Despite device manufacturers’ announcement to the user about the void warranty on rooting Android phones, users still root their phones for various reasons such as installing special applications that runs only on a rooted device, removing built-in apps, USB tethering, turning the device into a Wi-Fi hotspot, etc., compromising on the features of security, performance and at the potential cost of the phone itself, as the user might fail at any step in the device-dependent process of rooting the device without a warranty safety net.
Apart from the traditional rooting methods, there are tools available online to root the device that can be run through either ADB or installed directly on the device.
One should also be aware that many Android malware require root access (administrative power) to execute the desired malefide functions on the victim’s device. They acquire root access by bundling with other good applications that require root access, by triggering an application in the victim device that requires root access, or by invoking exploits that they carry within themselves, as in the case of Android/DroidDream that carries the exploits RageAgainsttheCage and Exploid. In addition the recent Android PowerOffHijack malware exemplifies the ill-effects on the Android operating system if administrative power is acquired by a malware.
Security enhancements in Android notwithstanding, there are still new vulnerabilities and exploits for the OS being identified regularly. As per the recent Microsoft report that includes statistics on vulnerabilities and exploits reported in the second half of 2014, lots of the non-Windows exploits found on Windows computers are for the Android operating system and Open Handset Alliance.
All this implies that Android smartphone users should:
- Ponder whether they really need to root the device
- Be vigilant about the applications downloaded to root the device
- Download the required application only from the official Google Playstore
- Turn on the feature of “Verify apps” that is available with Android 4.2 or higher
Images courtesy of:
V.Dhanalakshmi, Senior Threat Researcher, K7TCL
If you wish to subscribe to our blog, please add the URL provided below to your blog reader: https://labs.k7computing.com/feed/