To root or not to root?
Discussion
Since Lollipop became available for the OnePlus One a few days ago and I needed to do a full wipe (stupidly encrypted it, didn't realise it wasn't reversable, didn't get on with it) I thought I'd root it at the same time.
The actual rooting process was simple enough, and worked first time, but I'm left wondering why I bothered to be honest.
For starters the Barclaycard app that I had previously been using flat out refuses to work on rooted phones (NatWest app does, bizarrely), so I can't check my credit card easily anymore.
Next up - Adblock. This was principally the reason I thought it would be worth rooting, as it doesn't work properly otherwise (WiFi only if memory serves). Install it, am told "ads are blocked on all connections", great!.. except they aren't hidden so you get big voids on websites that look as ugly as the ads themselves. Oh, and it doesn't block YouTube ads at all, which the desktop version does perfectly. Pretty underwhelming to be honest.
So I'm left now wondering why I've bothered with rooting. Anyone have any good reasons for doing it?
The actual rooting process was simple enough, and worked first time, but I'm left wondering why I bothered to be honest.
For starters the Barclaycard app that I had previously been using flat out refuses to work on rooted phones (NatWest app does, bizarrely), so I can't check my credit card easily anymore.
Next up - Adblock. This was principally the reason I thought it would be worth rooting, as it doesn't work properly otherwise (WiFi only if memory serves). Install it, am told "ads are blocked on all connections", great!.. except they aren't hidden so you get big voids on websites that look as ugly as the ads themselves. Oh, and it doesn't block YouTube ads at all, which the desktop version does perfectly. Pretty underwhelming to be honest.
So I'm left now wondering why I've bothered with rooting. Anyone have any good reasons for doing it?
JimbobVFR said:
Once you've installed the Xposed framework and added some modules you'll soon be wondering why you didn't root earlier.
Barclays is a pain though, it's entirely their choice to disallow rooted phones and IMO entirely unnecessary.
I agree. They don't (as far as I know) prevent people visiting their website on PCs running with administrator privileges, which is essentially the same thing. Could just as easily be keyloggers or man-in-the-middle malware sat on their computer.Barclays is a pain though, it's entirely their choice to disallow rooted phones and IMO entirely unnecessary.
Not the end of the world, but a bit annoying.
As above.
Rooting is no more dangerous than having "sudo" available on a Linux box when you're logged in as an unprivileged user. I don't think it's any more dangerous than running Windows with Administrator privileges (which pretty much everyone outside of a business environment is likely to be doing), and I don't imagine Barclays are doing much to stop browser hijacking or whatever when people are on their site.
I must admit it grates a bit that Barclays app doesn't work. Funnily enough it tries to get elevated permissions (which SuperSU blocks) when it starts, I guess it's one of the root checks it makes, but obviously not the only one.
Rooting is no more dangerous than having "sudo" available on a Linux box when you're logged in as an unprivileged user. I don't think it's any more dangerous than running Windows with Administrator privileges (which pretty much everyone outside of a business environment is likely to be doing), and I don't imagine Barclays are doing much to stop browser hijacking or whatever when people are on their site.
I must admit it grates a bit that Barclays app doesn't work. Funnily enough it tries to get elevated permissions (which SuperSU blocks) when it starts, I guess it's one of the root checks it makes, but obviously not the only one.
cornet said:
I don't believe this is correct. Rooting an Android phone means installing the "su" binary and making sure it is suid . Also the root user does not have a password set so anything can run without a password.
This is different to sudo and the like that require a password in order to elevate permissions.
SuperSU is a rewrite of the su with various extra features (and no doubt bugs). From what I can tell it only appears to prompt you to grant access to an app - you can't actually see what command it's actually going to execute.
If you want to trust it then be my guest but not a chance I would. I can see various things relating to LD_PRELOAD in release notes on the google play store so my guess is someone found a way round it by injecting a custom library.
Fair points well made. This is different to sudo and the like that require a password in order to elevate permissions.
SuperSU is a rewrite of the su with various extra features (and no doubt bugs). From what I can tell it only appears to prompt you to grant access to an app - you can't actually see what command it's actually going to execute.
If you want to trust it then be my guest but not a chance I would. I can see various things relating to LD_PRELOAD in release notes on the google play store so my guess is someone found a way round it by injecting a custom library.
130R said:
So I guess you went through every line of code in each app you granted access to su ..
There are serious security implications in rooting your phone, anyone that says otherwise is misinformed.
A counterpoint, perhaps..There are serious security implications in rooting your phone, anyone that says otherwise is misinformed.
I know when you install an app on Play Store it tells you what the app is going to access, and things like Privacy Guard can be used to deny access to things (e.g. contacts, messages, etc), but what happens when you have an app that has a legitimate purpose that also has an illegitimate one?
For example - some kind of Better Contacts app could have legitimate need to access your contacts, and that request would be granted by anyone installing it (since that's its supposed purpose). Behind the scenes though this app could collect your contact details and transmit them to a web server somewhere, silently and transparently.
Granted root permissions let apps have access to see and do things that are quite a bit more damaging, but I don't necessarily think the argument is as black and white as "root = bad" and "unrooted = safe". It's safer, sure, but it's not safe. As far as I'm aware any app has the potential to leak information maliciously.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff