Related
Just curious who saw these posts on Google+ the other day. Lets discuss.
Steve Kondik - 22 hours ago
The Death of Root
Android 4.3 introduces some new and much needed security features which not only restrict setuid binaries on the system partition (su), but also limit the capabilities of processes. In the current architecture, even if you could get elevated privileges, you can't do anything out of the ordinary. Root in the shell via ADB is all I use, and it still works just fine.
This isn't a problem for me, since I use CM. When there is a situation that I'd need root, I just modify the system to accomodate what I'm trying to accomplish in a secure way. I can understand the desire to have full root on stock ROMs, since you're severely limited in what you can do and there is no provision for making any sort of real changes or improving the architecture.
+Koushik Dutta and +Chainfire are working hard to permit root in some way on 4.3, but I feel that anything done at this point might severely compromise the security of the system and we should start considering better options. Going forward, I'm interested in building framework extensions and APIs into CM to continue to abolish the root requirement.
A few good use cases for root are:
* Firewalls and network software, potentially requiring raw sockets.
* Managing the DNS resolver
* Tweaking various sysfs nodes to control the kernel
All of these can be done without exposing root, and they can be done in a very secure way.
If you're using CM or another custom ROM, what do you actually use root for?
Brought to you by Sprint and the letters GS and the number 4
Steve Kondik - 21 hours ago
An example to go with my previous post on root..
Let's say that I wanted to write an application that would let me block or rate limit network access for other applications. Seems easy, just run "iptables" as root and add some firewall rules. Calling "su iptables ...." and managing the list is easy. The harder, but much better way would be to extend the framework. This also has the side effect of opening this up for other developers to use.
To do this, you need two things:
1. A way to add the rules (which requires root)
2. An API to add the rules
3. Access control to this API
All Android systems run a daemon, "netd", which runs as root and manages various aspects of the network such as tethering and traffic shaping. The framework has a service, appropriately named "NetworkManagementService" which communicates with netd using a simple protocol over a socket. Applications with the right permissions can get a handle to this service using Binder, and control the network without actually needing root.
So to build a firewall API, it's really easy. You put the pieces that require elevated privileges into netd, then add a few methods to the NMS such as "addRule", "deleteRule", and "listRules". You can create and enforce a new permission, "android.permission.MODIFY_FIREWALL_STATE" that applications would require. You can even pop up a "scary" dialog similar to the newish VPNService when something needs it.
Then of course you upload your patches to the CM Gerrit, we iterate a bit, and ship it. If it turns out to be insanely useful, maybe it will go to Android proper.
Now you can write your app and a whole new class of applications that you couldn't do without using the root sledgehammer before. Yeah, it's harder, and you need to learn the system architecture a bit, but the result is much better and more importantly it's not a gaping security hole.
Of course it's possible to write malware that mirrors all of your packets to a remote site without your knowledge using this API, but Android's VPNService is actually more suited to this and it's already part of the framework
I might be exploiting this as an opportunity to sell the ideas behind CM, but I think it's a powerful concept. If your app needs to do something that normally can't be done, you can easily bend the system to your will and do it right.
If it not more root on 4,3 we keep what we got and add
Sent from my SPH-L720 using xda premium
http://forum.xda-developers.com/showthread.php?t=2376881
I have a nexus 7 and the 4.3 update has already been rooted
Sent from my SPH-L720 using Tapatalk 4 Beta
Did you guys read the article or just the title.
Brought to you by Sprint and the letters GS and the number 4
Why? Are the two not related? Or is the title misleading?
Sent from my SCH-I535 using Tapatalk 2
Probably because the title says AFTER 4.3
I'm no dev, but I have very little attachment to root. I am required to have it if I want to be able to flash ROM's or custom recoveries or mods or what-have-you, but if all of those things could be accomplished without root, I would do it. The reason its so exploited in the dev community is that there is no other framework to do the things they want to do.
If however they were to work with major devs (like Kondik mentions CM) on expanding frameworks to make ROM's and whatnot take without needing root, I would have no problem with it. Hell, I'd welcome losing the step on every new phone of having to master a new rooting technique. It would also make me contemplate trying an HTC phone, as rooting the EVO 3D put an inordinately bad taste in my mouth.
mattkane21 said:
would also make me contemplate trying an HTC phone, as rooting the EVO 3D put an inordinately bad taste in my mouth.
Click to expand...
Click to collapse
+1. That phone was such an unbelievable pain in the a$$. The whole process took forever, with the HTC dev unlock and ridiculous "wire trick" to achieve s-off in order to flash custom kernels. Then, once that crap was all done, always having to think about what hboot you're using with what rom. Especially for someone like me who's constantly switching between stock and AOSP, having to flash another hboot all the time is such a freaking hassle. The ironic part is that there are tons of great roms for that phone.
Sent from my SPH-L720 using xda premium
So jn essence what this is saying is after 4.3 there will be no need for root yet we will still have all the benefits of root?
Am I reading this correctly?
shawn1224 said:
So jn essence what this is saying is after 4.3 there will be no need for root yet we will still have all the benefits of root?
Am I reading this correctly?
Click to expand...
Click to collapse
Yes in a way. It is kind of looking at a different integration of what is possible without needing root, or why would we really need root when running something like CM. And with the new security features rooting might make your device unsecured.
Brought to you by Sprint and the letters GS and the number 4
Ok cool but would this also pertain to standalone mods/extension or are you talkin code baked into CM only
Sent from my iPhone using Tapatalk 2
shawn1224 said:
Ok cool but would this also pertain to standalone mods/extension or are you talkin code baked into CM only
Sent from my iPhone using Tapatalk 2
Click to expand...
Click to collapse
Well, it would work for pretty much any ROM,or could. He is the founder of CM so he talks about it. Many ROMs use CM as a base and build off it though, almost all AOSP ROMs do.
Brought to you by Sprint and the letters GS and the number 4
It does seem that the Asus MeMo Pad 7 ME572C does not have an unlocked bootloader yet, so its obvious that right now it probably won't work (from what I've read so far).
But you think later on this device could run regular operating systems like Fedora, Ubuntu, Gentoo, etc?
Apparently it's considered an x86_64 architecture, so I would think it would support nearly everything as long as the bootloader supported it.
Just curious on what other people's inputs are.
I'm wondering with the launch of Windows 10, Asus may unlock the bootloader and give us the option to install Windows 10? Xiaomi is doing it, why not Asusu?
http://www.neowin.net/news/microsof...devices-to-windows-10-phones-with-special-rom
This hardware would make a great general purpose tablet if it had an unlocked bootloader and the proper bsp/drivers available for different os's to use. Unfortunately it does not appear as if companies want to take on the burden of supporting that sort of device...
I wish they would at least offer unsupported ways... I have found this tablet to be kind of useless since there is no way to actually customize it even with a custom ROM
Here are some files I found if there is a specific directory you need to see I'll try to get access to it all you need to do is post the dir here
https://drive.google.com/file/d/0B-k10MX8t9TXN0lsSGpteFRBQnc/view?usp=docslist_api
Best of luck! We T-Mobile S7 owners are crossing our fingers.
Adaway will make this phone perfect.
I've rooted every phone I've had, there's always been a reason I needed it. I got to say though, I can't find an everyday reason to really need it on my edge.
Kris
FatKris said:
I've rooted every phone I've had, there's always been a reason I needed it. I got to say though, I can't find an everyday reason to really need it on my edge.
Kris
Click to expand...
Click to collapse
So you don't want freedom so you don't want Xposed via flashfire so you don't want Titanium Backup those are just some things I need root for idk about you but even if I didn't need those things I would still do it just because I can.....
Ghost Dragon said:
So you don't want freedom so you don't want Xposed via flashfire so you don't want Titanium Backup those are just some things I need root for idk about you but even if I didn't need those things I would still do it just because I can.....
Click to expand...
Click to collapse
I think there's pros and cons to everything...
I love rooting, always have but this is the first time in a long time that I can't root and it's actually not so bad.
Granted I'd love to be able to installing ROMs, remove ads and bloat and have all these tweaks and tricks but it's sort of like... been there, done that.
If you root your phone now, you can NEVER use Samsung Pay... EVER on your device. Even if you restore stock firmware. That's actually a big issue now with mobile payments being a common thing.
I kind of like having my phone much more secure and safe to do important financial transactions and access important accounts (just like I do on my iPhone) without fear of lax security while using rooted/custom software.
I think moving into the future, flagship phones like Samsung's Galaxy line(s) won't risk bad press or the potential for bad press by allowing the modding community to easily gain root access and customize their software.
They have more to lose than gain by doing that, especially with their rivalry with Apple being so neck and neck now.
I think people like us on XDA who love rooting will have to purchase devices from up and coming OEMs if we still want to root, either that or Nexus devices.
HNIC215 said:
I think there's pros and cons to everything...
I love rooting, always have but this is the first time in a long time that I can't root and it's actually not so bad.
Granted I'd love to be able to installing ROMs, remove ads and bloat and have all these tweaks and tricks but it's sort of like... been there, done that.
If you root your phone now, you can NEVER use Samsung Pay... EVER on your device. Even if you restore stock firmware. That's actually a big issue now with mobile payments being a common thing.
I kind of like having my phone much more secure and safe to do important financial transactions and access important accounts (just like I do on my iPhone) without fear of lax security while using rooted/custom software.
I think moving into the future, flagship phones like Samsung's Galaxy line(s) won't risk bad press or the potential for bad press by allowing the modding community to easily gain root access and customize their software.
They have more to lose than gain by doing that, especially with their rivalry with Apple being so neck and neck now.
I think people like us on XDA who love rooting will have to purchase devices from up and coming OEMs if we still want to root, either that or Nexus devices.
Click to expand...
Click to collapse
1. So you would sacrifice freedom for convenience
2. Geohots court session with Apple made it legal to jailbreak aka root phones so why exactly would they get "bad press"
3. Android is open source so what Samsung is doing is kind of breaking the law of Android destroying the very foundation and purpose of it's creation
Ghost Dragon said:
1. So you would sacrifice freedom for convenience
Click to expand...
Click to collapse
I mean that's the thing with security in this day and age. No?
In order to have it, you must sacrifice the freedom (to an extent) to mod and install 3rd party software. While I personally love what XDA stands for, does and has to offer - I mean I love rooting and customizing my phones but I certainly can understand the other perspective in regards to security. XDA might be full of great individuals who are trying to improve the software experience for users, however, there are plenty of other 3rd parties who have ill intent.
It's the same reason why Apple is so strict with system access on iOS.
Samsung is trying to be their equal - in terms of quality, security and everything else.
In order to maintain that level of security in the midst of a global, albeit slow, roll out of Samsung Pay, they have to limit access to their system as well.
Which is why, like I said in my previous comment, if you EVER root a Samsung phone then you can NEVER use Samsung Pay on it.
To a lot of folks, especially those coming from the iPhone, Mobile Payments, Mobile Banking and security in general is a very important feature for them to have.
If not, it furthers the stereotype that Android is less secure than Apple. Which doesn't sit well with the plethora of users who don't care about rooting - we at XDA after all are really a niche group of users when looking at the grand scheme of consumers.
Ghost Dragon said:
2. Geohots court session with Apple made it legal to jailbreak aka root phones so why exactly would they get "bad press"
Click to expand...
Click to collapse
They would get "bad press" if something were to compromise the security of their devices - anywhere in the world. Especially if that compromise impacted the potential safety and security of their Mobile Payment system.
Which rooting or allowing access to certain parts of the system may or may not do. Which is a big deal to them, their investors and most of their consumers (who aren't aware or concerned about rooting).
Android already has an unfair stereotype/label that it is less secure compared to iPhone.
Ghost Dragon said:
3. Android is open source so what Samsung is doing is kind of breaking the law of Android destroying the very foundation and purpose of it's creation
Click to expand...
Click to collapse
Samsung doesn't care about what people like us on XDA think. People like us, who love to root and have the freedom to do whatever it is they want to their phones or to the software on their phones. As much as I hate to say it, we are a niche group.
I would love a developer edition of the S7/S7 Edge, that enables us to do all the wonderful things that the amazing and talented developers at XDA create for us. I would also love to be able to continue to use Samsung Pay and access and carry out important financial transactions through my mobile device.
Alas, that's not the case. So we have to choose between a bootloader locked version of the S7/S7 Edge or no S7/S7 Edge at all.
I think this phone is amazing and after years of nonstop rooting and customizing ROMs I don't mind sacrificing that aspect of customization in order to have a secure phone that I can do all the same things I can do on my iPhone 6s Plus.
Do I miss it sometimes? Sure
However, it's not the end of the world for me and the S7 Edge is still the best Android phone I've ever owned or used (I've owned alot too).
It is the "iPhone" of the Android world in terms of premium look/feel and quality and I think that is exactly the correlation that Samsung wants more consumers to have and think.
I was using Samsung Pay on my S6 Edge, and I decided to root it, unlock the bootloader, and flash a new ROM on it. 2 days later, someone had all of my personal info, all the info for a credit card I had on file and was using on my phone, and ran up $6000. I got a text from the bank to verify a purchase which I didn't make, and I responded that I did not make the transaction, but someone had enough information about me to call the bank, verify all of my information along with the purchase. I'm not saying the unlocking and flashing allowed someone to access this information, but it's a fairly large coincidence. Moving forward, any device that I use for financial transactions and such will remain stock, and if I root a device and flash it, it will be a separate device that doesn't contain any confidential information.
Sent from my SAMSUNG-SM-G935A using XDA-Developers mobile app
Rolldog said:
I was using Samsung Pay on my S6 Edge, and I decided to root it, unlock the bootloader, and flash a new ROM on it. 2 days later, someone had all of my personal info, all the info for a credit card I had on file and was using on my phone, and ran up $6000. I got a text from the bank to verify a purchase which I didn't make, and I responded that I did not make the transaction, but someone had enough information about me to call the bank, verify all of my information along with the purchase. I'm not saying the unlocking and flashing allowed someone to access this information, but it's a fairly large coincidence. Moving forward, any device that I use for financial transactions and such will remain stock, and if I root a device and flash it, it will be a separate device that doesn't contain any confidential information.
Sent from my SAMSUNG-SM-G935A using XDA-Developers mobile app
Click to expand...
Click to collapse
Exactly my point...
This is what makes so many consumers out there trust Apple because, whether true or not, they feel safe with Apple.
Samsung - being Apple's equivalent in the Android world - wants that same recognition and consumer trust.
I can't blame them either.
In this day and age, it is simply the world we live in, security is paramount for businesses and consumers alike.
I been rooting all my phones and my wife's phones for about 5-6 years and can say this phone is perfect jus the way it is. Since launch I had the gs7 edge and not once have I got the urge to root this beautiful device. And I'm sure I speak for most of us here that we can't go 2 days with a new phone without gaining root, flashing roms or xpose etc. For me it's more than jus keeping security. Samsung jus made a phone worth keeping stock, finally.
Sent from my SAMSUNG-SM-G935A using XDA-Developers mobile app
I've rooted every single android phone I've owned. I was one of the first people to run CyanogenMod on my Droid when some crazy no-named guy named Koush appeared out of nowhere and said SPRecovery that we had ALL had wasn't "real" recovery and created his own recovery in order to flash the real CyanogenMod ROM. Later this recovery would be called Clockwork Mod. I remember flashing .sbf files that replaced everything on the phone just for a silly custom boot logo. I used to kang features and themes from N1 threads on here, back when that was really the only phone on XDA. I used to build ROMs and custom themes and all that craziness. I remember when changing the clock color was unbelievably complicated. Google integrated many features first pioneered by devs into their main product that these phones all run on now. Taking away our ability to do that may very well slow the development of Android. It defeats the purpose of open-source. If you wish to forgo the freedom of root for the security of KNOX, or Samsung Pay, or whatever feature that conflicts with root, you're free to do so, even if rooting is possible. And manufacturers have always warned against rooting because it takes away from the security features they worked hard to include, and none have ever been held accountable for someone rooting a device before. It wouldn't be any different now. I guess, in summary, they really have nothing to lose by allowing root. Even if I have no real reason to root, I still would like the option to do on a device that I shelled out $700+ for. Rooting never was for everybody. But because some developers were nice enough to simplify the process to the point a chimp could do it. Literally. People that probably shouldn't root, did it anyways, but then felt that they shouldn't be responsible for their own actions. But for those of us that don't need our hand held throughout the entire process of owning a device, having the freedom to treat our property as we like doesn't seem like it's asking all that much. Especially for a device that runs on open-source software...
(Good God, I rambled a lot longer than intended. Sorry about the novel)
52brandon said:
I've rooted every single android phone I've owned. I was one of the first people to run CyanogenMod on my Droid when some crazy no-named guy named Koush appeared out of nowhere and said SPRecovery that we had ALL had wasn't "real" recovery and created his own recovery in order to flash the real CyanogenMod ROM. Later this recovery would be called Clockwork Mod. I remember flashing .sbf files that replaced everything on the phone just for a silly custom boot logo. I used to kang features and themes from N1 threads on here, back when that was really the only phone on XDA. I used to build ROMs and custom themes and all that craziness. I remember when changing the clock color was unbelievably complicated. Google integrated many features first pioneered by devs into their main product that these phones all run on now. Taking away our ability to do that may very well slow the development of Android. It defeats the purpose of open-source. If you wish to forgo the freedom of root for the security of KNOX, or Samsung Pay, or whatever feature that conflicts with root, you're free to do so, even if rooting is possible. And manufacturers have always warned against rooting because it takes away from the security features they worked hard to include, and none have ever been held accountable for someone rooting a device before. It wouldn't be any different now. I guess, in summary, they really have nothing to lose by allowing root. Even if I have no real reason to root, I still would like the option to do on a device that I shelled out $700+ for. Rooting never was for everybody. But because some developers were nice enough to simplify the process to the point a chimp could do it. Literally. People that probably shouldn't root, did it anyways, but then felt that they shouldn't be responsible for their own actions. But for those of us that don't need our hand held throughout the entire process of owning a device, having the freedom to treat our property as we like doesn't seem like it's asking all that much. Especially for a device that runs on open-source software...
(Good God, I rambled a lot longer than intended. Sorry about the novel)
Click to expand...
Click to collapse
Preach on brotha!
Sent from my SAMSUNG-SM-G935A using Tapatalk
Loving this phone so far. Great battery life! Don't really care about root atm.
need to find out this for purchase
Probably not
Gunnerabsek said:
need to find out this for purchase
Click to expand...
Click to collapse
I don't think so
Because Samsung only provides 2 android updates
Note 8 already got oreo and pie update so forget it.
Maybe in future someone can possibly cook a android q custom rom compatible with our note 8.
Trex888 said:
I don't think so
Because Samsung only provides 2 android updates
Note 8 already got oreo and pie update so forget it.
Maybe in future someone can possibly cook a android q custom rom compatible with our note 8.
Click to expand...
Click to collapse
Was Treble just an 8.1 thing then? Never had one of those devices and haven't had any of the newer samsung's until recently. I imagine we can't use it because of some signature check on the system partition that doesn't allow a generic AP? Because I thought 9.0 was supposed to be even more compatible with treble, or maybe I haven't looked into it in awhile.
I imagine we are really just at the tip of the iceberg still on using Safestrap to customize Stock 9.0 to it's fullest potential. I haven't gotten that far yet as far as Using Safestrap on Stock Pie. I'm trying to up my exploit game somehow. I understand the PoC's and the high level descriptions, and thus how things could maybe be chained together, but I'm not a low enough level coder yet. My Linux game is still a little weak sauce. By the time I'm done with Rev 5 Nougat root I might understand the environment enough to implement my ideas a little bit though.
But if we can use Safestrap to install a Stock 9.0 Build that also includes Safestrap then that does mean we should have quite a bit of leeway to get Q Roms backported, even if they aren't rooted. Didn't we do this for the Galaxy S5? I'm just saying, the security bulletins posted in the last 8-9 months do seem to show a path towards root through something like a User Controlled C&C Platform. It wouldn't be a stereotypical full root everyone thinks of, but it would get the foot in the door like dirtycow did.
To start though, we like to use busybox for a lot of things, but our devices natively use toybox, and toolbox. Samsung hasn't used busybox for anything, so us putting it there and usurping control from toybox is an automatic red flag. The device recognizes and accepts toybox over busybox naturally. I feel like we have a better chance of getting a modified or user controlled version of toybox onto the device than we do busybox or standard supersu. I don't think Pie was planned for in the code before CF left us. Because didn't we have to change over to sbin for a lot of things in Oreo? Maybe we actually just need a new path altogether. System Root seems to have had the best success in recent generations, but what elliwigy did on the Note9 is a good concept to start with I think.
Maybe I'm just crazy a bit, but we've seen that traditional root method keep getting harder and harder to use and new methods are very few and far between anymore. I just keep putting the concepts out in hopes others can put some dots together.
Hey Everyone,
So I have a Galaxy S10 that I've had since release. With every other phone I've ever had, I've rooted/jailbroken it. I would very much like to do the same with this one. However, unlocking the bootloader (or perhaps flashing 3rd party things) reportedly trips knox, which in turn disallows Samsung Pay. Idrc about the warranty, just Samsung Pay. I know to many of y'all Samsung Pay is just bloatware, but I literally use it everywhere and on the daily (it substitutes my wallet).
So I know if I say just "can I root without disabling Samsung Pay", many will say "no; obviously it trips knox". But I have two specific questions.
First of all, I read in many guides for older devices (Note 3, S6, S9, etc) that one-click-root solutions don't trip knox, since they don't unlock your bootloader (using an exploit instead). I know that one-click-root solutions aren't the "right" way to do it (given that they use exploits) and I know many contain malware. I've been rooting for years and years, though, and for one of my phones I relied on a one-click-root solution before an official solution was available (I used KingRoot, which later on was revealed to be malware, but basically what I did is just install KingRoot and root my phone and then switch to SuperSU (which was safe at the time before it got bought out). So yeah, again, I understand the risks, but would that avoid tripping knox and therefore disabling Samsung Pay?
My second question is just an idea, not something that I've found to be true, so it's not very likely (but why not I guess). If one were to unlock the bootloader, thereby triggering knox, but then flashed a third party OS, would it be possible / are there any available that have a version of Samsung Pay that doesn't check for knox values (or uses a fake one)? I know that's a lot more complex than it seems, and I doubt that it's available, but just thought I'd ask.
Let me know with responses to these or any other ideas if you feel so inclined! Thanks so much and y'all have a great day!
(ps, sorry for the long post :/)