By Jon Janego
As a follow up to my blog post in December about custom Android ROMs, i’d like to comment on the news released by the CyanogenMod team last month about their removal of default root access in their upcoming CM9 release.
In a post on their blog a few weeks ago, the CyanogenMod team announced that they were changing the way that they handle root access on devices using their ROM. Previous releases of their ROM have root access enabled by default, as is common in most custom ROMs. That had the result that any application that requested root access on the device would be granted it. This is great for some of the power-user applications that are common among the Android modding scene – Titanium Backup is one that comes to mind – but it comes with a significant security risk, since a malicious application installed on the device could have full root access without the user being aware of what it was doing. The CyanogenMod team acknowledged this in their post, saying, “Shipping root enabled by default to 1,000,000+ devices was a gaping hole“.
What the team is planning to do instead is to implement root access in a selective, user configurable manner. A device using the ROM has root access disabled by default, but can be configured to only enable it for ADB console access, to enable it only for applications, or to have it enabled across the board. This type of control leaves it in the hands of the users to choose the level of risk that they are willing to accept. Obviously, many of the tech-savvy enthusiasts will immediately enable unfettered root access. However, for the large part of the Android community that is only interested in custom ROMs for the customizable interfaces offered by them, this will be a welcome and overdue security protection for them. Already, it is clear in the comments to the CyanogenMod post that not everyone understands what the risk of root level access is – someone asks the community to “explain this for the liberal arts majors“.
Just so it’s clear, the removal of root level access is strictly at the operating system layer. Installing a custom ROM onto an Android phone still requires unlocking the bootloader, which on most devices requires running a “jailbreaking” exploit of some sort. There are a few exceptions to this; the Google Nexus line of phones lets you unlock the bootloader with only some console commands, and HTC and Motorola have also been providing bootloader unlocks to their devices. Unless it’s coming from the manufacturer, there is always the possibility of some risk when executing unknown code on your device. But once you’ve gotten to the point of installing the custom ROM, there was the further risk of having root-level access to the operating system easily available, which is the gap that CyanogenMod has closed here.
To me, this indicates that the CyanogenMod team is acknowledging their influence in the community and using it to educate users on good security measures. Baking in a “secure by default” configuration to the most popular ROM will be good for everyone. Kudos to them for acknowledging this, and let’s hope that it leads to a more secure Android ecosystem for everyone!
CyanogenMod Logo Used Under a Creative Commons Attribution License