There is no magic in root

Removing some of the mystery of the superuser

While reading around the Internet last week, I noticed several otherwise fine publications making a mistake that far too many people make — claiming that rooting your Android phone or tablet or watch (we can't forget the watches) will make things run better.

That's a trap that far too many people fall into, because having superuser access (root) on any Linux-based machine can allow you to do things that make your device better. It can also allow you to do things that make a device run worse, or even break everything and leave you with a pile of copper and silicon that won't ever do anything ever again. The old adage of "with great power comes great responsibility" really is true.

But by itself, having superuser access does nothing.

Everything is a file

Everything is a file. Everything. You are a file.

In any Unix based operating system, whether it's Ubuntu, or Android, or even OS X, you can safely say that everything is a file. When you plug a thumb drive into a USB port, one file gets read and another file gets created or populated. When you change the volume of sounds going out to your speakers, you change a file that gets read to tell the sound server how loud to be. This goes even deeper into the operating system. If you want to see how much battery you have left, you read a file that the kernel has written a value to. If you want to change the CPU governer, you guessed it, you write the new value to a file.

You can see this for yourself right on your Android. Connect to a computer, open an ADB session and look at the /proc or /sys directory. This is a set of "instructions" being read by and written to by the kernel with information about your battery, your CPU, and all manner of nerdery that's happening behind the scenes when your Android is up and running. And if we can manipulate those files and folders, we can change stuff.

Root is a user with permission to break things

Permission to screw this file up is granted

Because everything is a file, being able to make, delete or alter these files can have a dramatic effect on just about everything in your Android. Allowing a user to alter any files they don't own is never a good idea, so Android uses permissions to decide who can do what. No, not like the permissions you grant when you install an app. We're talking about permission to read, write or execute a file in the system.

You might have bought your phone, but you aren't the owner of system files and folders. Those belong to the system, and your "stuff" is in a different place where you're allowed to muck around with it. The system user is allowed to muck around, too, because it might need to make adjustments to stuff that's yours, because it's stored on space that's theirs. This is how Unix-based permissions work. Your space gives you permission to do most anything, and it may give other users permission to do it all. In the space that's not yours, you're only allowed to look while the system user can do it all, because it's their space.

That's where the root user comes in. It can do anything to any file or any folder on your Android. Or your Linux desktop. Or your iMac. There's nowhere that root doesn't have full read, write and execute permissions. Root is allowed to delete your files. Root is allowed to say that your half empty battery is really full by lying and entering any value it wants in that file. Root is allowed to tell the CPU to never sleep or to never wake up, or run at any speed and voltage that is supported by the kernel. Root can do mundane tasks that everyone understands, as well as really technical things that are just a bunch of hexadecimal numbers when we try to peek and see what it's doing.

In other words, root is allowed to do things to make your Android run better, and do things that make your Android run worse.

What root can't do is make any of these things happen by itself. Rooting your phone is simply saying that there is now a user who is allowed to do stuff that normal users can't do. You either need to enter commands while you're acting as root (through a terminal app or the ADB interface) or install applications or scripts that automate things and can run commands at intervals or through a GUI. When you use Root Explorer to monkey with system files, you're just sending file commands as root when you tap buttons. It seems like magic because you didn't have to do anything harder than install an app from Google Play.

The security factor

Sad bugdroid is sad

Nothing makes me cringe quite like seeing someone ask for an app to root their phone because they don't understand all this SDK and ADB stuff. Those are the users that the bad guys just freaking love, because they need people who will just click stuff so they can steal your bank password. And there are plenty of them out there.

Because everything is a file, and root is allowed to do anything to any file anywhere on your Android, it's simple to get sensitive information from a secure area and put it somewhere it can be sent back to some server on the other side of the world. All you have to do is tell it to happen, and hiding the commands to make it happen in a game you pirated from blackdroid is really easy.

When you buy a new Android, root isn't enabled for your own good. I've been doing this Unix-based thing for over 20 years, and I still screw up. You'll screw up if given the chance. We all will screw up because it's so easy to screw up. What's not easy is fixing it all. Because the people who build these Androids won't deliver software to reload things back to factory condition — the very best thing about Google's Nexus program — you can't just cry uncle and load everything fresh when you screw up and have a device that's not running, or runs fine but is insecure and you're sharing your life's details with some guy in Estonia or Oregon.

We don't have to like it, and we can do everything in our power to undo these precautions, but out-of-the-box your phone has no root because you can't be trusted with root. Remember, folks like HTC or Verizon have no idea if you're a careful user or one who gets click-happy. We all get treated as if we're the click-happy type. Thanks, Obama.

The middle ground (and in my opinion the best method) is when you can unlock the bootloader on your phone — after warnings that when you screw things up you're out of luck — and install any firmware you like. This is how Nexus devices and so-called developer-editions come from the factory. You can break it if you want to, and the manufacturer won't try to stop you — or care when you break it. I also think a bootloader unlock token should be provided when your device is paid-in-full, but that's another article for another time.

Knowing how this sort of thing works is important. Not just to keep from breaking your new $600 phone, but to stay safe and secure while you're using it. Most importantly, be aware that rooting your phone only gives you permission to do something stupid, and never does anything by itself.

Jerry Hildenbrand
Senior Editor — Google Ecosystem

Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Twitter.

  • Typo
  • Who was it that said something like "technically advanced feats will seem like MAGIC to non technically advanced individuals"? Posted via the LG G2 Android Central App
  • Arthur C Clarke.
  • I believe it was Arthur C Clarke. Posted via Android Central App
  • "Any sufficiently advanced technology is indistinguishable from magic."
  • Jesus.
  • God
  • One of the most intelligent and lucid posts I've ever seen anywhere on the topic,. Thanks for posting this.Thanks, Jerry. Posted via Android Central App
  • I agree great article every curious android user should read Posted via Android Central App
  • Remvoing, huh?
  • Informative article. It also shows how insecure Google/android is. It is not JUST pirated apps that cause security leaks rooted or not. I have one word for everyone to prove the point....Yo
  • I don't think that's what he was saying.
  • I agree for the most part. Just the one section about pirated apps I wanted to opine on. Phones of any type should not be allowed to be rooted, jail breaked. Etc. It can adversely effect the Eco system for all in my opinion. Insecure phones affecting other phones just because they are rootred
  • You're still not making any sense. Just a wild, but still very educated guess; people who root are more aware of the risks with installing pirated software. Then again, reading your comment history, I really don't know why I even bother replying to you...... :D
  • Well look who it is. The one that loves to demean people on blogs. It is an educated fear. I don't profess to know all the answers, however I KNOW you don't where it was evidenced from your past statements to myself and others. You are so negative without any good reason to do so. I wasn't disrespectful and wasn't addressing you.
  • Stop it, both of you, or I'm turning this blog around and sending you both to bed without any supper. Posted via Android Central App
  • LOL...well said. Believe me I won't be addressing him anymore
  • Good! Posted via Android Central App
  • Now go reply to HIM in a similar fashion
  • ++1 Posted via Ash Williams Boom Stick!
  • with that attitude of yours you might love reading Brave New World by Aldous Huxley, you would probably prefer to live there too...
  • I have read it. These phones,google glass,imbedded chips,the internet has already put us where the book said we'd be or get to someday. We cannot survive in a civilization without the internet now. It is trivial at this point to be concerned if you are allowed to root a phone or not. That isn't the freedom(or the loss of) the book was talking about
  • I actually have a couple of issues with both the article and this comment.......
    1) When I paid in full, up front for my device, I have also paid a fee (royalty) to Google for this OS. I am not unaware of the fact that free software isn't, necessarily, free. That a fee can be required. I also under stand that a derivative of Linux can have proprietary software that is not open source. That said, however, when I am asking for root access, I am asking for access to the part of the OS that is freely available and protected by open licence. I understand your point but I do not subscribe to the idea that knowledgeable people should be subject to restrictions because others refuse to learn about the technology that they use. The kernel is not proprietary if it is indeed a Linux kernel and if it is I should have root access. 2) There very valid reasons to root. I have a multitude of pre-installed apps that I never asked for and do not want. Practically everybody that sells devices have these agreements. I did not agree to these installed apps being on my equipment nor was I apprised of them being resident on the device that I paid for in full. Rooting can rectify this. It is the only way to rectify this issue since the uninstall button was rendered inactive on many of these apps. 3) Locking a system to prevent access to the core of the OS makes it a chore for more advanced users to WIPE the android OS and install a more desired distribution of Linux on a device. I am not an Android fan but I do need the hardware. Since I do not purchase devices under contract, I should be able to do that unfettered by security schemes that keep me out of the loop. 4) If you really believe that we can not live without the internet, you need to come to Lancaster County. The heart of PA Dutch country. It is a beautiful way to live. I almost wish I was born into an Amish family. I would happily trade all of technology for that lifestyle. Great food in Dutch country. You really should visit! I do understand what you are saying about the average "Joe" who wants twitter on demand. I am not in favor of contract devices being rooted until the full contract has been satisfied but in a "free society" one has the right to be foolish as long as it does not disrupt the rights of another. I am not trying to be argumentative, I just think that when the device is paid in full that the use is at the purchaser's discretion. I mean, if I don't "own" the Android system on my device, I might as well buy a windows system that does let me wipe the system and install something else or gives me administrative privileges to access system/system32 directories. Perhaps I am just an individual rights kind of guy.
  • So by that logic, I guess you also believe that you should only be able to install Microsoft sanctioned software on your Window PC?
    "Phones of any type should not be allowed to be rooted, jail breaked. Etc. It can adversely effect the Eco system for all in my opinion"
    What? You tried to use the rooting angle to prove that Android is not secure--yet almost any phone's software can be hacked to install pirated apps, including iOS..
    There are thieves on every platform, and all you can do is try to make the process difficult enough to deter the majority. The rest will do it no matter what. Most of the people actually doing this stuff (I mean actually *doing* it--not rooting with automated toolkits, etc..) are ambitious and fairly good with tech; so if one of them really, really wants to install a cracked game--whatever platform they happen to be using--most of them will find a way to do it. It's sad that some people take without giving back, but that is just the way it is.
    Good job missing the entire point of the article though. ;-)
    That said, I can agree with certain aspects of his point. People not meant to be rooting their phone--many of them screw things up and don't realize it, so when their apps stop working properly, they leave nasty 1-star reviews for hard-working developers. They also request excess tech support, device-replacements/RMA's, etc..when they do something that they don't know how to fix. All of this does have an *extremely* negative impact on the ecosystem. So, I can agree with many aspects of that sentiment. It wears Google out, and it wears software developers out. The more headaches they waste on this stuff, the more quality gets lost in the products they put out to us. Some people should just not have a rooted phone if they can't maintain it. If you're not comfortable doing all this stuff manually--as in using a CLI--then that is how you know that "rooting" is probably not for you..
    As far as "no phone should be able to have root permissions": that is just completely misguided.
  • Agree one thousand percent with last sentence.
  • I think the REAL solution for Google and their ilk is that if they don't want us rooting our devices, then stop declaring war on power users and give us the functionality we desire that prompts us to root in the first place. You know, basically all of the stuff that the really tweakable custom roms have. They can hide it just like they do the developer options if they wish; those of us who go looking for it will find it.
    Personally, I don't like rooting, but there are things I still can't do on my phone without it, that I want to do.
  • Google has never declared war on power users, there's a reason they sell phones with easily unlockable bootloaders, and they've been doing it since the second year Android was out in the market (long before any other OEM offered the option to do so). Trivial things like battery percentage or messing with permissions (app permissions, not user permissions) have less to do with this argument than with their overall vision for an easy to use OS, though I do think a lot of then should be appropriately hard for the average user to mess with.
  • Google started its war on power users when they removed SD card support in v4.1, and have been waging it ever since. You notice how many of their apps get prettier with each new release, while removing a feature or three in the process? In the Android G+ app, it used to be possible to long press on a post and mute it without having to open it. This is no longer possible, despite many of us bitching to Google about it. So, ask yourself... why do you suppose that is? I could site many other examples ...
  • The synonym for Google is money. There credo at Google is more money at all costs
  • Except that they didn't remove SD card support at all, only changed the way apps are allowed to use it. Please don't spread FUD. Whether or not they add or remove features is their prerogative, if you don't like what they do, use some other software to do what you want, or write your own. They make choices, you make choices. They will never make everyone happy.
  • No one expects Google to make everyone happy. But they decided to mess with how can use your SD card. Not EXPECTING people to say these legitimate issues is quite inane. They made the experience LESS enjoyable to many. Their prerogative for these types of responses to occur...yes, however Google can make themselves happy at the above reaction.
  • Right, they decided to make SD card usage much safer for end users, we should definitely fault them for that. /sarcasm Again, the only 'issue' at all with SD card usage is lazy developers not updating their apps to use it properly, that is not Google's fault. To beat the dead horse, any app can use the SD card in Android at any time, provided the developer of any apps that use it update their app to use the SD card properly. Its very simple. The blame lies with devs, not Google.
  • Sorry but the current state of the usage sd cards has really hurt the usefulness of sd cards and that pretty much means I need to root in order to usage my storage as I require. I use dropsync to sync my university documents but now it's been rendered unless without root. Why not allow people to go back to the original way we used to use sd cards if you want.
    If there is another way to use dropsync without root please let me know Posted via Android Central App
  • Because the 'original' way of letting any app have access to any file on the SD card is certainly not a good way to do things. Contact the apps developer and encourage them to developer their app to follow the current guidelines for SD card usage.
  • Well put, sir. Well put.
  • At the end of the day, if one has a decent Antivirus utility like Lookout and runs it against every new app installed, they should be okay right? I only like Gove root access to apps installed from the Playstore anyway. Posted via Android Central App
  • Unfortunately for you, the decision to root/jailbreak is left to the individual, as it should be. Those who decide to root their phone take all responsibility that it comes with since it was their decision. Posted via Android Central App
  • Wait, did you seriously say me rooting my phone somehow affects you? Posted via Android Central App
  • My phone being less secure won't usually affect yours in the least, and it's better for them to offer an officially sanctioned path to root access (unlockable bootloader) than to fight the process tooth ands nail... Apple doesn't offer any aid whosoever in jailbreaking iOS, they actually fight it aggressively with each update, yet users still find a way which DOES create more vulnerabilities in the long run than the option of an unlockable bootloader (behind the appropriate warnings etc). If you don't understand this distinction then your whole argument crumbles, and if you do then you're just making a gross generalization.
  • With that attitude just go buy an iPhone. I want to do whatever the hell I want with things I pay for. And there is no reason why anyone should hinder me so long as it doesn't harm anyone. The worst I'll do is break my phone. If a rooted phone can compromise the security of unrooted phones, then that is a security problem with the unrooted phones which needs to be fixed, preventing people from rooting won't fix it. Posted via Android Central App
  • 'Should not be allowed'? Don't make me laugh.
  • I think the Votaire (and Spidey's Uncle Ben) said it best. "With great power comes great responsibility". If you root your phone you are saying I know what I am doing, I am purposely enabling the capability for applications to access anywhere in the files system. I take full responsibility for f&^^-ing my phone, or letting bad guys into my accounts. You need to make a consensus and well throughout decision to root. If you are feel the benefits outweigh the risks, and won't come whining if something goes wrong and you brick your phone, go for it. But please remember the "won't come whining" part.
  • AI?!.. If anything this proves how secure Android is. I think you might have missed the point of the article. The irony is you call it an "informative article" (and no offence to Jerry because it really is) and misunderstanding its content..
  • I agree to almost all of the content of his article and in the context he was addressing to us all.
  • I don't think you understood the article.
    Getting root access is far from trivial, he didn't tell you how do that.
    But one you have it you have ultimate control. It's like getting the master key to a hotel.. every door can be unlocked and the room's contents inspected and changed.
  • Excellent article!
    From an intermediate experienced user this explains a lot of advanced questions that I've been to embarrassed to ask!
    Love Android Central!
  • Rooting was only good for one thing, CM and Titanium Backup. Now having a G3, I don't want to muck it up. But I'm sure that'll change. Posted via Android Central App
  • Rooting is for now the only way to almost completely block annoying ads, be it in the browser or in apps, as well as to have complete control over the permissions on apps
  • I agree, you do need to be rooted to block ads in apps, better yet, get the paid/donate versions and for the most part ads will be gone. Almost all of my apps do not have ads with one of the few exceptions being GasBuddy which either a hosts file or Xposed module will fix. As far as ads in the browser, Dolphin has an adblock addon available in the Labs section that works very well, no root required.
  • Let's not forget to include free tethering...been doing it for YEARS:)
  • This! Blocking ads is almost the only reason i root these days.
  • Rooting is also good for Wifi-USB Tethering when certain carriers block the built in option and put you behind a pay wall. Ex:
    Verizon has tethering enabled because they don't offer unlimited plans. Tethering helps Verizon customers burn through their data allotments so Verizon can charge them more money for data.
    Sprint has tethering blocked because they offer unlimited data and they want you to pay more money to use that data on devices that you didn't buy from them. Posted via the LG G2 Android Central App
  • I got my G3 two days ago but couldn't stand how much bloatware came on it. Or any carrier phone for that matter. Posted via Android Central App
  • That's your opinion. Others may disagree, some may root for other reasons like tethering/hotspot, whether that's stealing from the carrier or not is another story but the fact that most newer plans include it free of charge speaks volumes IMO. I've got a Nexus device right now so I don't need root for hotspot functionality, and I've lost interest in custom ROMs, yet I still find root access invaluable as a power user. I also don't recommend it the least bit to any of my non techie friends.
  • One word xposed
  • Great article Jerry
  • Another great article thanks Posted via Android Central App
  • I use to root every phone I bought on the first day of ownership, until I bought the Galaxy Nexus (GSM) and, my current phone, the Nexus 4. I would root them but I can't find a reason to. They run well out of the box. For this reason, I only buy Nexus phones now.
  • I was under the impression that Nexus devices already had root access. Posted via Android Central App
  • Still have to unlock the bootloader and root. Doesn't come pre rooted, just comes stock vanilia android. Posted via Android Central App
  • No. Nexus devices allow you to unlock the bootloader without exploiting a security hole, and it's very easy to root them once that has been done, but they don't allow root access out if the box, and root access isn't officially supported at all. In fact, root access methods (like Koush's Super User or Chain fire's SuperSU) usually broken after even minor OS upgrades. Even on Nexus devices. Posted via Android Central App
  • It's shocking how many people misunderstand this, specially after reading the article, though the subtlety of what an unlocked or unlockable bootloader implies is easy to gloss over when you haven't studied this stuff. The article made perfect sense to me but I already have experience with Linux and rooting Android and unlocking devices, the overall message was very well stated but it could've gone into a bit more detail about the bootloaders and the role it plays etc.
  • There are so many people on this board that say when you've just bought your brand new flagship and have some issues with it. The answer from most people is root your phone and install "XXXX" ROM and everything will be great. I have been messing around with personal electronics for over 30 years and certainly have the credentials to root and rom my phone and HAVE NO INTEREST in doing so. I Just want my personal electronics (phone, tablet, notebook, ultrabook, PC) to work. I can, when necessary, fix things if they go bad. I prefer to stick to solutions (like Apex launcher and Classic Shell) that don't root my phone or require registry editing on my PC or laptop. Jerry, Thanks for another great article to inform everyone about the risks of root and superuser.
  • Trivor - great comments. I am in a very similar situation, I too have many years experience, I started with an Altar 1 back in 1975 and have been hooked ever since. I work in in one of the largest non government data centers in North America and have access to virtually every type of computing resource ever made. I have a Note 3 and a Note 10.1 that are my daily drivers, both are stock and I am not interested in rooting. Both have custom launchers to allow me to make them look like I wish. All apps on them that have a paid version available have the paid version installed (I firmly believe we need to pay for soft