In an almost superhero-like act, Koushik Dutta (a.k.a. Koush of ROM Manager fame) has pushed his completely rewritten Superuser app to the Play Store just 15 days after first announcing it on Google+. This version introduces several improvements upon the original Superuser. In the last two weeks, the feature list has grown to include fully functioning multi-user support, secure PIN protection, and support for the x86 and ARM architectures. Additionally, the interface has been revitalized with a clean looking Holo theme and a tablet UI.
Koush didn't stop there – he also added a feature to make root-seeking apps more visible. Soon, apps will have to ask for a new permission called android.permission.ACCESS_SUPERUSER or be denied elevated privileges. Android has always had an oversight regarding root apps - they do not require a permission of their own. While things like sending text messages and accessing a user's email address are on that list, access to Superuser has been missing. This new feature within the updated Superuser app is currently disabled by default, but Koush plans to make it mandatory after developers have had time to make the necessary adjustment.
A key aspect to the new Superuser is that it is open source and completely free (gratis and libre). Open licenses are important for projects like CyanogenMod where the developers aspire to release software that can be freely distributed for use by anybody. The open codebase is also an important part of maximizing security for rooted devices. Everyone is welcome to thoroughly examine the source code for vulnerabilities and ideally report them to the author before weaknesses can be exploited.
As Koush explains:
Why another Superuser?
- Superuser should be open source. It's the gateway to root on your device. It must be open for independent security analysis. Obscurity (closed source) is not security.
- Superuser should be NDK buildable. No internal Android references.
- Superuser should also be AOSP buildable for those that want to embed it in their ROM.
- Superuser should also be AOSP embeddable, meaning a ROM can easily embed it into their Settings app.
- Maintenance and updates on both the market and source repositories should be timely.
- If something goes wrong, I can fix it.
The new Superuser has been merged into CyanogenMod and should begin shipping with nightlies starting today.