Android is changing the way root works
Power users will likely recognize the name +Chainfire as one of the developers who brought superuser to Android and helped make rooting achievable for countless others. As you might expect, he’s still very much into the “guts” of Android, and recently came across something a little troubling.
When some power users pointed out a recent commit to the AOSP master tree, Chainfire found a significant amount of Android root changes — which could break the majority of today’s root apps.
AOSP is the “core” Android code that developers use to create ROMs for their devices. Rooting is the process by which users enable apps to request superuser access which, in turn, lets those apps have access to things it normally would not have had.
This change prevents the unconfined domain from executing files that are located in your /data partition. As it stands today, that’s everything that you run through su. Okay, that’s a lot of techno babble, but what does it mean?
Many of today’s root apps put their files in the /data partition, and execute from there as root. That’s not going to work any more, since access will be denied by default. Chainfire goes on to say that there are multiple workarounds that apps could employ, but not a single, “generic” solution that will work for all of them. In short, each root app is going to have to be re-written to work with the new root securities, and they’ll be different for each type of app. Oh, and to make matters worse, developers may have to employ two techniques, one for current versions of Android, and another for whatever the new version will be called (4.4.3, 4.5, 5.0, etc.).
Luckily, since the code was released over a week ago, app developers already have the opportunity to start developing their methods to bypass the issue. However, since most developers likely use Android images that come prepackaged in the Android SDK, the majority of them probably won’t start working on a fix until the SDK has been updated for that version of Android.
Other than app developers being given a bit more “job security” while they word around the changes, the real benefit is to you, the user. By making these changes, Android is adding an additional layer to protect you from malicious software. Whether or not this layer of protection is being done the “right” way or not is subject to your perspective.
It’s worth mentioning that these changes may have been committed to the AOSP repository inadvertently. They may be removed from the repo at any time. It’s even possible that they might not make it into the next version of Android at all. However, we’ve seen similar changes pop up in the past that were eventually included in the “final” code, so the probability that we’ll eventually see these changes is fairly high.
In the meantime, if you use an app that requires root access, it might not be a bad idea to drop their developers an email to find out what their plans are for this new type of security. You can point them to this article and to Chainfire’s How-To SU page, which has been updated with a few potential workarounds. For the developers reading this article, some of Chainfire’s workarounds include extracting the code and running it from RAM or rootfs, or piping commands directly to su, among others.
Some sites are inciting panic over the “impending changes” that will “change root forever”, but don’t fret! The Android community is very robust, and these changes are only meant to make the core operating system even more secure from bad things happening to it — and to you.