Android 4.4 security enhancements may spell trouble for rooting
There’s an interesting relationship that plays out between Android security and Android openness. This shouldn’t be surprising, since device security is based around the notion of “preventing certain things from happening,” and it’s difficult to achieve both that and offer unfettered do-as-you-please access to the system. As a result, we get a balancing act between the two, and sometimes that means needing to choose sides, like a tool that exploits security holes, yet gives users the root access they’re after. With Android 4.4 now arriving, that balance could start shifting, as we get word of changes that could make rooting phones exceedingly difficult.
The feature causing these concerns is a new kernel ability called device-mapper-verity, which is used to cryptographically verify a device’s file system at a low level. The idea is to prevent malware from attempting to hide its tracks with some rootkit-like behavior.
Problem is, while achieving that goal, the file system verification process could make it very hard to perform a root exploit on a phone that’s otherwise secured with a locked bootloader. So while this may not be a problem for Nexus models or developer editions, regular carrier-provided bootloader-locked Androids may not be getting root exploits like they used to.
Beyond that, there are fears that this system could also affect devs just looking to customize Android a little, tweaking the platform in unexpected ways. Like with those signs of ads in the 4.4 dialer, we shouldn’t start freaking out until we start seeing 4.4 hit devices and get a chance to check out this behavior for ourselves, so consider this a heads-up, if you will; time will tell if this really is a big problem.