hello,
sorry if this isn't the right place to ask this question, and please redirect me, this is a fairly huge site.
I know this question has been asked many times, but I didn't see a clear answer to it from security experts, or it is from several years ago and things might have changed.
My question is double:
first of all, nowadays, how does the process of rooting an android phone work (please detail if there are various alternatives) ? Does it rely on a security hole, or is it a kind of attack (such as physical access to the device) that is not part of the security perimeter of android ? In the first case, why is it that it's not fixed, as there are open bounties for the android system ? Note that I'm just talking about the android system itself (such as a Nexus Phone), with the latest patches.
Second related question: What would be the security risk of rooting an android phone ? If I am not mistaken, these could be grouped in at least two issues: the rooting process itself, and the aftermath.
a. Regarding the rooting process, is there any open source procedure (or at least closely reviewed) to root a nexus phone that could guarantee that there's no malware installed in the process ? (see also first question)
b. From what I understand, having a rooted android is no different than having a linux OS with a root account. Are there any (free, open source?) apps that can monitor (what commands have been launched, etc) and prevent apps from getting access to the root account without my agreement ? (so that it is linux OS where any account that requires root privileges must go through 'sudo' and ask the user to enter their password).
sorry if this isn't the right place to ask this question, and please redirect me, this is a fairly huge site.
I know this question has been asked many times, but I didn't see a clear answer to it from security experts, or it is from several years ago and things might have changed.
My question is double:
first of all, nowadays, how does the process of rooting an android phone work (please detail if there are various alternatives) ? Does it rely on a security hole, or is it a kind of attack (such as physical access to the device) that is not part of the security perimeter of android ? In the first case, why is it that it's not fixed, as there are open bounties for the android system ? Note that I'm just talking about the android system itself (such as a Nexus Phone), with the latest patches.
Second related question: What would be the security risk of rooting an android phone ? If I am not mistaken, these could be grouped in at least two issues: the rooting process itself, and the aftermath.
a. Regarding the rooting process, is there any open source procedure (or at least closely reviewed) to root a nexus phone that could guarantee that there's no malware installed in the process ? (see also first question)
b. From what I understand, having a rooted android is no different than having a linux OS with a root account. Are there any (free, open source?) apps that can monitor (what commands have been launched, etc) and prevent apps from getting access to the root account without my agreement ? (so that it is linux OS where any account that requires root privileges must go through 'sudo' and ask the user to enter their password).
Download from this link
No comments:
Post a Comment