Related
I followed the rooting guide and rooted my new Nexus 4 phone. But when I looking for apps to install on a rooted phone, I stumbled upon a blog post that said that rooting is a huge security risk that allows any installed application to gain root privilege. Is this correct? Is there anything special that I must do to secure root access? I already have SuperSU (free) installed.
The simple answer is that you're already fairly secure with SuperSU or SuperUser. The reality is a bit more complicated though. SuperSU (and SuperUser) are designed to prompt you to provide access to any applications that request root. Any application that 1) does not request root access or 2) is denied root access by the user when prompted, will not have access to root privileges. In theory, I imagine an application could find some obscure exploit in the SuperSU code and get around the access blocking provided by SuperSU, but I think that is fairly unlikely and would be patched quickly after the exploit was found.
As long as you're careful about what you provide root access to (and only provide root access to apps that you think need root, not every app that you think you trust that asks for access) then you should be fine.
raptir said:
The simple answer is that you're already fairly secure with SuperSU or SuperUser. The reality is a bit more complicated though. SuperSU (and SuperUser) are designed to prompt you to provide access to any applications that request root. Any application that 1) does not request root access or 2) is denied root access by the user when prompted, will not have access to root privileges. In theory, I imagine an application could find some obscure exploit in the SuperSU code and get around the access blocking provided by SuperSU, but I think that is fairly unlikely and would be patched quickly after the exploit was found.
As long as you're careful about what you provide root access to (and only provide root access to apps that you think need root, not every app that you think you trust that asks for access) then you should be fine.
Click to expand...
Click to collapse
Thanks raptir. I have one more question. Now that I have rooted the phone, can I block the su binary and enable it only when I need to provide another application with root access? If I do that, will the already approved applications too loose root access?
You could completely unroot the phone which would require you to go through the rooting process again. You could also use a "temp unroot" option like Voodoo OTA Rootkeeper allows, but it wouldn't add anything to security since all it does is move the su binary, not disable it completely. A malicious app could still be written to move the binary back to the proper location.
JoyceBabu said:
Thanks raptir. I have one more question. Now that I have rooted the phone, can I block the su binary and enable it only when I need to provide another application with root access? If I do that, will the already approved applications too loose root access?
Click to expand...
Click to collapse
You can go into SuperSU or SuperUser app and remove "root" access to any apps you have granted "root" to.
baseballfanz said:
You can go into SuperSU or SuperUser app and remove "root" access to any apps you have granted "root" to.
Click to expand...
Click to collapse
Actually, my question was not that. I wanted to retain root access for the apps that I have already given. But no new app should be able to get root access, so that a malicious app will not exploit any security vulnerability of SuperSU as raptir mentioned.
JoyceBabu said:
Actually, my question was not that. I wanted to retain root access for the apps that I have already given. But no new app should be able to get root access, so that a malicious app will not exploit any security vulnerability of SuperSU as raptir mentioned.
Click to expand...
Click to collapse
Gotcha! Any new app will ask for root permission. You can deny them.
Yeah, I threw that part in about the potential for an app to circumvent the security just as a disclaimer. As far as I know it has never happened, and it may not even be possible.
This is a possible solution to block ads, even on 4.4.4 without root needed. Based on AdblockPlus you even can block ads on mobile data.
This was a huge help for me, because I do not want to root my Moto X and was searching for a working possibility to get rid of annoying ads and save bandwidth.
Credits go to phazey12
Instuctions how to enable adblocking on mobile data, can be found in his Thread: How-To Adblock Without Rooting (mobile data adblock working)
Kind regards
Without root maybe for non Verizon phones. Vzw are WiFi only. The APN is locked.
I want to ditch superuser because of security reasons. Is there a way to use a firewall wothout superuser rights?
Check NetGuard - no root Firewall on the play store.
Oh thank you I don't know why I didn't see that on f-droid.org.
Hey all,
Realistically speaking how long do you think they'll have a root for 5.4.0.0? I finally found of a method to block OTA updates by downloading noroot firewall and blocking any network access to OTA.
I hate to be the bearer of bad news, but there hasn't been any root progress since v5.3.1.1 - Root for 5.4.x may never happen.
It would still be a good idea to block Amazon updates (check for other threads), just in case we get a nice surprise.
Link block OTA
Eagl3007 said:
Hey all,
Realistically speaking how long do you think they'll have a root for 5.4.0.0? I finally found of a method to block OTA updates by downloading noroot firewall and blocking any network access to OTA.
Click to expand...
Click to collapse
Could you kindly link how you blocked connection to the OTA?
Thanks!
lemontrooper said:
Could you kindly link how you blocked connection to the OTA?
Thanks!
Click to expand...
Click to collapse
You can follow this method and 'uninstall' DeviceSoftwareOTA.apk and 'forced OTA' (I forget the exact name). You can use an app like App Inspector to list all installed apps, even system apps, to get the exact package names. Be advised, this MIGHT not work if you are on 5.4.0.1.
Does anyone know how to do this in ADB? Would I be able to just uninstall that way and also what is the package file name? I rather not use an app to do so.
Thanks,
What apps do you guys use to block ads and still get OTA updates?
I just got a Mi A1 and I intend to root it and install xposed, but with the OTA updates in mind.
If you guys have any suggestions they will be very much appretiated.
def.man said:
What apps do you guys use to block ads and still get OTA updates?
I just got a Mi A1 and I intend to root it and install xposed, but with the OTA updates in mind.
If you guys have any suggestions they will be very much appretiated.
Click to expand...
Click to collapse
If you're talking about ads in browser just use firefox and install adblock plus in addons.
In youtube install youtube adaway you can search it here
In apps i don't know ?
Magisk systemless hosts + adaway = system wide ad blocking. Only very few apps are showing ads (those are probably using their own ads instead of standard ad servers).
For youtube I use ogyoutube with microg.
Without modifying the system you can still use the open source project http://blokada.org
I use block this! It creates a VPN which blocks ad dns hosts.
majamee said:
Without modifying the system you can still use the open source project http://blokada.org
Click to expand...
Click to collapse
This is a good one. It blocked from the 9gag app and in chrome aswell. The only anoying thing is the "key" notification it leaves on. Anyway to hide it?
_mysiak_ said:
Magisk systemless hosts + adaway = system wide ad blocking. Only very few apps are showing ads (those are probably using their own ads instead of standard ad servers).
For youtube I use ogyoutube with microg.
Click to expand...
Click to collapse
I used to have Adaway in my old phone, but I read that it messes with the system host files and thus I would not be able to take OTA updates. Does Magisk have its own Adaway that is different somehow?
def.man said:
I used to have Adaway in my old phone, but I read that it messes with the system host files and thus I would not be able to take OTA updates. Does Magisk have its own Adaway that is different somehow?
Click to expand...
Click to collapse
I've read it as well (only one guy who mentioned it btw.), but to be honest I do not believe it. I am using the latest Adaway version which has enabled "systemless mode" by default and it didn't modify my system hosts file. But I must admit that I didn't receive any OTA yet and had to always flash full ROM to update my system, so can't guarantee it
_mysiak_ said:
I've read it as well (only one guy who mentioned it btw.), but to be honest I do not believe it. I am using the latest Adaway version which has enabled "systemless mode" by default and it didn't modify my system hosts file. But I must admit that I didn't receive any OTA yet and had to always flash full ROM to update my system, so can't guarantee it
Click to expand...
Click to collapse
Do you have the december update?
def.man said:
Do you have the december update?
Click to expand...
Click to collapse
Yes, I flash full ROM via fastboot each month (did the same with my old Nexus 5X, so I'm used to it).
Magisk has a systemless adblock module called "Unified Hosts Adblock".
Don't block adverts. Ya, I may sound like a noob & jerk but that's the only way everyone of us get to use free contents. The developer & content creator won't be giving away stuffs for free if they don't earn. Support the Developers & content creator.
Hriddhi said:
Don't block adverts. Ya, I may sound like a noob & jerk but that's the only way everyone of us get to use free contents. The developer & content creator won't be giving away stuffs for free if they don't earn. Support the Developers & content creator.
Click to expand...
Click to collapse
I support devs directly, I either purchase a full version or donate to them. If there is only "free" app filled with ads, I see no reason to not to block them. As soon as content creators start serving unobtrusive ads (web, youtube, ..) I'll stop blocking them. Until then...adaway is and will be my second installed app (the first one is Titanium backup pro ). Btw. there wasn't a single ad during past 20 years which I would be interested in, if I clicked on one, it was by mistake.
I use minminguard (xposed module). to update, simply flash full stock rom (keep user data in mi flash tool) then update ota. Unlock bootloader again, boot TWRP and flash magisk.
i had troubles updating to november patch due to adaway. i installed the latest adaway there is, it even said systemless hosts in option.. yet it did modify my hosts file directly - i checked this after i unistalled adaway + magisk
not sure if i did something wrong on my end, just saying that it didnt work for me systemless.. would like to hear if someone managed to get it to work tho
im now using unified adblock from magisk, works okayish
DeV91 said:
i had troubles updating to november patch due to adaway. i installed the latest adaway there is, it even said systemless hosts in option.. yet it did modify my hosts file directly - i checked this after i unistalled adaway + magisk
not sure if i did something wrong on my end, just saying that it didnt work for me systemless.. would like to hear if someone managed to get it to work tho
im now using unified adblock from magisk, works okayish
Click to expand...
Click to collapse
Not sure what went wrong on your end, but modifying system data would lead to fail of Safetynet check. I am running Magisk + systemless hosts + Adaway and Safetynet passes the check, so I assume that nothing has been written to the system. I will confirm once I actually receive an OTA, so far fastboot images were out earlier than mine OTA