Is it possible that if i allow installation of untrusted apps on N1, can it access the phone's flash and possibly screw it up??? Are applications allowed flash access on android???
Don't think so. If an app's trying to access your system files, the OS should pop up a warning asking you for root permission, and if your phone's not rooted anyway, you won't even be able to grant it.
Related
I have rooted my wildfire with revoked3. right now whatever I use a root app, it will prompt me to provide access to root EVERYTIME it needs to accesss the root. I have checked "remember" but it doesn't seem to work against it.
When I use titanium backup, it keeps on pop up root request for me to accept. It's getting a bit annoying. Please help, thanks!
Was just looking at the b&n update(s) and trying to understand what it is that it does that removes root access? Is it simply the act of resetting the permissions on the superuser program (su.apk)? Or does it have anything to do with u-boot.bin/uImage/uRecImg/uRamdisk/uRecRam? Or both?
Does the same problem occur with regard to the google apps where the permissions get reset on those as well?
I followed the rooting guide and rooted my new Nexus 4 phone. But when I looking for apps to install on a rooted phone, I stumbled upon a blog post that said that rooting is a huge security risk that allows any installed application to gain root privilege. Is this correct? Is there anything special that I must do to secure root access? I already have SuperSU (free) installed.
The simple answer is that you're already fairly secure with SuperSU or SuperUser. The reality is a bit more complicated though. SuperSU (and SuperUser) are designed to prompt you to provide access to any applications that request root. Any application that 1) does not request root access or 2) is denied root access by the user when prompted, will not have access to root privileges. In theory, I imagine an application could find some obscure exploit in the SuperSU code and get around the access blocking provided by SuperSU, but I think that is fairly unlikely and would be patched quickly after the exploit was found.
As long as you're careful about what you provide root access to (and only provide root access to apps that you think need root, not every app that you think you trust that asks for access) then you should be fine.
raptir said:
The simple answer is that you're already fairly secure with SuperSU or SuperUser. The reality is a bit more complicated though. SuperSU (and SuperUser) are designed to prompt you to provide access to any applications that request root. Any application that 1) does not request root access or 2) is denied root access by the user when prompted, will not have access to root privileges. In theory, I imagine an application could find some obscure exploit in the SuperSU code and get around the access blocking provided by SuperSU, but I think that is fairly unlikely and would be patched quickly after the exploit was found.
As long as you're careful about what you provide root access to (and only provide root access to apps that you think need root, not every app that you think you trust that asks for access) then you should be fine.
Click to expand...
Click to collapse
Thanks raptir. I have one more question. Now that I have rooted the phone, can I block the su binary and enable it only when I need to provide another application with root access? If I do that, will the already approved applications too loose root access?
You could completely unroot the phone which would require you to go through the rooting process again. You could also use a "temp unroot" option like Voodoo OTA Rootkeeper allows, but it wouldn't add anything to security since all it does is move the su binary, not disable it completely. A malicious app could still be written to move the binary back to the proper location.
JoyceBabu said:
Thanks raptir. I have one more question. Now that I have rooted the phone, can I block the su binary and enable it only when I need to provide another application with root access? If I do that, will the already approved applications too loose root access?
Click to expand...
Click to collapse
You can go into SuperSU or SuperUser app and remove "root" access to any apps you have granted "root" to.
baseballfanz said:
You can go into SuperSU or SuperUser app and remove "root" access to any apps you have granted "root" to.
Click to expand...
Click to collapse
Actually, my question was not that. I wanted to retain root access for the apps that I have already given. But no new app should be able to get root access, so that a malicious app will not exploit any security vulnerability of SuperSU as raptir mentioned.
JoyceBabu said:
Actually, my question was not that. I wanted to retain root access for the apps that I have already given. But no new app should be able to get root access, so that a malicious app will not exploit any security vulnerability of SuperSU as raptir mentioned.
Click to expand...
Click to collapse
Gotcha! Any new app will ask for root permission. You can deny them.
Yeah, I threw that part in about the potential for an app to circumvent the security just as a disclaimer. As far as I know it has never happened, and it may not even be possible.
It seems that I have no control (using CM 10.2.1) over restricting superuser access. I thought I had reasonable options selected (prompt and log), but then I realized that I am getting no prompts and no log entries. So I disabled root access completely, but all of the apps that require root access are still working without any problem (even after a reboot).
Can anyone explain what is going on (and how to actually restrict root access)?
Hello!
So I recently rooted my Samsung Galaxy S5 (SM-G900i)
I flashed the kltedd .tar.md5 file through odin (downloaded the .tar.md5 file through Chainfire's CF Auto Root Website)
Everything worked, after going through the whole process my phone rebooted and everything seems normal.
All my data has been preserved and it all works fine.
The only problem is to check that my phone actually has root access I need to download one of those root-checker apps from the play store, but I need to sign into my Gmail account to get to the play store in the first place.
I just wanted to know if it is safe to log into my gmail account on a rooted device - is it possible in any way shape or form that I might have a sneaky keylogger or some spy-ware that could potentially see my Gmail password?
Any help would be appreciated
Sincerely, a noob to XDA Forums.
If you have rooted then there should be a SuperSU app or similar, and when you enter it it should tell you somewhere if root is working fine.
There's an easy way to check for root, which doesn't involve any app, but you need to be able to connect the phone to a PC and you will need USB drivers, and to get your hands on adb.exe (or android-tools-adb package on Linux). Assuming you've done that:
* Enable developer options. (Settings > About Phone, tap Build number 10 times, you will get a popup telling you that Settings > Developer options has appeared.)
* Enable "USB debugging mode".
* Connect via USB to the PC.
* Run `adb devices`.
* You will be asked if you want to accept the debug connection, and possible if you want to enable MTP, say "yes" to both.
* Run `adb shell`.
* Once inside the shell you can type "su[ENTER]". The terminal should freeze and you should get a popup from your SuperSU app asking if you want to grant root access to ADB. If you don't get a popup and "su" fails in the terminal, you don't have root. If you don't get a popup but you get a "#" prompt in the terminal, you have root, but you don't have a root controller app, which is not good (anybody can get root).
Another even simpler method would be to use a terminal app... provided you already have one installed. Most custom ROMs do, stock ROMs don't. Then you just use the same "su[ENTER]" stuff in the terminal.
also, you can bypass the whole thing of logging into your gmail acct and go directly into your phones main screen, go into menu, settings, about phone and tap on the build number until you see the message stating that you are now a developer, back up one step, go into developer options, check the box to allow the installation of third party apps and just download the root checker apk from elsewhere. Sounds compllicated, but its easier than CLI stuff for the uninitiated
---------- Post added at 08:45 AM ---------- Previous post was at 08:45 AM ----------
also also, ive never heard of anyone getting a keylogger after merely rooting their phones
It's technically possible if you get your "root app" from random websites. It's a golden opportunity for a hacker, you're practically begging them "please exploit my phone, I'm gonna help by running your app and bypassing all safety measures".
security should be fine as long as you dont lose your device or download apps from unsafe sites.
as for whether it is rooted or not, already answered above.
Good to see another aussie here.
I'm still a bit of a noob too but happy to help with any endevours regarding phone, especially model specific ones (I have G900I too).
wirespot said:
It's technically possible if you get your "root app" from random websites. It's a golden opportunity for a hacker, you're practically begging them "please exploit my phone, I'm gonna help by running your app and bypassing all safety measures".
Click to expand...
Click to collapse
really mate!?
i have my rooted S5 with my 3 gmail accounts logged in
and i didnt have any secuirty issue at all in past and now