The CyanogenMod project has finally acknowledged that the 1,000,000+ devices running CyanogenMod come with a gaping security hole – default root access. With privacy issues and app permissions becoming more of a concern to smartphone users, running a jail-broken (rooted) device negates any security and data safeguards that Google has tried to build into the OS.
So, in an attempt to keep everyone happy, while improving security, the team has decided on a compromise that will allow enthusiasts to keep using root privileges but also provide better default security for the majority of users. Starting with the first public CyanogenMod 9 alpha builds, root access has been disabled by default but with the option to enable it again. The new changes allow root access to be selectively enabled with four states available:
- Enabled for ADB only
- Enabled for Apps only
- Enabled for both ADB and Apps.
This means that on a default CyanogenMod 9 installation, root usage will have to be explicitly enabled by the user. If a user is fully aware of the implications of enabling root (including the fact that any root enabled application may perform actions that can compromise security and privacy), then they are free to enable it. As before, apps that request root (by calling the su binary) will be redirected to SuperUser.apk where the user can grant access. SuperUser.apk is also used to manage which apps have root permission as well as monitor the usage of the permission.
Why the concern?
With root enabled, any app installed on the phone has unrestricted access to functionality that would normally be off limits to an app. This super user access has given rise to specific types of Android malware that can circumvent smartphone security mechanisms either by using the existing root access or by actually jail-breaking the phone during its installation process. With root access, the malware can access parts of the API that are supposed to be protected by the permissions system.
“We honestly believe there are limited uses for root on CyanogenMod, and none that warrant shipping the OS defaulted to unsecured” wrote Jef Oliver, a member of the CyanogenMod team.