20
Jan
BrokenAndroid-Thumb

Much of Android's development is done out in the open, which is how several Android developers noticed that a recent commit to the Android Open Source Project master tree would break many of your favorite root apps. This is the result of a newly implemented security feature, rather than an active effort to lock things down on Google's part. Nevertheless, it could result in some inconvenience, so developer Chainfire has taken to his Google+ page to detail what will happen if the change is not reverted before the release of a future version of Android.

Chainfire

Many apps extract files to directories located on the /data partition and execute them as root, but this recent commit prevents them from doing so. This is good, as it makes it more difficult for people with malicious intent to execute a script on the /data partition or take advantage of an exploit to achieve root. The issue, as Chainfire explains, is that this change will also break many root apps that you actually want to use.

There is no one fix that circumvents this issue in all use cases, but there are several ways app developers can work around it. In any case, you may want to inform the developer of your favorite root app of this potential problem. They might just be grateful for the chance to preempt the negative feedback that would surely follow lost functionality.

Source: Google+

Bertel King, Jr.
Born and raised in the rural South, Bertel knows what it's like to live without 4G LTE - or 3G, for that matter. The only things he likes sweeter than his tea are his gadgets, and while few objects burn more than a metal phone on a summer day, he prefers them that way anyway.

  • http://chaitanyateegela.com/ Chaitanya Reddy Teegela

    Incorrect source link?

  • http://blog.tonysarju.com/ Tony Sarju

    Intredasting...

  • Matt McNair

    It could just be that I don't have the time to nerd out as much as I used to. It could be that stock Android has just gotten so much better. In either case, I just haven't felt the need to root my devices since about 4.3. I have a 2013 Nexus 7 LTE and I converted my AT&T HTC One fully to GPE. With both running 4.4.2 I never rooted either and I find that I just don't use anything that requires root access anymore. That' s just me though. Your mileage may vary :-P

    • Nick

      The list grows shorter all the time it seems, but there are still reasons. AdAway, Droidwall, File management / Removing bloat apps if your device has it, Titanium Backup...

      • Matt McNair

        True. In the beginning removing bloat and backing up were the #1 reasons I rooted. These days though I've been sticking to GPE and Nexus devices. Also, since 4.1 (I think) you've had the ability to disable apps so in the case of my wife's S4 Active that she wouldn't let me root, I just went through and disabled all of AT&T's bloat. With the introduction of cloud saves via Google Play Services and a lot of my apps having the ability to back up to Google Drive out of the box, I haven't used Titanium in forever. I also used to use root and Tasker to manage some things in the system like Bluetooth and wifi but power management has gotten so much better I feel, that I don't even use those anymore. Really all Tasker does now on my devices is launch certain apps like music when headphones a plugged in or silence my phone when my calendar says I'm busy.

      • unsivilaudio

        I disagree. While I'll agree android has come a long way since the beginning, its still a piss poor memory manager (read:user experience/battery life); as such I'll continue to root and implement more efficient OS management practices through various apps.

      • Matthew Fry

        I agree and I attribute that to the fact that Android is getting more mature and is fleshing out the areas of the OS that root developers were creating apps to address. It's a good thing. I would add Greenify and StickMount (for Nexus devices) which again, like Titanium Backup, are uses that should be opened up for normal applications or as OS level functionality. Access to the host file should always be locked down or apps will pop up everywhere redirecting all your traffic to porn.

      • http://flavors.me/sabret00the sabret00the

        Looking at my list of apps requesting root: AdAway, Tasker, SD Maid, DriveDroid, CatLog, Secure Settings, BetterBatteryStats and Smart Remote.

        • https://plus.google.com/108596272537415356460/posts Jason Farrell

          I recently bought & setup Smart Remote after switching from TW to CM11 on my Note3, but it never asked for root. Weird.

    • Alex

      For me, Titanium Backup (I wish that apps and games would store configuration / progress in the cloud, so this wasn't needed) and Sixaxis to use my PS3 controller to control the phone when it's in a dock using HDMI (mainly used for XBMC).

    • TheAdmin

      Ever heard of Xposed Framework?

      • Matt McNair

        I have. In fact, when I first got my HTC One I took it straight home from Best Buy unlocked it rooted it and utilized tools like Xposed for most of my device's existence. I ran (and absolutely loved) Viper One rom by team Venom for months. After months of flashing new version after new version I decided I'd check out the full GPE conversion. Once I converted I never went back.. I really like getting OTA 's Nexus style and I' m personally really happy with the way stock Android works with this hardware. Battery regularly lasts 12-16 hours a day and for the days it doesn't I have it in a Mophie Juice pack case. The only thing I can think of off the top of my head that I'd like to have is a Reboot option on the shutdown menu but I reboot it so rarely it's not an issue. It's usually up for 2-3 weeks at a time between reboots.

        • Matthew Fry

          Do you know how long Google wakelocks your phone on average? I get about 33% more battery life if I turn off Google Location on my T-Mobile One. I guess my question is, is there a significant difference between GPE battery life and HTC rom battery life?

          • Matt McNair

            I haven't run the stock AT&T rom since around June when I bought the One. I feel like my battery life has gotten better with more recent version on Android. I haven't run any of the Sense 4.4 versions on it since I've been completely content with stock GPE 4.4.2. I would think that the GPE version would use slightly less depending on what options you have set to update on the Sense version. I really liked blinkfeed but if you have it updating every 15 minutes or so that'll drain your battery quick regardless of your OS version.

    • Gabernasher

      I love Xposed with Xprivacy, love to say no to all those excessive permissions that all these apps require.

    • Matthew Fry

      I like to think of root development as the birthplace of awesomeness. It radiates cool and unique ideas that filter down into the Play Store. You may not use any root apps but I would hazard a guess that innovative root apps have directed the trends of Android applications and the OS itself.

  • b0b

    Google has made the life of rooted apps developers more and more miserable since Android 4.1, so I'm not surprised...

    • Cj

      Damn them for securing the system

      • Mozaik

        same as apple , my friend.

      • b0b

        yes, let's secure the system to the point rooting is so hard that it is unpractical. Ultimate security while Google harvest our data.

        • squiddy20

          Yes because it's sooo hard to run any of the myriad of one-click installers or, if you have a Nexus/GPe device, unlock the bootloader and flash a custom recovery and ROM.

  • http://www.androidpolice.com/ Shawn De Cesari

    Good. This is an enormous security hole and it's a good thing that they're finally doing something about it. If you enough to root, you also know enough to install your own binaries somewhere. Sure, it's removing a bit of convenience from the apps, but root has never been about convenience.

    • dontsh00tmesanta

      The only use for me is ad blocking

      • ather akber

        try out xposed, you'll know what you're missing out on...

        • http://www.geordienorman.com/ George Byers

          FYI Xposed requires root....

          • ather akber

            Yea i know, my reply was for the comment stating that he only uses root for ad blocking

          • dontsh00tmesanta

            I tried it so what I only need ad blocking

            Stock TW gives me all I need. Only thing I needed xposed was to have proper data signal icons (h+, h, g, e, 4g or lte) but that was not worth it.

          • dontsh00tmesanta

            I tried xposed its great cuz it eliminates custom roms and are almost 99% reversible.

        • dontsh00tmesanta

          I have tried it......

    • Kaero

      " If you know enough to root, you also know enough to install your own binaries somewhere."

      I dunno... there's a lot of one click root things out there.

      • http://www.androidpolice.com/ Shawn De Cesari

        That's true. I'm very much against one-click root methods and toolkits. You should know how to do it yourself. With great power comes great responsibility.

        • bobbutts

          I've done the same commands I've performed with various toolkits manually over adb a time or two, but prefer tools and other batch actions to make things convenient most of the time.

          I don't think toolkits are inherently evil, but they do facilitate irresponsible modding.

          However, there's also something to be said for diving in above one's ability level and taking on problems as they come. It's one of my favorite ways to learn.

      • squiddy20

        I have to agree with this. I've had a rooted phone since 2010 and have never once touched binary files.
        Edit: Or maybe I have and I didn't know they were binary files?

    • http://flavors.me/sabret00the sabret00the

      No, no. Jumping on the high horse of holier than thou isn't he correct procedure here. I can flash a zip to acquire root, but I choose a ROM which comes with root because I believe root is my right as a hardware owner. I wouldn't be expected to jump over hurdles or qualify my desire for root on a desktop, so why should I on a mobile device?

      • didibus

        A ROM that comes with root will still work, because they will most likely revert this policy change, or disable SEAndroid. This affects your ability to root the android version you got with your phone.

        • Dmitri Smirnov

          It's still SELinux.
          And no, disabling it or reverting this policy is stupid. Fixing it consistently, without making system sell secure, while still allowing trusted SU app to work as intended is what whould be done (and I'm sure chainfire's fix is just that).

      • Brendan Dillon

        whether Root is your 'right' depends on your TOS. Putting that aside...
        Google isn't trying to shut down root, but even if they did, there's always a way around it (just look at Apple's efforts to keep jailbreakers out). Rooting shouldn't be done by those who don't know how to do it. If you know how, then there's no problem. If you don't, then either accept that you shouldn't be rooting or educate yourself.

        • Doogie H

          And how does one learn without trying? That makes no sense. Every single one of you had to start from the bottom.

          • Brendan Dillon

            Trying is part of educating yourself. But the one step roots make it too easy for people who don't really understand the consequences of what they're doing. And folks that follow the longer laid out steps but get completely lost if one thing doesn't work or goes bad, aren't a whole lot better.
            Personally, I don't root any more. The benefits just weren't there.

    • didibus

      I'd like to see an integrated root app though. Installing a third party one is a threat in itself, and inconvenient also. And it would be nice to make the default recovery more powerful. Allowing it to install 3rd party ROMs would be a good start. And performing full backups a great finish.

      But SEAndroid is awesome, changing the policy file is annoying though, and even more so, with OEMs that prevent unlocking the phone, you'll have no way around it.

      • Ryan

        An integrated app may not be a good idea for the end-consumer. Many know that root allows everything on the system; as is the same on Linux itself when you use su or sudo. I can understand why carriers lock down phones, namely the non-Nexus devices as they don't want to hassle with someone who wanted to use root and then pretty much destroying their phone's software. Its not the kind of hassle a carrier wants to deal with from people.

        Believe me, I deal with stupid idiots every day from the tech-illiterate to just downright idiotic people who apparently don't know how to read a big sign on the door in 50 pt bold font. Then again, I expect way too much out of people in this day and age..

        Stock recovery, IMO should not be used to install 3rd party ROMs and should be left as-is with one noticeable change that I would agree with: Making a full backup like a nandroid.

        • didibus

          I'm not saying to make root available by default to users, but to have a default implementation of it shipped inside AOSP. This way, you could include it as part of a rom if you choose to. Only expert users who wants it would go through having to install a ROM that has it.

          Why shouldn't stock recovery not be used to install 3rd party roms? I'd love to be able to partition and install unsigned OS from it. It should still be locked by default and shouldn't allow to install an OS, 3rd party or 1st party, unless unlocked first though. This goes also for backups. That is because you want to be protected from data theft, so the erase on unlock is primordial for it.

    • http://www.ProjectJourneyman.com/ ProjectJourneyman

      I'm an Android developer, and I have a pile of (some very old) test devices. It's one thing to lovingly modify your new flagship phone, but another to lose time to a crappy device you only own to do compatibility testing. I'd rather be spending time writing apps than fixing defective roms (i.e. carrier bloatware) on a dozen different devices. I don't enjoy fighting security to get root anymore but I do want full control on my devices.

      I'm all for tightening up security, but not if it means turning Android into the complete rubbish that e.g. old Blackberry (and pre-smartphones) were, where the time or equipment needed to gain full access was prohibitive and not fun at all. Higher security means protection FOR me, not FROM me (although many would argue the system needs to be protected from the average user...)

      So yea, I can see your point about one-click methods bringing in the non-technical crowd, but don't forget that there are many who could figure it out the hard way but would prefer to spend their time in other ways.

  • Danny Holyoake

    Root uses security exploits. Google's duty is to fix those exploits. This is a non-story.

    • Nick

      Such an ignorant comment.

      • b0b

        Indeed, but at this point you have to wonder if Google does not consider rooting a security exploit that must be eradicated...

        • squiddy20

          So is that why the Nexus 5, Nexus 7 (2013), and all of the GPe devices are just as easily rootable as the Nexus One?

      • Danny Holyoake

        The top comment on this page says the exact same thing as I did.

        • squiddy20

          Except the difference between your and his comment was, he didn't come off as a complete dick.
          I'm sure you wouldn't have received even half of the downvotes you did if you just omitted "This is a non story".

          Also, from the article: "This is the result of a newly implemented security feature, rather than an active effort to lock things down on Google's part." Emphasis added on that last bit.

    • Dave Hamilton

      But you don't account for having Root access to apply such security vulnerability to your phone.
      Google discovers a issue, Update is applied to code, Code is pushed out.
      Phone Manufactures pick-up the code, Sit on it for 6 months then push it out to all the handsets.
      Root your device and apply your security fix straight away.
      Have much more control over your phone.

      Simple way to look at it.
      Windows User: Your are a user account, You can install stuff etc,but thats it.
      Windows Admin User: You know you can do a hell of alot more (THIS IS A SECURITY VULNERABILITY running as ROOT technically!

    • Gabernasher

      How is installing root through a custom recovery a security exploit? I'm guessing you don't know shit and love to spread FUD.

      • Danny Holyoake

        AP is the one spreading FUD.

        All this means is developers will have to find another exploit to use for devices running the next version of Android.

        • h3llfyre

          This isn't about the exploits or gaining root, its changing what happens when you have already got root, but the system is handled a bit differently

        • squiddy20

          Which is exactly what they said in the article: "There is no one fix that circumvents this issue in all use cases, but there are several ways app developers can work around it." Seriously, did you even read the article?
          Also, if AP is "spreading FUD", and all they're doing here is passing along the word provided by Chainfire, then that logically, by association, means Chainfire is "spreading FUD". What a joke.

        • Gabernasher

          Once again, you don't know shit.

    • squiddy20

      So is that why Google releases Nexus devices, you know, those easily rootable things?

      • Danny Holyoake

        Nexus devices aren't much easier than other devices to root.

        You are confusing the easily unlockable bootloader with rooting. Very different things.

    • ScottColbert

      Thanks for your expertise on what constitutes a non-story. AP can leave all editorial decisions to you now.

    • http://the-jade-domain.com Jaime J. Denizard

      Gaining root does not inherently require the use of exploints. Let me elaborate:

      Devices with easily unlockable bootloaders (Nexus devices, GPE devices, etc.) enable a user "write" access to their system partition, which in turn enables them to root their devices with no exploit required.

      Owners of devices with not-easily-unlockable bootloaders rely on exploits to circumvent their bootloader's security over the system partition to root said devices.

      Hence why people say that Nexus devices and the like are "more easily rootable" than the rest: You don't have to wait for someone to find an exploit to be able to root your device...it's readily rootable from day one.

  • sourabh sekhar

    I'm sure that the developers will get around this hurdle .

  • fam

    For me, rooting is not very compelling honestly.

    I would rather have more security

    • Gabernasher

      Then root and install Xposed Framework with XPrivacy.

  • unsivilaudio

    So, is this as simple as integrating your root apps to the /system partition?

  • mLogician

    Next version of Android should provide an official (read safe) way to root, or better provide secure access to administrator/root privileges (as we all enjoy on our desktops).

    • Justin Case

      Thats pretty much an oxymoron

      • Gabernasher

        How so? On Windows we have admin by default, with Android you need to go through varying levels of hassle depending on the phone. Though with Nexus there's really no hassle, just a 5 minute process.

        • Matthew Fry

          So you mean like... UAE? I honestly wouldn't mind it just because there are very few times where I actually need root access for anything...

        • didibus

          Android is weird, in that it does not have a default root user. It's especially weird, because non root users are given the right to install apps. On normal Linux distro, you always need Root to install an app.

          This change though, has nothing to do with Root.

          This is about MAC versus DAC. This is making Android even more secure than most Windows install and Linux install. This is like running Linux with SELinux, or Windows with Mandatory Integrity Control.

          In effect, this means that users are not the only thing granting permissions. Policies are also applied globally to everything, dictating what can and cannot be done. Users can never go against those policies, they can only further restrain them.

          The thing is, the policies is supposed to be defined by the phone manufacturer, or basically, by the person who provided you with the binary release of the OS. So if you installed CyanogenMod, they would decide of the policies. You could though, technically, change those before installing the OS.

          • Mike Reid

            Yeah. But not THAT weird really.

            I think it's like not allowing end users to install their own browsers. But they can still run Java / Javascript / whatever apps in the approved browsers. "Browser" is Dalvik VM here.

            Stock and unrooted, the phone OEMs / carriers are the system administrators and only they can add / remove / modify / define "system apps". The only choice the end user has is whether or not to install an OTA or do a manual update with a signed / vendor approved update package.

          • didibus

            That's exactly how it is. This is both good and bad. It's good, because most users wouldn't be very good administrator of the security of their own phone. It's bad because advanced users who might want to better administer their phone can not do it as is.

            Some company probably wouldn't want to let unapproved apps be installed though. You never know what an app could do, either through an exploit, or simply with the already available array of permissions. I believe Samsung Knox has a system so that app install are restricted through a list of approved APKs.

        • Justin Case

          "secure ways to provide apps the functionality that most root apps perform"

          Granting apps what amount to root privileges, or to do the things that many root apps do, is not going to be secure. Take Rom Manager for example. Granting applications the ability to flash over kernel/recovery, how would you securely do that? Exposed? How are you going to let apps hook into processes securely? Busybox installer etc etc. Full backups? Backup/restore systems are a big risk (POC Go see my LG and adb backup exploits).

          • Gabernasher

            On the bright side, you can always just reflash stock quite easily. Unlike Windows which is quite a tedious long process.

        • hp420

          That is not true. There are MANY cases in windows where you have to jump over some MAJOR hurdles to get root access to some files. For example, try uninstalling internet explorer on win7 or win8....and I mean REALLY uninstall it. You can't. The uninstall service doesn't have high enough permissions.

          • Vyron Tsingaras

            IE is part of the OS. ....How will you run legacy ActiveX without it?

          • Gabernasher

            And clearly that's BS as there's no reason I SHOULDN'T Be allowed to uninstall that waste of space.

    • didibus

      I think the best thing would be to provide official and secure ways to provide apps the functionality that most root apps perform. Especially a way to perform a full backup or partial app backup would be nice. Also, a way to proxy network traffic.

      • Dmitri Smirnov

        Root is total access to the system. The way I see it, end-user should be given freedom to do as he pleases, even if it's shooting himself in the foot. Otherwise you're paying a lot of money to use a device, that isn't even yours, it's controlled by an OS (I'm sorry Dave, I'm afraid I can't do that).
        While a set of more granulated controls would also benefit the end-user, there is no way to foresee all the cases where user might need to go above his permission level. That's what root is for.

        • didibus

          Well, with SEAndroid in place, Root is no more total access to the system. You've now got two access controls in place: DAC and MAC. Unfortunately, Root will still need to follow what the SEAndroid policy file dictates.

          MAC can not be changed by a user or an app. So whatever it allows or disallows, is set in stone.

          You'll just need to adapt to the new security layer. Where you were used to only needing to add Root to your phone, you'll now need to know how to modify the SEAndroid policies and to control Root permissions.

          In the end, you'll have even more control over the system, because SEAndroid is a security layer that gives the policy enforcer ultimate and exclusive power. So if you become the policy enforcer, you've got a lot more control over your phone then you previously did.

  • ken147

    Breaking news: Developers will need to update their apps. More at 11.

    • Mike Reid

      It actually helps somewhat as an anti-piracy measure, or at least keeps the pirates working to get the latest versions.

      I have paid root apps and they need to be "fixed" to deal with the latest Android / AOSP ROM changes every 3-6 months, LOL.

      Thousands of pirates run very old versions of my apps, and sooner or later find they don't work. Then they think my app is crap, which often justifies their piracy, LOL.

      • tocsin

        Not really... By the time most pirates do get to the latest version of android most apps will have been updated for a long time and pirates aren't often that far behind app updates

  • Android Developer

    Which apps use this special case ?
    What is the purpose of using it?
    In fact, I'm not even sure I understand it...

  • http://gplus.to/doug.dunfee Doug Dunfee

    G+ links are directed at Basecamp? Heads up

  • Cuvis

    If Android were designed like a computer OS, where the end user controls their device and not the manufacturer, this would not be an issue. We need to start demanding devices that treat us as owners, and not as guests.

    • didibus

      I agree, but this is not about that. This change is good, it's a security measure that will make Android safer and more secured.

      What we need, is an easy and official way to unlock all phones, and to install/reinstall an OS. An easy way to modify the SEAndroid policy file on install would be nice too. And a policy that could allow or disallow root would be nice. And an official root system that uses such policy permission would be great.

      This way, when you get your phone, the manufacturer decides how secure it is, but, it gives you an easy and official way to open it up, or close it down as much as you want to.

      • Cuvis

        Fair enough. I just hate the fact that users have to exploit their own phone in order to get root privileges in the first place.

  • Drew

    I have yet to root my N5 and N7, mostly because I haven't run into the need yet. I miss Titanium Backup, but nothing else has come to make me go and flash my recovery and install SU again. If Google makes full app data backup to Drive happen, I might never root again.

    • Wyatt Neal

      I'm in the same boat. I've found no reason to root my N5 ... yet. About the only thing I've found I really missed were the modifications I could make to the quick toggles in the pull down and the ability to set air plane mode with Tasker. I think I've just had a bad experience with my old GNex (VZW) and that's made me think harder about how to play in the eco system without going straight to root.

    • Da_James

      Then you don't know about greenify (although the last version works well on non-rooted devices). I just cannot live without Xposed and per-app DPI as well...

    • duse

      Need greenify. Its ridiculous that Google doesn't have something like it built into android. Any app can wreak havoc and hold keep awake for hours, not something I want to deal with.

  • http://www.geordienorman.com/ George Byers

    Hey AndroidPolice... you know you can embed Google+ posts now, right?

  • didibus

    I applaud this move from Google. For a long time Google was prioritizing user features over security, and I'm glad since 4.3, they are doing great stride into securing the OS as it should have been from the start. I don't want another Windows fiasco, where for years, the most used OS was also the most insecure one. Thank You Google, please continue enforcing better security.

    For those that don't know, SEAndroid is a modified version of SELinux for Android. Android's first security layer is based around user accounts (DAC). Each user is given certain permissions that allows them to perform tasks. The Root user, is a user that is given all permissions, therefore it can do everything it wants to. Once you activate SEAndroid (which is enforced since 4.4), you have an extra security layer based on policies (MAC) that precedes the traditional user account layer of Android.

    This means that, when you have SEAndroid on your phone, there is a file somewhere, called the Policy file, that defines permissions to everything inside the OS. Things like access to files, folders, sockets, cameras, radios, etc. These permissions are applied before the user account permissions. So with this change, the policy file says that /data is read only. Thus, even though the Root user has permission to write to /data, the policy files denies writing to it, no matter what.

    As I said, the permissions and restrictions of the Policy files are applied first, and nothing can couterveine them. After that, the User's permissions are applied. If after both set of permissions, the operation is allowed, it is performed. Thus, to do something, you now need to be authorized by the user account you run under, and the policy file that was bundled in the binary release of the Android ROM you are running.

    So with this change in place, to be able to write to /data,. you will need to edit the Policy file of the binary ROM your using, either Stock ROM or a custom ROM with modified policy file will do.

    • Tassadar

      This is somewhat incorrect. As stated in http://su.chainfire.eu/#selinux-contexts-45 , only execute permission is striped for processes which don't have explicitely specified context. Context can be switched via "runcon" command, so there is no need to edit the policy file, but root apps will have to be updated. Of course, all this could significantly change until the release. By the way, the commit which causes it is currently reverted and under testing, so it might not even get there if it causes problems.

      • didibus

        Ya, sorry, I had overlooked what was being restricted in the commit. None the less, my explanation for SEAndroid policies still remains, if a policy was set to make /data non writable, it would take precedence on root. Which is why, here, root won't be able to execute scripts from /data anymore. I will edit my post.