Android is based on the Linux kernel, so right from the start, tinkerers and power users were interested in gaining root access to make changes and graft on new features. In the early days, this was a fairly simple procedure on most devices. There were several apps and tools that could root almost any Android phone or tablet, and you’d be ready to truly master your device in mere minutes. As Android became more capable, the allure of rooting has diminished somewhat — and it’s also much harder than it used to be.
So what are the advantages and risks of rooting these days, and why are some devices resistant to rooting? Let’s see if we can’t figure it out.
The advantages of rooting
Gaining root access on Android is akin to running Windows as an administrator. You have full access to the system directory and can make changes to the way the OS operates. As part of rooting, you install usage manager (SuperSU is the main one right now). These tools are basically the gatekeeper of root access on your phone. When an app requests root, you have to approve it using the root manager.
So what can you do with root specifically? Let’s say there’s a system app that you really don’t like seeing, but it can’t be disabled through the standard method. With root you can run an app like Titanium Backup to delete or permanently hide the app. Titanium can also be used to manually back up all the data for an app or game so you can restore it to another phone. Want to remotely access and control your phone? That’s another thing you need root to do. Ad-blocking software on Android also needs root access, as it modifies the Android hosts file to block known ad servers.
Then there’s the multi-headed beast known as the Xposed Framework. Root access is needed to deploy Xposed in the system, but from that point forward Xposed doesn’t need to ask for root to do things like modify the UI and add new system-level features. It took a little time to get Xposed working on Lollipop, but the developer has finally produced some mostly stable builds.
The risks of rooting
Rooting your phone or tablet gives you complete control over the system, and that power can be misused if you’re not careful. Android is designed in such a way that it’s hard to break things with a limited user profile. A superuser, however, can really trash things by installing the wrong app or making changes to system files. The security model of Android is also compromised to a certain degree, as root apps have much more access to your system. Again, you need to be careful what you install.
Root methods are sometimes messy and dangerous in their own right. You might brick your device simply trying to root it, and you’ve probably (technically) voided your warranty doing so. Depending on the company, you might still be able to get a device repaired if you damage it attempting a root, but that’s not a guarantee.
As of Android 5.0 Lollipop, Nexus device system updates will only work on completely stock unrooted devices. This is because of a change to the way Android processes the OTA file. Updates now patch the entire system directory as a single blob, so any changes or extra files (i.e. root) will throw off the verification and the update will abort.
On other phones and tablets, virtually every OTA update you get will wipe out root and block the method from working again. If having root access is really important to you, you might be left waiting on older buggy software while you beg for a new root method or a modded OS update.
Why is rooting so much harder than it used to be?
If you’ve been using Android for a while, you’ve probably noticed gaining root access on most devices is much harder than it once was. There were exploits years back that could root almost any Android device in a few minutes, but that’s much less common now. The last essentially universal exploit was Towelroot in mid-2014, but Google patched that rather quickly.
The reason these exploits are patched so quickly now is that having active exploits on your system is actually a bad thing for most users. These are security holes that can be utilized by malware to take over a device remotely and steal data. Google and the device makers are being responsible when they shut down root methods after they are disclosed.
Android is more secure, and it takes more work to break that security in a way that can grant root access. As a result of this cat-and-mouse game, root exploits are often pretty involved. You might have to push files to your device over USB, enter terminal commands, and flash modified files.
The effort needed to find, test, and develop exploits of this nature is a big part of the reason some popular devices (like the Galaxy S6, for example) don’t even have root right now. That’s not to say there aren’t exploits in these devices, but they’re far too valuable to be given away freely to the community. If you peruse XDA, you might come across one of the many root bounty threads where users pledge thousands of dollars to anyone who can offer a working root method for a phone. This works sometimes, but it’s notoriously hard to collect on these bounties and a few thousand dollars isn’t actually terribly much for a solid exploit.
Anyone who does security testing and research on Android will tell you there’s real demand for non-public exploits among security and forensics firms. A modder could make several times the theoretical value of a root bounty on XDA by selling an exploit to one of these companies. A universal exploit like we had back in the day could be worth tens of thousands easily. Most people just won’t give that away for a pittance.
So should you do it?
If you’re primarily interested in Android because you want to tinker, you should figure that in when you choose a phone. Don’t get something hoping that root method will be released, because you might be waiting a long time for a messy exploit that gets patched right away. There are some devices that are relatively friendly to rooting like Nexus phones and tablets. They have unlockable bootloaders and can be rooted with almost no legwork. They also have system images that can be used to restore the device in case something goes wrong. The usual warning about using care installing apps still applies, though.
If you’re not familiar with Android’s tools and how to fix issues with a command line, you might want to give this some thought. Root can be a lot of fun to play around with, but it can also lead to plenty of frustration as you try to fix errors caused by overzealous modding.