-criminals.
4. Malware Threat
As I’ve written elsewhere on this site, anti-virus apps for Android are largely obsolete. There is a reason that all the market leaders in the sector now advertise their products as security suites; they need to bundle more features to make them worthwhile.
These apps are largely obsolete for one reason: the vanilla Android OS is now really secure. Google have added more and more features down the years, and Android 7 is the most robust edition so far.
Rooting your device will evade lots of these OS-level security features. You’ll be instantly more vulnerable to worms, viruses, spyware, and Trojans. These can be delivered in the form of drive-by downloads, malicious links, and infected apps. One slip and you’ll be exposed; the device won’t be there to bail you out.
Tell Us Your Stories
These four points are not scaremongering, they are legitimate and real concerns that you need to be aware of. The worst thing you can do is take a “it won’t happen to me” approach — tens of thousands of people have done that, and tens of thousands of people have been caught out.
I’m not trying to dissuade you from rooting. There are some awesome benefits to unlocking your device’s full potential. But you need to be aware of the downsides so you can make an informed decision.
As ever, I’d love to hear your stories. Did you root your device and later regret it? Have you been unlucky enough to be infected by a virus on your device? Are you still inclined to take a hands-off approach to your device’s security?
You can leave your thoughts, feedback, and tales in the comments section below.