What Is Rooting?
Rooting your Android device means getting root access of the Android OS (as it is based on the Linux OS)
Why Is Rooting Required?
When you buy a new PC, you have full access to the hardware and the software. If PC manufacturers start shipping new PCs without the root privileges, they will face a lot of backlash from the users. But somehow, handheld device manufacturers started restricting the root access from the start, and users didn’t complain. Maybe because the user base for mobile phones was less tech-savvy. And things haven’t changed since then. This is a wrong practice because when you have purchased the device, you are the owner of that device and that software. You should be allowed to do what you want with it.
One major reason why the manufacturers do this is to extract as much money as they can from you. For example, a lot of mobile makers of the USA remove the wifi tethering option and provide their own pre-installed system app for the same. This way, they monitor and charge extra when the user broadcasts the mobile hotspot.
Another reason could be that by allowing root privileges, the users get superpowers over the phone. While one can do wonders with it, it is also equally possible to mess things up.
Coming to the question at hand, you would want to root your device to:
+ Strip away bloatware that’s impossible to uninstall otherwise
+ Enable previously disabled settings like wireless tethering
+ Ability to install specialized tools
+ Flash custom ROMs
+ Install apps that require root like adblocker, over/ under clock the processor, etc
Risks Of Rooting
There are mainly 4 cons of rooting an Android device:
- Most manufacturers will void the warranty if you root the device. But since you can always unroot, this is not a big issue
- If something goes wrong, you can potentially brick your phone, which means your phone is as good as a brick
- The risk of security is always there when you root. If you give privileged access to a malicious app, you stand at a risk of corruption or theft of your data. Such apps can also install additional malware
- Some security-conscious apps and services do not work on rooted devices at all like Google Pay, Barclays, Sky Go, Virgin TV, etc
What Are The Key Components That I Should Know Before Rooting?
The key components are:
+ The ADB
+ The ROM
+ The bootloader
+ The system recovery
+ The su or superuser.apk
The ADB
It allows your PC/ Mac to connect with an Android device. You can then perform certain operations like running a shell. Most device manufacturers lock root access to the ADB, and hence the operations that the ADB can perform are limited.
The ROM
The general and most famous full form of a ROM is Read Only Memory. To tell you the truth, it has very little to do with Android ROM. An Android ROM is actually a phone’s firmware based on Google’s Android platform. Since Android is open-source, anyone can release a tweaked version of the OS. A lot of developers do this to change the appearance and behavior of the vanilla OS. Most custom ROMs are completely free and developers do this purely out of a passion for modding. What the phone comes with is called the stock ROM. What you flash (aka install) on top of it is called custom ROM. One should be aware that if you do something wrong while flashing the ROM, or if the ROM is corrupted, you risk making your phone inoperable.
The Bootloader
It is the first piece of the software that runs automatically once you power on your device. This software is responsible for loading your OS, running a recovery system if required, and installing a new OS if you want. Many device manufacturers also modify the bootloaders to stop users from installing a new OS. Such bootloaders are said to be locked. An unlocked bootloader allows you to install any new OS of your choice on the machine.
If you have a device with a locked bootloader, you need to hack it first to make it unlocked. This is tricky as not all bootloaders can be unlocked. Google does recommend unlocking the bootloader to the device manufacturers:
The System Recovery
It is a separate piece of code than Android or Linux OS. It exists on its own partition. It has basically nothing to do with your OS. It is a very low-level OS in itself and will do anything that you want as long as the command you give to it is pre-defined. The system recovery software is different for different devices, but all have a few common features like:
+ Factory reset of the device
+ Update ROM by getting the new ROM located in the external storage of the device, signed by the manufacturer
You may be thinking that you can use the second option from the above to flash your choice of custom ROM, but signing a custom ROM is not possible. The first and the most obvious reason is that to sign a ROM, you need the same private key that is used by the device manufacturer. The second reason is that even if you have the key, it is 100% illegal to use it without a proper legal contract with the manufacturer.
What’s the way out? Since system recovery is basically a piece of software that exists on a pre-defined system partition, you can easily replace it with a custom system recovery software! Most users do that first thing after rooting their device. ClockworkMod Recovery and TWRP are the most famous system recovery software that people install. Both allow you to install any ROM, backup/ restore partitions, etc.
The su Or superuser.apk
su stands for switch user. It is a binary executable. It is used by Android and other *nix-based systems to allow a process to change the user account it is associated with.
Superuser is an Android app. It works as a sort of gatekeeper to the su. Apps that attempt to invoke su will be forced to route through Superuser, which will then prompt the user. The user then has the option to approve or deny the access to su and optionally having Superuser remember their decision for the future.
The source of both is available on Github, and can be audited by anyone.
What Are The Challenges Faced In Rooting?
Any app that you can interact with on Android cannot execute in privileged mode (superuser or su or sudo mode), and cannot start another app in the privileged mode as well. Hence, the Android system is immune to any privilege escalation attempts. So, the obvious question is… How do you root?
As mentioned in the previous section, if you have an unlocked bootloader, you can easily flash a custom rooted ROM which allows privileged access.
There are certain manufacturers who don’t restrict the ADB. In this case, you can just connect your phone with your computer and run ADB. This allows you to execute any privileged command.
How To Root?
You can use one-click root apps like:
Framaroot
Firmware.mobi
Kingo Root
BaiduRoot
One Click Root
CFRoot
Basically, these apps try to exploit a security vulnerability to install SuperSu app on your phone. You can then use the SuperSu app to install the binaries. You will have a rooted phone after these steps.
Some of the above apps also allow unrooting your phone. Which is nothing but uninstalling the SuperSu app and deleting the binaries from your phone.
The alternate method is:
+ Allow USB debugging (from the developer’s option of your phone)
+ Allow OEM unlock (from the developer’s option of your phone)
+ Install the appropriate USB drivers on your computer to ensure that it can properly communicate with your phone. Either your computer OS will automatically detect or install the required USB driver when you connect your phone to the computer or you can install the driver from here:
Asus
Acer
Alcatel
Coolpad
Google/ Nexus/ Pixel
HTC
Huawei/ Honor
Lenovo/ Motorola
LG
Samsung
Sony
Xiaomi
Before you proceed further, you need to unlock your device’s bootloader.
For some devices, the bootloader is not even locked.
For some other devices, the bootloader can be unlocked easily.
For some other devices, the process of unlocking the bootloader requires you to follow step-by-step instructions. You also need to obtain a key from the manufacturer, which sometimes requires you to register as a developer with them.
Motorola
HTC
LG
Sony
For some other devices, unlocking the bootloader isn’t allowed at all. You cannot do anything if this is the case, unless some third party solution exists. Such is the case with Huawei and Honor devices. But a third-party solution exists:
Once you have unlocked your bootloader, put your phone in the fastboot mode. The process to do so is different for different devices, but generally, it is like this: Reboot the device and hold down the power and volume down button simultaneously for around 10 seconds.
Once in fastboot mode, you can unlock your OEM and flash the ROM of your choice on the device via your computer.
That’s all for now :)
Please clap for the article if you feel you’ve learned something new today!
