One of the reasons we all love Android is because it can do so many things, especially when rooted. Unfortunately with that comes the ability for bad guys to do many things, especially when rooted. Luckily there is something that we can do to help protect from some of the more popular “attack vectors”.
SecDroid is an app available from either its XDA thread or the Google Play Store which hardens the Android kernel by disabling certain binaries that have internet access or can be used to hack your device. Some of these include:
- NC (net cat)
- PM (Package Manager – Can’t install apps via CLI/ADB)
- ADBD (ADB is disabled until reboot)
- The TCP stack is secured using Systctl (until the next boot)
What’s ironic here is that this tools requires a rooted device to be able to run. Many will jump to the conclusion that it’s only rooted devices that need this type of hardening. They’d be wrong. Rooted devices almost universally include an app that regulates which apps and processes have access to super user permissions — something “stock” devices don’t have. Some will say those devices don’t need a super user app because they don’t have root access. That’s true — until it’s not.
Remember, to root most devices you must exploit a security hole. Once that hole is exploited, an app can have unfettered access, and devices that aren’t running an app like SuperUser or SuperSU don’t have a gatekeeper to regulate super user access. It’s unrooted devices that are arguably less secure than their rooted counterparts –even without running SecDroid.