un-rooted Rom - a rooting best practice?

Discussion in 'Android Hacks and Help' started by christim, Feb 19, 2010.

  1. christim

    christim Super Moderator
    Rescue Squad

    Joined:
    Jan 23, 2010
    Messages:
    5,100
    Likes Received:
    2
    Trophy Points:
    153
    Location:
    New England
    Ratings:
    +2
    Still here, still not rooted. I've followed numerous threads, know about a few methods to root and most likely will follow this guide http://www.droidforums.net/forum/ha...ng-only-sprecovery-terminal-emulator-zip.html . I understand the steps, not just what to do but what it does so don't anticipate any problems. It will be fun to match that expectation up with reality.

    Here's a question/concept I'd like to share and get feedback on.

    The right thing to do with your home PC is not log on as admin. I suspect that practice is not widely followed due to the inconvenience even though we might only spend 30 minutes a week installing something. Although in reality most of us are in "user" mode far more than in "admin" mode.

    This is true in the unix/linux/corporate world as well. The majority of users are never logged on with full admin rights. It prevents the operator from making a mistake.

    These practices also mean that if something nasty comes along and a superuser is not logged on then the nasty can't go installing stuff because nobody is logged on with the rights to install software. In a nutshell...if root/admin is not logged on it prevents the unwanted from occurring.

    Iphones have been infected a couple of times Jailbroken iPhones infected, again - Apple 2.0 - Fortune Brainstorm Tech
    Un-rooted phones were fine.

    Question 1: With the above in mind, would it make sense to do the following 4 steps?
    1 - root
    2 - backup
    3 - modify (make changes that only can be done by root and/or swap roms)
    3 - un-root

    With the phone in hand you could re-root and make further modifications and then un-root again. Outside forces couldn't easily root your phone and have executable permissions.

    Question 2: Has anyone un-rooted a ROM without going all the way back to stock? (given the current directions out there...can we do that?)

    Question 3: If you could un-root and re-root at will, would you take advantage of doing so?

    I think our phones are at higher risk of "catching" something or being taken advantage of if always left in a rooted state. Maybe not today, maybe not tomorrow, but why leave full access available to something that accesses it?

    I mean really...do you want to end up with a keystroke logger on your Droid?

    q1: yes
    q2: dunno
    q3: yes

    I also think the risk is small right now because the target audience is too small so the lack of being able to un-root from a rom would not prevent me from rooting at this point in time. Like everything else concerning rooting you need to make your own decision and yours may differ from mine.

    Chris
     
  2. capnb0b

    capnb0b New Member

    Joined:
    Jan 13, 2010
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Ratings:
    +0
    With the current version of the superuser app (the one with the ninja icon in the app list) a dialog box pops up whenever an app tries to run as root. You can allow or deny root access at that point. You can also click the "always" box to remember your choice, and this can be revoked later if you change your mind. Because of this I didn't see the need to remove the app once it was installed.

    I suppose if you wanted to kill the root app at will you could save a copy of the original su program before you install the superuser app, then copy the original su back over the altered one. I haven't really thought about it much before since the main reason I wanted root access was so I could run things as root.
     
  3. christim

    christim Super Moderator
    Rescue Squad

    Joined:
    Jan 23, 2010
    Messages:
    5,100
    Likes Received:
    2
    Trophy Points:
    153
    Location:
    New England
    Ratings:
    +2
    Therein lies the danger. You want to (need to) install certain things as root but you don't really want (need to) run them as root. Root can let you install things a normal user can execute. Root controls what those things are. If everything is run as root and the system is compromised and root access is the default access granted to outsiders.

    If someone wants to install something that root is needed for then root comes out to play. Change the CPU speed, make some changes to customize some files but then put root away. Don't leave the key in the door for someone else to alter those settings....for they won't always have your best interests at heart.

    Unchecking the "always" box is a good tip, thanks.