It's no surprise that Google's latest update to our favorite operating system is in instant demand amongst power users and enthusiasts. Without fail, the people eagerly installing 4.3 are frequently the same ones who consider root privileges a necessity for a good Android experience. Unfortunately, it seems a wrench has been thrown into the works when it comes to exposing ultimate access, and people are experiencing more than a few hiccups because of it.

For those who have already tried playing this game, you're probably aware that the original superuser app (by ChainsDD) and it's replacement authored by Koush aren't exactly compatible with the latest and greatest version of Android. Fortunately, SuperSU has had some success where other tools have failed, albeit with some complications.

* Update: Chainfire has written a couple of posts to clear up some details and misinformation that has circulated over the last few days.

What's causing so much trouble for would-be rooters? As it turns out, Google has removed a method for imparting extra powers in Android, a change which should help prevent a number of root exploits. With the latest iteration of Jelly Bean, /system is now mounted with the nosuid option, and it appears there is no built-in method to otherwise grant higher privileges. "Zygote processes," which are responsible for executing apps, are now restricted from running setuid root binaries, which includes su. Linux-based operating systems, like Android, divide apps between privileged processes which are free to do virtually anything, and unprivileged processes which have to be granted "capabilities" for certain actions. This system works much like the Android permissions we're all familiar with, but at a much lower level. As of Android 4.3, virtually all of these capabilities have been retracted from the standard "Zygote process" that most apps run in, including the one we care about, CAP_SYS_ADMIN. The side-effect of this change: even apps running as root are still restricted from making several system calls. Chainfire's solution sidesteps this pitfall by acting as a proxy, effectively performing the intended system calls on behalf of root apps. As Koushik Dutta points out, this solution is a workaround, but one that makes sense until another option can be found. As part of Chainfire's latest posts, he acknowledges there are some drawbacks to the current code, but he is working on plans to shore up the implementation now that the changes in 4.3 are official.

Unfortunately, some users are reporting Chainfire's method may not be without its problems - including complaints of 100% CPU utilization and random hangs of the SuperSU app. Complications with some apps like Titanium Backup (solved by changing your backup folder location from /storage/emulated/0/TitaniumBackup to /storage/sdcard0/TitaniumBackup, thanks to Jason Bowers and Chainfire), further issues with writing to /system and /data/local, and apps being granted root but not acknowledging it, are also being reported. [Update] Most issues have been resolved with SuperSU v1.43. To reduce the likelihood of problems, it's strongly suggested that you use TWRP instead of ClockWorkMod (CWM), or uncheck the option to "disable stock recovery flash" in CWM. Also, do not use "avoid system recovery," as it will definitely create issues.

Given the popularity of root apps, it's a safe bet that a permanent solution will emerge fairly soon, whether that means furthering Chainfire's solution or adopting something new. In the mean time, developers of custom ROMs like CyanogenMod are exploring options and might even consider restoring pre-4.3 functionality. For those users who have upgraded to 4.3, Chainfire's SuperSU is currently the only working option.

If you are currently toting a Nexus device, you may also want to check out our guides to installing Android 4.3 and rooting your device (Nexus 4, Nexus 7 (2012), Nexus 7 (2013), Galaxy Nexus (takju/yakju)).

Thanks, Jorrit!

Source: Koushik Dutta, Chainfire 1, 2, 3, Patch Request