Thursday, April 6, 2017

What is Rooting of Android devices ?


We often here the term “rooting” of Android devices. Some people root their Android devices and often we hear malware roots a device and steals sensitive data. What is rooting actually ? Should we root an Android device ? Why do people root a device ? And, what are the security concerns of rooting a device ? Let’s understand that in more detail.




What is Rooting of an Android device ?


Android uses Linux kernel. And, all Unix based operating systems have the concept of “root” user, which has administrative privileges. By default, an Android user does not have administrative privileges on his Android device. Rooting is a technique which gives a user the administrative privileges on his device.

Why do users root an Android device ?


There are several purposes for which rooting is usually done.

  • Users often root an Android device with the purpose of overcoming limitations put by carriers or hardware manufacturers.
  • By default a user does not have administrative privileges on his Android device and so he cannot alter system applications and settings. Rooting gives the user administrative privileges, which enables the user to alter or replace these system applications and settings.
  • Rooting enables a user to run specialized applications that require administrative privileges on the device.
  • Users can even completely remove or replace the operating system of the device after rooting.
  • Rooting enables a user to remove pre-installed applications.
  • Rooting gives the user lower-level access to the hardware of the device. For example, it enables the user to control status lights or recalibrate touch screens.
  • Users often root an Android device to get better control of the Android device. For example, the user can change themes, icons or boot animations that appear while the device is booting. He can even overclock or underclock the CPU and the GPU or automate system level processes through third-party applications.
  • After rooting, users can even install custom firmware or custom ROM to get better control on the rooted device.

How do Android applications work actually & how does rooting make a device less secure ?


Android applications are written in java. The application code along with other required data and resource files are kept in an APK or an Android Package that a user uses to install the application on his device.

By default, an Android device may contain several sensitive data about the user like location, contacts, messages etc. So, Android needs to make sure an unauthorized application cannot access all the sensitive data unnecessarily or for malicious purpose. To ensure that, Android takes a couple of steps.

Android is a multiuser operating system. Each application on an Android device runs as a different user. When an application is installed on a device, it is given a unique user ID along with its own set of permissions. Moreover, each process has its own VM and an application runs in isolation from other applications. In other words, every application runs its own process in its own VM as a separate user, so that it cannot access data of other applications unnecessarily. However, two applications can communicate with each other using IPC to share data between them.

By default, an Android device can have three types of users :

  • Primary User – It is the first user added to the device. This user has more privileges than other users and can manage the settings. This user cannot be removed except by factory resets and is always running even when other users are in the foreground.
  • Secondary User – These are the other users added to the device. They can be removed easily by themselves or by the primary user and cannot impact other users on the device.
  • Guest User – An Android device can also have a guest user. It is basically a temporary user and the user along with its data are deleted immediately after its work is over. There can be only one guest user at a time.
So, how does rooting impact security of an Android device ? Malware often uses social engineering to deceive a user into running malicious programs. These malicious programs when by trickery is run by an innocent user get the same privileges that the user has. If the user is an administrative user, the malware will easily get administrative privileges on the device. And, if the user is a normal non-administrative user, the malware will only get non-administrative privileges, unless the malware uses some other vulnerabilities in the system that can escalate the privileges.

So, in other words, for a normal Android user, even if the device is infected by malware, the malware can have limited capabilities. But, if the device is rooted and the user has administrative privileges, the malware can easily exploit that to gain system level access on the device and cause more harms. It can steal all the sensitive data from the device easily or cause monetary losses.

Moreover, rooting a device voids warranty of an Android device. Google does not officially support a rooted device. Some Android applications even refuse to run on a rooted device. Applications often run an API called SafetyNet for that purpose. They perform this check before running on a device and refuse to run if the device is rooted. Android Pay is one such application which does that. There are quite a number of other applications which do that. Moreover, rooting can even brick a device if not done properly.

How to secure a rooted Android device ?


One should not root an Android device. And, if a user must, it is extremely important for the user to make sure the device remains secure.

  • If you rooted an Android device and now have changed your mind, you still can unroot a device. There are quite a number of tools available for that purpose.
  • On a rooted Android device, please make sure applications are installed only from official App Store. It is always good to review the permissions requested and the reputation of the developer before installing the application. If the application is unsafe, the damages will be much more for a rooted device.
  • Use your common sense while accessing the Internet using the device. Do not click on unsafe links, do not open attachments of emails sent by unknown sender and it is better not to browse unsafe websites.
  • Please make sure you configure proper Android Firewall. It is always advisable to prevent applications from accessing the network unnecessarily. This can prevent malware from installing on the device, as well as can prevent malware from exfiltrating sensitive data.
  • Use anti-malware programs from trusted sources and make sure you update them regularly.
  • Keep the device updated with recent patches of Android and other applications. More updated a device is, lesser are its known vulnerabilities.
  • Please make sure you backup your device often. This can help a lot in case the device is infected by malware like ransomware as well as when something goes wrong with the device.
  • Please be careful while accessing public WiFi. Please do not transfer any sensitive data while accessing a public WiFi and give no sensitive credentials and other information.
  • Please do not save any password of any online servicees or sites on the device.
  • Use Android in-built security like PINs, passwords, patterns or biometric locks. Please make sure you lock a device when it is not used.
  • There are some applications which hold lots of sensitive data. You can lock those applications separately as a second layer of security to prevent anyone from accessing the data even if he manages to unlock the device. There are quite a number of applications available for that purpose.
  • You can enable remote wipe on your Android device. This will prevent thieves from accessing the sensitive data even if they manage to steal the device.

No comments:

Post a Comment