I'm contemplating rooting my Nexus 6P and I've read a little bit about "systemless root". The main reason I'm going to root is to run Adaway and to tweek the Doze-feature so that it kicks in earlier.
My question is how "systemless root" it affects apps that have checks for root? On my Sony Xperia Z3 a few of my apps won't work when I root, and I'm wondering if they might fail at findning the "systemless root" which is available on Nexus 6P.
Related
I followed the rooting guide and rooted my new Nexus 4 phone. But when I looking for apps to install on a rooted phone, I stumbled upon a blog post that said that rooting is a huge security risk that allows any installed application to gain root privilege. Is this correct? Is there anything special that I must do to secure root access? I already have SuperSU (free) installed.
The simple answer is that you're already fairly secure with SuperSU or SuperUser. The reality is a bit more complicated though. SuperSU (and SuperUser) are designed to prompt you to provide access to any applications that request root. Any application that 1) does not request root access or 2) is denied root access by the user when prompted, will not have access to root privileges. In theory, I imagine an application could find some obscure exploit in the SuperSU code and get around the access blocking provided by SuperSU, but I think that is fairly unlikely and would be patched quickly after the exploit was found.
As long as you're careful about what you provide root access to (and only provide root access to apps that you think need root, not every app that you think you trust that asks for access) then you should be fine.
raptir said:
The simple answer is that you're already fairly secure with SuperSU or SuperUser. The reality is a bit more complicated though. SuperSU (and SuperUser) are designed to prompt you to provide access to any applications that request root. Any application that 1) does not request root access or 2) is denied root access by the user when prompted, will not have access to root privileges. In theory, I imagine an application could find some obscure exploit in the SuperSU code and get around the access blocking provided by SuperSU, but I think that is fairly unlikely and would be patched quickly after the exploit was found.
As long as you're careful about what you provide root access to (and only provide root access to apps that you think need root, not every app that you think you trust that asks for access) then you should be fine.
Click to expand...
Click to collapse
Thanks raptir. I have one more question. Now that I have rooted the phone, can I block the su binary and enable it only when I need to provide another application with root access? If I do that, will the already approved applications too loose root access?
You could completely unroot the phone which would require you to go through the rooting process again. You could also use a "temp unroot" option like Voodoo OTA Rootkeeper allows, but it wouldn't add anything to security since all it does is move the su binary, not disable it completely. A malicious app could still be written to move the binary back to the proper location.
JoyceBabu said:
Thanks raptir. I have one more question. Now that I have rooted the phone, can I block the su binary and enable it only when I need to provide another application with root access? If I do that, will the already approved applications too loose root access?
Click to expand...
Click to collapse
You can go into SuperSU or SuperUser app and remove "root" access to any apps you have granted "root" to.
baseballfanz said:
You can go into SuperSU or SuperUser app and remove "root" access to any apps you have granted "root" to.
Click to expand...
Click to collapse
Actually, my question was not that. I wanted to retain root access for the apps that I have already given. But no new app should be able to get root access, so that a malicious app will not exploit any security vulnerability of SuperSU as raptir mentioned.
JoyceBabu said:
Actually, my question was not that. I wanted to retain root access for the apps that I have already given. But no new app should be able to get root access, so that a malicious app will not exploit any security vulnerability of SuperSU as raptir mentioned.
Click to expand...
Click to collapse
Gotcha! Any new app will ask for root permission. You can deny them.
Yeah, I threw that part in about the potential for an app to circumvent the security just as a disclaimer. As far as I know it has never happened, and it may not even be possible.
So I successfully followed this guide for rooting my V20:
http://forum.xda-developers.com/v20/development/h918-recowvery-unlock-v20-root-shell-t3490594
I now have SuperSU and TWRP on my phone. However, nothing actually works whenever I do anything root related. I can't uninstall any system apps with "System app remover", deleting anything in /system/app with "Root Browser" doesn't work, and even changing some buildprop settings with "BuildProp Editor" gives me an error that I don't have root. The SuperSU pop-up to grant access showed up for each of them, and I granted access for each of them, yet they still work as if I have no root. Although, checking my root with "Root Checker" or "Root Check" both say that I have root.
If it helps any, my software version is exactly "H91810d".
I'm not really a root wiz, so I'm not sure what to do now. Any help from here is greatly appreciated!
Fixed it
I have finally fixed it! Apparently I need to install BusyBox first to actually be able to do anything. I thought I already have it installed from the App Store; however, I apparently also need to install it by going to the BusyBox app, going to Installer, then installing it there to /su/xbin. For anyone with a similar problem, hopefully this will solve it. Cheers, and Merry Christmas!
Hi,
I am very new to Systemless root and it seems littlebit confusing for me.
I have few problems. I am using Magisk Systemless ROOT on my 1+5 with Android 7.1.1
I already know that because of non-editable /system i can't delete or upgrade system apps. But my bigger problem is for example with F***dom app. I know that warez is not supported here so I am asking only for educational purposes (or whatever). F***dom not working at all. My pay card still showing (Fallout Shelter, Fruit Ninja, etc.). Even L***y Pat***r not work well. I am still getting errors when trying to patch Fallout or any other apps. One of the least problem is with busybox. Why I cant install busybox to /system/bin but to /system/xbin yes?
Is there any way how to make system root work like nornal root? I really want use my old apps. Not just Freedom, but for example Titanium Backup not working too.
Titanium Backup definitely works with systemless root. When you go into the Magisk Manager app does it actually show that you are rooted? When you click on the Safety Net check in Magisk Manager what message do you get?
I am using Magisk systemless root and it works.
So you're probably not rooted at all. And I did not even had to install busybox either.
jhs39 said:
Titanium Backup definitely works with systemless root. When you go into the Magisk Manager app does it actually show that you are rooted? When you click on the Safety Net check in Magisk Manager what message do you get?
Click to expand...
Click to collapse
I am rooted. Safety Net is ok when Hide Root setting is selected in Magisk. Apps normally get root access but as I said some of them not work properly. Busybox throw error when installing to /system/bin
Titanium Backup not recover system apps or data.
And what about freedom?
There's actually a dedicated support thread on XDA for Magisk. Since your issue seems to be very Magisk specific rather than a OP5 issue you would probably have more success posting your question there.
Just a reminder to all. No mentions of lucky patcher or freedom are allowed in the forums as they are warez/malware apps.
ScottDGoodman said:
Freedom APK v2.0.8 is an Android application which will give you a chance to open the top notch highlights of prevalent recreations free of cost.
Click to expand...
Click to collapse
That app is also banned on xda as are all Warez apps.
I highly recommend you delete this post and go somewhere else before more aggressive devs start waking up
XDA's tag line is "XDA Developers was founded by developers, for developers. " and you come in here waving your middle finger around saying developers' time and energy is worthless and your deserve it all for fee, and your entitled ass comes here asking for more help exploiting devs.
Help specific to LP, Freedom, and all other exploitive apps is forbidden here. #GoAway
And all that aside, your question has been asked 1000x by legit users. Spending even 10-15 seconds researching the problem would yield a result. #LMGTFY
So I don't want to upgrade to android 7, ever. At this point I hit "No Thanks" on the upgrade notice and then FC Motorola Update Services, but you need to do that every reboot. Kinda annoying
I want to just remove the Motorola Update Services app from my device but you need to be rooted. Is there a way to get temp su access in a terminal shell to remove the app without having to root?
If not, can someone provide a link to the guide to root Marshmellow? All I can find are a zillion guides to root Android 7, not 6
Thanks
Why won't you upgrade to 7? 6, at this point, is deprecated and insecure.
Anyways, to root MM just flash Magisk.
I wouldn't recommend staying on Marshmallow for whatever reason, but this should help you remove those apps without rooting your phone. Simple manner of how it works - it doesn't remove the app from your memory, but removes it for that particular user. Effectively, you won't save up on space, but the app will be gone.
I do not know if a lot op people know this:
I just checked on a Moto Z if the app "SafetyNet Test" reports an issue after I switch off "root access for apps and adb" in developer settings. It does not, it reports a safe device!
Switching root access on, "SafetyNet Test" recognizes immediately a problem.
I always thought, switching off root access would still case a problem.
Congratulation LOS team!
For root access I am using the addonsu-16.0-arm64-signed from LOS.
So, my question, what is the advantage of Magisk?
ischninet said:
I do not know if a lot op people know this:
I just checked on a Moto Z if the app "SafetyNet Test" reports an issue after I switch off "root access for apps and adb" in developer settings. It does not, it reports a safe device!
Switching root access on, "SafetyNet Test" recognizes immediately a problem.
I always thought, switching off root access would still case a problem.
Congratulation LOS team!
For root access I am using the addonsu-16.0-arm64-signed from LOS.
So, my question, what is the advantage of Magisk?
Click to expand...
Click to collapse
For LOS users who simply want superuser access (root) of the OS, the su add-on will certainly suffice. Magisk allows users to implement a fully systemless environment with which to manage & utilize root access. Magisk includes a myriad of systemless modules such as XPosed, BusyBox, audio mods, etc. These modules can be applied and used without touching the /system partition, which comes in handy for users who plan on installing future OTAs without breaking root. Magisk also includes a nifty feature known as "su hide" (Magisk Hide), which has the ability to hide root from certain apps that check for it (Netflix, Google Pay, etc), allowing these apps to run normally on rooted devices. And, as you've already noted, Magisk root can pass both basicIntegrity & ctsProfile within Google's proprietary SafetyNet protocol.
When deciding between the LOS root add-on and Magisk systemless interface, it comes down to personal preference and the individual needs and expectations of the user.
Viva La Android said:
For LOS users who simply want superuser access (root) of the OS, the su add-on will certainly suffice. Magisk allows users to implement a fully systemless environment with which to manage & utilize root access. Magisk includes a myriad of systemless modules such as XPosed, BusyBox, audio mods, etc. These modules can be applied and used without touching the /system partition, which comes in handy for users who plan on installing future OTAs without breaking root. Magisk also includes a nifty feature known as "su hide" (Magisk Hide), which has the ability to hide root from certain apps that check for it (Netflix, Google Pay, etc), allowing these apps to run normally on rooted devices. And, as you've already noted, Magisk root can pass both basicIntegrity & ctsProfile within Google's proprietary SafetyNet protocol.
When deciding between the LOS root add-on and Magisk systemless interface, it comes down to personal preference and the individual needs and expectations of the user.
Click to expand...
Click to collapse
Nice explanation. I've always used true root and not systemless and have never tried magisk. I am delighted by how easy lineage makes it to add root and that it's own privacy guard software handles the su permission. To me from outside looking in magisk just adds a ton of complications to simple access to the modify system files to which it doesn't actually modify because it's systemless. I definitely prefer traditional root access that lineage allows. In a perfect world Google would allow root access how lineage implements it. You have to flash a file and turn it on and assume all responsibility. I don't know what Google is so afraid of. People use the argument that people would be bricking their phones left and right but some how Microsoft and every Linux distro has allowed access to system files without issue.
Joe333x said:
Nice explanation. I've always used true root and not systemless and have never tried magisk. I am delighted by how easy lineage makes it to add root and that it's own privacy guard software handles the su permission. To me from outside looking in magisk just adds a ton of complications to simple access to the modify system files to which it doesn't actually modify because it's systemless. I definitely prefer traditional root access that lineage allows. In a perfect world Google would allow root access how lineage implements it. You have to flash a file and turn it on and assume all responsibility. I don't know what Google is so afraid of. People use the argument that people would be bricking their phones left and right but some how Microsoft and every Linux distro has allowed access to system files without issue.
Click to expand...
Click to collapse
It's a common misconception, but systemless root is "true" root in a sense that /system can be mounted as r/w, and can be modified if the user so chooses. It's really just a matter of preference. Root can be hidden from apps far easier in a systemless scenario. To my understanding, the biggest difference between system-wide root and systemless -- in terms of implementation -- is that the root binaries are introduced into the OS in two different manners -- one by modifying the /system partition directly and the other by way of the boot image. Both methods allow for system level modifications, and give the user full and unfettered access to the core of the OS. It's more about the method of achieving root than it is the final result. In sum, the term "systemless" root in no way means that the /system partition cannot be modified. Rather, it implies that the Android OS was rooted without the /system partition being modified or mounted r/w. This is especially necessary these days, with so many devices having dm-verity, Android Verified Boot (AVB 1.0, AVB 2.0), etc.