Root, also named Root-Account or Root-Account-Access, in unix-like systems, including Android, means, that a user has full access to the operating system and the resources of it.

The synonym term Root is derived from the linux user root, which, in the users- and rights hierarchy of linux, is the top element and therefore has wide system permissions. Root-user are also called Superuser.

In Android, the root-access is deactivated by default. Using the root-user for working with the system is, for security reasons, not provided.

Root in Unix-like systems

The user account root is, in a unix-like system like BSD or linux, created by default during the installation of the system. This user is not meant to be used during the daily work with the system, as a potential security risk arises from the wide system permissions assigned to this user. Because of this risk, the root user is usually only used to do administrative tasks in the system, which requires extended permissions compared to other user accounts.

Switching the identity

In Ubunut, a linux distribution, a switch of the identity (the user account) is possible at any time, as long as the current user has the permission to do so. Actions, that require root-permissions, are, e.g., the installation of a new program or the change of a configuration of an already installed one. However, also malicious software, to do malicious tasks, often requires root permission. In the default configuration, if a program requires root-permission, the user is asked to confirm this request by entering their password. This is not required, if the user is working as the root-account already.

To avoid unauthorized access, confirming this request or entering the root password, should only be done, if the user actively started a program that requires root access. The requirement of root-access should also be evaluated before granting the access (e.g. a mail program usually do not need root access to do it's work).

In a terminal (shell), switching to the root account is done with the command su (substitute user identity). Executing this command (and confirming this with the root password) will open an interactive shell, the so-called root-shell. All commands executed in this shell also have the root permission as well. If only one command should be executed with root-permissions, the command should be executed by prepending the sudo command, which will only execute this single command in a root-context.

Root in Android

As there is no real user account management in Android 5.0   "Lollipop", like in a personal computer, the user does not really have a identity, which they could change. The user is, more precisely, switching from app to app, which gets the required permission during the installation of them (since Android 6.0   "Marshmallow", the user can grant the permission of an app once the app really needs it). The user impersonates the identity of each single app while using it. For each app, the Dalvik VM is assigning it a unique user ID (UID)[1], which, by default, has only read and write permissions to the data directory of this specific app (located in the /data/data directory).

Permission-management in Android

 
Root request by an app on a HTC Wildfire

As Android is based on the linux kernel, it also inherits most of the security features of it, e.g. the permission management. To be able to install an app, e.g. from the Google Play Store, the user must grant this app the required permissions to work (e.g. access to the internet or telephone functions). Each app is only able to access features of the system, which the user granted during the installation (or update). The developer of the app states the required permissions in the meta-file AndroidManifest.xml of their app. From this file, the Android system gets the required permissions for the app, which the user needs to confirm.

Given, that a malicious app wants to send or receive SMS, the developer of that app would need to request the required permission to send and receive SMS in the AndroidManifest.xml file when shipping this malicious app, in order to be able to access this telephone functions. In theory, this concept does not allow an app to gather permissions that were not granted by the user during the install time of the app. It is therefore an important step to check the required permissions of an app before installing it and also checking, that the requested app really requires all of these permissions to do it's job. For example, a calendar app usually does not have a good reason to request the permission to make or receive phone calls, however, accessing the events storage is reasonable.

Since Android 4.3   "Jelly Bean" a new feature called App Ops allows a user to decline specific permissions of an app. Before it was only possible to grant all or no permissions (by not installing the app at all).

Root for Android

The AndroidManifest.xml file does not provide the possibility to request permissions assigned to the root user. Permissions of the root user in Android are, as in other unix-like systems, realized with the File-permission setuid.[2] This bit controls, if a executable file is executed with the permissions of the executing user (e.g. the user created during the installation of the app) or with the permissions of the creator (for system commands usually root). If an app requires root-permissions, this usually simply means, that the app wants to execute another program (usually a system command) with root-permissions. Usually this is done by the app by running the desired command or executable file with the su binary (in the /system/xbin directory). This su binary is the only executable file, which is allowed to use the setuid() command ti change the setuid bit. To still give the full control of what app requested root-access and which one was granted, there's an app to administrate these requests and grants. One of these apps is SuperSU. If the user starts an app that requires root-permission, the administrative app intercepts this request and asks the user for permission to (usually) either grant temporary or permanent root access to the app.

However, the user should always verify the request of root permission by an app by comparing the expected features of an app with the requirement to execute commands which require root permission. Most daily work apps out for Android usually do not require root permission, the permission system of Android provides them all the necessary permissions.

Refrences

  1. Lua error: Internal error: The interpreter exited with status 127.
  2. Lua error: Internal error: The interpreter exited with status 127.