One of the reasons we all love Android is because it can do so many things, especially when rooted. Unfortunately with that comes the ability for bad guys to do many things, especially when rooted. Luckily there is something that we can do to help protect from some of the more popular "attack vectors".
SecDroid is an app available from either its XDA thread or the Google Play Store which hardens the Android kernel by disabling certain binaries that have internet access or can be used to hack your device. Some of these include:
- NC (net cat)
- PM (Package Manager — Can't install apps via CLI/ADB)
- ADBD (ADB is disabled until reboot)
- The TCP stack is secured using Systctl (until the next boot)
SecDroid achieves this by disabling some services that most users don't need to be running all the time. It also disables Package Manager which disables apps from being remotely installed to your device (but you can still install them from Play Store or by sideloading the .APK directly). ADB is also disabled until the next reboot.
What's ironic here is that this tools requires a rooted device to be able to run. Many will jump to the conclusion that it's only rooted devices that need this type of hardening. They'd be wrong. Rooted devices almost universally include an app that regulates which apps and processes have access to super user permissions — something "stock" devices don't have. Some will say those devices don't need a super user app because they don't have root access. That's true — until it's not.
Remember, to root most devices you must exploit a security hole. Once that hole is exploited, an app can have unfettered access, and devices that aren't running an app like SuperUser or SuperSU don't have a gatekeeper to regulate super user access. It's unrooted devices that are arguably less secure than their rooted counterparts —even without running SecDroid.