Rooting (Android)


Rooting is the process by which users of Android devices can attain privileged control over various subsystems of the device, usually smartphones and tablets. Because Android is based on a modified version of the Linux kernel, rooting an Android device gives access to administrative permissions similar to those on Linux or any other Unix-like operating system such as FreeBSD or macOS.
Rooting is often performed to overcome limitations that carriers and hardware manufacturers put on some devices. Thus, rooting allows the users to alter or replace system applications and settings, run specialized applications that require administrator-level permissions, or perform other operations that are otherwise inaccessible to a normal Android user. On some devices, rooting can also facilitate the complete removal and replacement of the device's operating system, usually with a more recent release of its current operating system.
Root access is sometimes compared to jailbreaking on devices running the Apple iOS operating system. However, these are different concepts: jailbreaking is the bypass of several types of Apple prohibitions for the end user, including modifying the operating system, installing non-officially approved applications via sideloading, and granting the user elevated administration-level privileges. Some vendors, such as HTC, Sony, Samsung, OnePlus, Xiaomi, and Google, have provided the ability to unlock the bootloaders of some devices, thus enabling advanced users to make operating system modifications. Similarly, the ability to sideload applications is typically permissible on Android devices without root permissions. Thus, it is primarily the third aspect of iOS jailbreaking that most directly correlates with Android rooting.
Rooting is distinct from SIM unlocking and bootloader unlocking. The former allows for the removal of the SIM card lock on a phone, while the latter allows rewriting the phone's boot partition.

Overview

Rooting lets all user-installed applications run privileged commands typically unavailable to the devices in the stock configuration. Rooting is required for more advanced and potentially dangerous operations including modifying or deleting system files, removing pre-installed applications, and low-level access to the hardware itself A typical rooting installation also installs a Superuser application, which supervises applications that are granted root or superuser rights by requesting approval from the user before granting said permissions. A secondary operation, unlocking the device's bootloader verification, is required to remove or replace the installed operating system.
In contrast to iOS jailbreaking, rooting is not needed to run applications distributed outside of the Google Play Store, known as sideloading. The Android OS supports this feature natively in two ways: through the "Unknown sources" option in the Settings menu and through the Android Debug Bridge. However, some US carriers, including AT&T, have prevented the installation of applications not on the Play Store in firmware, although several devices are not subject to this rule, including the Samsung Infuse 4G; AT&T lifted the restriction on most devices by the middle of 2011.
, the Amazon Kindle Fire defaults to using the Amazon Appstore instead of Google Play, though like other Android devices, Kindle Fire allows sideloading of applications not from an approved store, and the "easy installer" application on the Amazon Appstore makes this easy. Other vendors of Android devices may look to other sources in the future.
Some devices, including those by Huawei and any brand sold by Verizon cannot easily be rooted, unless a privilege escalation exploit is found in the device's operating system version.

Advantages

Advantages of rooting include the possibility for complete control over the appearance, feel, and behaviour of the device. As a superuser has access to the device's system files, all aspects of the operating system can be customized with the only real limitation being the level of coding expertise. Immediately expectable advantages of rooted devices include the following:
  • The device owner can fully access and manage every file and directory stored on their device, including in directories that are invisible to the normal user, such as the /data directory. This allows backups and restorations of the entire system, and duplication of user data and preferences to a different rooted device.
  • Normal storage access can be restored if disabled by Google. One such example is restoring normal write access to the microSD memory card on Android 4.4 KitKat.
  • The MicroSD card can be treated as a mass storage device without removing it from the phone.
  • Support for theming, allowing everything to be visually changed from the color and type of the battery status indicator to the boot animation that appears while the device is booting, the status bar, control menu, virtual on-screen navigation buttons, and more.
  • Full control of the kernel, which, for example, allows overclocking and underclocking the CPU and GPU.
  • Full application control, including the ability to fully back up, restore, or batch-edit applications, or to remove bloatware that comes pre-installed on some phones.
  • Custom automated system-level processes through the use of third-party applications.
  • Ability to install software that allows additional levels of control on a rooted device or management of root access.
  • Access to more Unix shell commands, both standalone and through Android Debug Bridge.
  • Ability to bypass restrictions by vendors or Google, such as scoped storage, which compromised file system access and compatibility to established third-party mobile applications such as file managers.
  • Extended task management abilities
  • * Ability to terminate misbehaving and/or unresponsive system tasks such as media scanner and camera server manually.
  • Ability to downgrade applications directly, without uninstallation which involves deleting their user data. A downgrade may be desirable after an update breached compatibility and/or removed useful functionality.
  • Ability to control battery charging current, where a technically unnecessary throttling imposed by the operating system while the screen is on can be removed. On the other hand, a current reduction may be desired to extend battery lifespan. APIs may vary per vendor. For example, on Samsung Galaxy devices, this is done by applying a value to the /sys/devices/platform/sec-battery/power_supply/battery/siop_level system file, where 100 represents the highest technically supported charging rate.
  • Ability to limit charging capacity to reduce battery weardown.
  • Overriding screenshot blocks. Normally, Android gives application developers the authority to allow or deny device owners from capturing screenshots and screen recordings. A developer can impose screenshot blocks on parts or the entire application.
  • Installing customized versions of pre-installed system applications. Normally, system applications have to be digitally signed by their respective developers in order to be installable.
  • Phone call recording with no external device. In some locations, it is the responsibility of the user to first acquire consent by the other participant if required by law where they reside, with or without an external recording device.

    Disadvantages

Disadvantages of rooting include:
  • On some brands, including Samsung and Motorola, rooting voids a device's warranty.
  • If used incorrectly, rooting can cause stability issues with the software or hardware. If the issues are purely software-based, unrooting the phone can often resolve these issues.
  • In the case of a malicious exploit, the attacker has privileged access to device systems.
  • Android Play Integrity API is tripped so some apps will not work or will not be shown on the Play Store.

    Related concepts

Rooting allows the user to obtain privileged access to a phone. It does not allow a user to install a new OS or recovery image, and it doesn't allow a phone that is locked to a certain carrier to be used on another one. Related operations allow these.

Bootloader unlock

Bootloader unlocking is sometimes a first step used to root the device; however, it is not the same as rooting the device. Most devices come with a locked bootloader, which prevents users from installing a new boot image, which is often flashed when rooting a device or using a custom ROM. The bootloader runs on device start-up and is in charge of loading the operating system on the phone. It is generally in charge of verifying that phone system information hasn't been tampered with and is genuine. Nonetheless, people still perform this operation, as unlocking the bootloader allows users to install custom ROMs.
The first step to do this is generally to set up OEM unlocking, and then to follow manufacturer specific instructions. Not all devices can be bootloader unlocked, and some can only be unlocked with an exploit which usually needs a privilege escalation bug in order to remove software locks, which includes most LG V20 models and Verizon-sold Google Pixel devices.
The process of unlocking the bootloader might involve a factory reset, erasing all user data, third-party applications, and configuration.

SIM unlock

SIM unlocking allows a phone that is locked to a certain carrier to be used on a different carrier. The instructions vary per device and carrier, but this might be done by first requesting the carrier to unlock the phone or purchasing an unlock code online.

Methods

Some rooting methods involve the use of a command prompt and a development interface called the Android Debug Bridge, while other methods may use existing vulnerabilities in devices. Due to similarly modeled devices often having a multitude of changes, rooting methods for one device when used for a different variant can result in bricking the device.
"Systemless root" is a variant of rooting in which the underlying device file system is not modified. Systemless root uses various techniques to gain root access without modifying the system partition of a device. Some root applications may include a "hiding" function, which makes attempts to mask the effects and results of rooting, often by whitelisting certain applications for the root or blocking access to affected files. Systemless rooting has the advantage of not triggering the software-based version of SafetyNet, an Android feature that works by monitoring changes to system files and is used by applications such as Google Pay to detect whether a device has been tampered with such as by rooting. However, hardware-backed SafetyNet versions may be triggered by systemless rooting, as well as in unrooted devices shipped without Google Mobile Services.
The distinction between "soft rooting" through a security vulnerability and "hard-rooting" by flashing a su binary executable varies from exploit to exploit, and manufacturer to manufacturer. Soft-rooting requires that a device be vulnerable to privilege escalation, or replacing executable binaries. Hard-rooting is supported by the manufacturer, and it is generally only exposed for devices the manufacturer allows. If a phone can be soft-rooted, it is also inherently vulnerable to malware.