Chainfire foresees rooting problems in upcoming Android 4.4.3

May 19, 2014
10

The creator of the popular SuperSU and CF-Auto-Root tools has been quite vocal about his concerns regarding changes in the Android Open Source Project that affect rooting on Android. Now that Android 4.4.3, or 4.5, could just be around the corner, Chainfire is raising some potential issues that could change or even break the way devs and users approach root access on Android.

Ironically, all of the issues originate from Android's adoption of SELinux, a framework that exists in order to to enhance security on Linux systems, which Android is ultimately based on. However, for the sake of making the platform more secure and robust even for Regular Joe, Android implements some very restrictive SELinux policies that would inevitably block how apps gain root access on Android. Chainfire has already warned about these things as early as January this year, but since then things haven't exactly changed for the better.

Examining the AOSP source code changes, Chainfire noticed many changes, not all of them good. SELinux has been strengthened even further and the old ways of executing processes as privileged (root) users no longer work, nor does the old way of communicating with other processes. For the programmers in the crowd, Chainfire has updated his root guide to include the new methods that can be exploited. However, a new obstacle to worry-free rooting has entered the scene, this one less escapable than SELinux. This new character on stage is ART, the new Android Runtime. Thanks to a lethal combination of SELinux changes and ART's own youth, in terms of being a Dalvik replacement, apps running on ART that try to call code they aren't normally allowed to can cause the whole Android system to crash and reboot. And not only that, it will cause ART to once again re-optimize all Java packages, which could take some length of time.

There is some light at the end of the tunnel, however faint it may be. Chainfire has updated, but not formally released, a new version of SuperSU that already works on the latest AOSP builds. There is also the fact that AOSP doesn't necessarily equate to Android 4.4.3 and there is a possibility that there will be changes in the final Android release, though the chances of that are pretty slim. Finally, getting around the potential ART crash is possible. Developers would have to immediately test their root-using apps against ART and adjust accordingly, while end users who use root apps should temporarily switch to using Dalvik once Android 4.4.3 rolls out, at least until the root apps they use have been updated.

SOURCE: +Chainfire


Recent Stories
  • Aamir Ahmad

    This is sad. :/

    • melhiore

      Yes and no… Bear in mind that average Joe does not root his device so root issues are not going to affect majority of users and that is the audience of Google Android OS…

      • Evan Cm

        Also it doesn’t seem like Google is deliberately trying to kill root. They’re trying to fix other security flaws in the system. Plus the way Chainfire is reporting on it sounds like the crisis will be temporary; devs will have to do a lot of redesigning to make their root apps compatible with the changes, but it doesn’t sound like such changes will be impossible to make.

        Worst case scenario seems to be we loose root for a few weeks to a month with the new release before everyone re-designs their apps. And even then this will only affect folks who update to the new version.

  • Damian Gto

    There is always a way and like before someone want the publicity to be a kind of savior. He need to steal some more code from people that know what they do, as he often have done before… :-P

  • blindexecutioner

    So, wait for Super SU to be updated before updating to 4.4.3 and do not use ART. Done and Done.

  • HunsonAbadeer

    I think this is the best could happen to Android. Let me explain, most people don’t even care about rooting, they wont even change the launcher most of the time. Giving Android the security power of a true *nix system is the best that could happen specially againts stolen phones black-market.

    You see i live in Mexico and you can get your pretty Android smartphone stolen and sold to a random guy for half price on street. No laws against selling stolen stuff here and people couldn’t care less about it as they keep buying them.

    Now with improved security on Android you can just make the phone useless or pointless to steal as you cant sell it, its blocked perhaps by code and you won’t be able to revive it using some root magic.

    That “freedom” its a price I’m whilling to pay.

    • Andrew Carney

      Are you serious? Thousands of people care about root, I don’t know what world you live in. You’re passwords aren’t hacked with “root magic” there’s no way to get them through root unless your already logged into the phone. So 99 percent of the time when they steal your phone they’ll just reset it, you don’t need a password OR root to do that.

      • HunsonAbadeer

        Maybe I wasn’t clear enough, I don’t care much about the info on my phone, well I do but as you said blackmarket just resets the phone to factory and they sell it.

        But that’s the problem, as long as there are rooting tools and bootloaders lack a definite way to block them stolen phones blackmarket will keep living. Perhaps the main issue then is the bootloader and not only the root.

        BTW: Its rather easy to bypass lockscreen password using adb console and its better if you have root on the phone, so yes Android needs to fix those security issues and be more like a *nix OS.

      • Andrew Carney

        Having the ability to reset the phone through a bootloader has nothing to do with root, you can do that on any platform on any machine, with or without root access. You can do that on anything that has a bootloader or BIOS menu. Yes you can bypass phones with adb, but you can’t access adb unless the computer is recognized by the phone first, atleast on newer phones, and to do that you must have the device unlocked.

  • shonowens

    More security is all great & dandy. However, I don’t care about the “average Joe” because that isn’t me! I won’t be updating because of root access (if it gets blocked in future versions). I’ve tried living without root on my Verizon S5. It’s not worth the upgrade for me. Hopefully, they don’t give the LG G3 the S5 treatment so we can just stick with that.