Koushik Dutta, the author of ClockworkMod Recovery and such iconic Android apps as ROM Manager and, more recently, Carbon, has decided to tackle a new subject that is also very dear to the Android community - Superuser and root access control. Koush's latest app, now in beta and coming soon to the Play Store, is called simply ClockworkMod Superuser.
How Is It Different?
How does the new Superuser compare to the existing Superuser by ChainsDD and SuperSU by Chainfire, both very respectable root gatekeeper apps? There are indeed several important differences, the most important one being that Koush's Superuser is open source and free, with code available in his Github repo for thorough examination. Security by obscurity is generally frowned upon - an open-source implementation lets anyone who wants to examine the code for potential vulnerabilities to do so and then responsibly disclose them to the author, hopefully before attackers do.
ClockworkMod Superuser, while young, already seems very mature, with support for Android 4.2's multi-user implementation currently enabled on the Nexus 10 - something that the original Superuser app is still missing to this day and SuperSU added only yesterday. Koush is an incredibly fast developer, so you can expect fast iterations between releases.
I've spoken with Koushik, who has been criticized in the past for things like charging for additional features in paid apps, and he assured me that there would not be a paid/premium version of Superuser, which would go against the whole open-source principle. So put down your pitchforks in case you were starting to reach out for them.
Moreover, according to Koush, this Superuser app should eventually ship with ROMs, such as CyanogenMod. Sweet.
Another really good idea Superuser is trying to push is utilizing the native Android permissions system for declaring a special android.permission.ACCESS_SUPERUSER permission. It's purely informational, but would introduce a whole lot more transparency into whether a given app is going to request root access or not, which is great. Eventually, the strategy is to make such a permission mandatory. Here's the current thinking process, detailed in a recent Google+ post:
Android has a way for apps to create and request various permissions via the AndroidManifest.xml file. This is how the list of permissions and features shown in an app's Google Play description is generated. Superuser should definitely be listed there. But currently, no such permission exists to be enforced, which is a terrible precedent:
You can download an app, and without your prior knowledge it can request Superuser access.
After talking with +Ricardo Cerqueira about this, we've decided on a strategy to ramp up and start enforcing this good practice.
0) Add a new permission with the Superuser, "android.permission.ACCESS_SUPERUSER".
1) The new Superuser will simply warn that the developer is not declaring "android.permission.ACCESS_SUPERUSER" in the manifest. (as seen below)
2) Add an option to Superuser to automatically deny Superuser access to apps that do not have this declared.
3) After 6 months, this option is enabled by default.
4) After 1 year, this is no longer optional (always on).
This is an insanely trivial change for an app to make, and will assist with the transparency of root apps on the market. So there's really no excuse for the developer not to do it!
Koush goes on to explain his reasons for creating Superuser further:
Some of you are probably wondering why I'm rewriting Superuser.
- Superuser should be open source. It's the gateway to root on your device. It must be open for independent security analysis. Obscurity (closed source) is not security.
- Superuser should be NDK buildable. No internal Android references.
- Superuser should also be AOSP buildable for those that want to embed it in their ROM.
- Maintenance and updates on both the market and source repositories should be timely.
- I want to be able to point users of my app to a Superuser solution that I wrote, that I know works, and that I can fix if something is wrong. Yes, this is selfish: Carbon does not work with some versions of Chainsdd's Superuser. SuperSU works great, but I am not comfortable pointing a user to a closed source su implementation.
- Handle multiuser (4.2+) properly
- Handle concurrent su requests properly
And now for the full feature set present in the current beta:
- Multiuser support
- Open source
- Leverages Android's permission model
- Logging (and per app logging)
- Pretty UI
- PIN Protection
- Request Timeout
- Customize notifications
- x86 and ARM support (The superuser.zip above is for both ARM and x86. Don't ask how I did that. Magic.)
- Handle concurrent su requests properly
- NDK clean
For now, you can install the new Superuser by going through ROM Manager's ClockworkMod section or flashing it manually. After the beta period is over, the app will be available in the Play Store, which we will, of course, announce. More details are available here.