In an almost superhero-like act, Koushik Dutta (a.k.a. Koush of ROM Manager fame) has pushed his completely rewritten Superuser app to the Play Store just 15 days after first announcing it on Google+. This version introduces several improvements upon the original Superuser. In the last two weeks, the feature list has grown to include fully functioning multi-user support, secure PIN protection, and support for the x86 and ARM architectures. Additionally, the interface has been revitalized with a clean looking Holo theme and a tablet UI.


Koush didn't stop there – he also added a feature to make root-seeking apps more visible. Soon, apps will have to ask for a new permission called android.permission.ACCESS_SUPERUSER or be denied elevated privileges. Android has always had an oversight regarding root apps - they do not require a permission of their own. While things like sending text messages and accessing a user's email address are on that list, access to Superuser has been missing. This new feature within the updated Superuser app is currently disabled by default, but Koush plans to make it mandatory after developers have had time to make the necessary adjustment.

A key aspect to the new Superuser is that it is open source and completely free (gratis and libre). Open licenses are important for projects like CyanogenMod where the developers aspire to release software that can be freely distributed for use by anybody. The open codebase is also an important part of maximizing security for rooted devices. Everyone is welcome to thoroughly examine the source code for vulnerabilities and ideally report them to the author before weaknesses can be exploited.

As Koush explains:

Why another Superuser?

  • Superuser should be open source. It's the gateway to root on your device. It must be open for independent security analysis. Obscurity (closed source) is not security.
  • Superuser should be NDK buildable. No internal Android references.
  • Superuser should also be AOSP buildable for those that want to embed it in their ROM.
  • Superuser should also be AOSP embeddable, meaning a ROM can easily embed it into their Settings app.
  • Maintenance and updates on both the market and source repositories should be timely.
  • If something goes wrong, I can fix it.

The new Superuser has been merged into CyanogenMod and should begin shipping with nightlies starting today.

Cody Toombs
Cody is a Software Engineer and Writer with a mildly overwhelming obsession with smartphones and the mobile world. If he’s been pulled away from the computer for any length of time, you might find him talking about cocktails and movies, sometimes resulting in the consumption of both.

  • marcusmaximus04

    "This new feature within the updated Superuser app is currently disabled by default, but Koush plans to make it mandatory after developers have had time to make the necessary adjustment."

    Ahem. What about those of us that use terminal emulator to claim su privileges to move files around? I highly doubt it'll be updated to add these new permissions and without them, this functionality disappears. Can there at least be a password fallback for attempts to claim root directly from a terminal?

    • http://www.androidpolice.com/ Cameron Summerson

      Just don't switch to Koush's SU?

      • marcusmaximus04

        That works in the near term, but Koush's stuff generally tends to become the defacto standard. And not having the permissions available for apps that request them will make THOSE not work. The password idea I brought up would seem like the perfect solution, though. It's worked on Unix/Linux for the past ~40 years, surely it'll work here too.

        • http://codytoombs.wordpress.com/ Cody Toombs

          I prefer the solution of leaving it up to a user. If users are rooting devices, then it should be assumed that they can make the decision for themselves. I like the idea of the permission and what it means, I don't like the idea of it becoming mandatory someday in the future.

          Keep in mind, since this is open source, somebody could always maintain a branch that never completely locks out non-conforming apps.

    • http://twitter.com/koush koush

      It'll be a setting. You can just disable it to allow terminal, then reenable it.

      • http://twitter.com/koush koush

        Furthermore, that's way out in the future, and something that the CM team and I have made any final decisions about.

        • marcusmaximus04

          By the by, just tried it out. The bottom keys to enter the PIN are partially cut off on the Nexus 4 in landscape(haven't tried on anything else yet). Dpi issue I'm guessing.

        • Mike Reid

          Thanks koush !

          Would be nice if Google supported such a permission.

      • marcusmaximus04

        Ah, OK, thanks for the clarification. Good news, that.

      • JG

        Would it be possible to maybe add a whitelist so non-permission seeking apps could be OK'ed once rather than having to continuously disable the setting, and then re-enable it after every use of the app...

      • Abhisshack D

        Great Stuff Koush , thanks you so much for the App. Now please please please make an alternative app to LBE Privacy Guard.

    • Fatty Bunter

      It won't be the first time something becomes obsolete.

    • http://www.facebook.com/marcus.blough Marcus Blough

      The writer of the terminal emulator application would have to put out a new "root" version to reflect the new permission. Then anything run from within it would be compliant, right?

  • Mikken

    Shoud i do something apart from uninstalling superSU if I want ot use this?

    • http://insight.pinkonbrown.org/ Dr P Fenderson

      Nope. Just install and update the binary from inside the app.

  • Nicolás Rezzano

    Working so far so good on MIUIv4 3.2.1, replaced LBE Guard... If anyone doesn't know how to install it:

    If you are rooted:
    -Download the app, grant root access, let it install binaries, and then with any root explorer delete your older SU app (SU/Superuser)

    Not rooted:
    -You need to use adb fastboot to get yourself a recovery, and flash the .zip. Don't exactly remember how to do it thou

  • bobbutts

    Been running it today in new mmuzzy grouper rom. Seems to work fine.
    I like his reasoning for doing it.

  • JG

    Noob-ish question.... How exactly does one switch SU apps? Is it just a standard uninstall of the old app & installing the new? Or is there some extra/different steps one has to undertake?

  • wlmeng11

    I see what you did there...