Root and SuperUser access (“su“) are two terms that are often used interchangeably. Essentially, if you have Root access, you can modify and replace system files. With this access level a user can run an app that will automatically sync the clock on their smartphone or tablet with the Atomic Clock, tweak the color settings of their display, or make a complete backup of their device. Users can replace radio firmware, or even swap out an entire ROM with something that’s been customized by the community.
It’s just as easy for a malicious user to utilize Root as a vector for attack – running up huge bills by sending texts to pay-per-SMS numbers, mining for bitcoins, stealing your identity and financial information, or worse. Additionally, OEMs and carriers want to restrict Root so they don’t have to troubleshoot and support devices that have been “broken” by a user not knowing what they were doing.
For many Power Users, the benefits are well worth the risks.
Recent changes to the underlying layers of Android have made apps that rely on Root-access harder to write – and were poised to break most (if not all) current apps that depend on Root to work. Android-powerhouse Chainfire (also known as Jorrit Jongma) publishes a How to SU guide that serves as the go-to source for how developers should write code for Android with problem-free su usage. On May 18, 2014, he updated his guide to version 1.50 to address changes that may be rolling out as early as Android KitKat 4.4.3, released earlier this week.
If you’ll pardon the pun, the root of all our problems has been the hardening of the Android environment and the use of SELinux. Here’s what Chainfire has to say:
“A good example of the unconfined domain not being all-mighty, is executing files from /data. Starting (with) Android 4.4.3, this will no longer be possible from the unconfined domain (see #74082 and #78801).
“The established practise of including binaries and scripts in your APK, extracting them to /data/data/[package]/files/ or placing them in /data/data/[package]/lib/ and executing them from there through a su call will no longer work out-of-the-box. While there are other work-arounds possible (like copying to and executing from rootfs), one solution is switching contexts to a context not in the unconfined domain (like u:r:untrusted_app:s0, the context the rest of your app is likely to run as). You will need to do extensive testing to see if all the calls you want to make still run in the context you choose, though, and you may have to try some different ones to get the capabilities you want.
“Note that executing files in /data will still work as expected from your app if you are not trying to run it as root.” (SIC)
Though the changes are many, they can be summarized as trying to protect you by securing the /system folder, preventing code executed in the /data partition from running with elevated privileges, and the requirement of PIE (Position-Independent Executable) for non-statically built executables.
The latest version of SuperSU (1.97) reportedly took quite a bit longer to update than was originally expected. Thanks to all the work Chainfire put into it, most apps won’t require complicated workarounds – if they’re needed at all.
For developers, apps that utilize su will need to be very thoroughly tested. While this is being done, users may notice delays in app updates, or might experience apps that don’t work properly after having upgraded to the version of Android.
The good news is that all these changes are for the better. They’re designed to make your smartphone or tablet even more secure and (eventually) immune from malicious code that could seriously complicate your life.