Page 2 of 2 FirstFirst 1 2
Results 16 to 29 of 29

Thread: Android: root and normal user accounts?

  1. #16
    Join Date
    Feb 2006
    Posts
    1,965
    Device(s)
    Samsung Galaxy Nexus
    Carrier(s)
    Rogers
    Feedback Score
    0
    vBActivity - Stats
    vBActivity - Bars
    Quote Originally Posted by Steveanderson13 View Post
    I believe it was 25 apps with 50,000 downloads; I think it was in China and the information gained was the IMIE or whatever (no personal data); not to minimize it but I agree somewhat with urbanbounca that the risk is minimal right now; nevertheless, the risk will grow and it would make no sense to not practice safe computing habitually.
    It was originally 25, but moved up to 50

    Quote Originally Posted by Zmk76 View Post
    Your right if I was you I would skip android all together.

    Sent from my iPhone 3GS using HowardForums app
    I have no idea what you're talking about. Personally I don't care all that much about the security of my phone or the personal information on it. I'm merely trying to explain what the OP may be concerned with. The original question was not about how easy or difficult it is root, but what level of access root has on the phone.

    Quote Originally Posted by RogerPodacter View Post
    I really hate that that happened cause It's not quite like the way it seems. You have to grant access to any app yourself, no other way. Those apps that got thru were hacks of other known apps. I promise you have nothing to worry about.
    I'm not worried, just trying to get at what I assume is the actual question the OP is asking.

    Always running as SU is a bad idea generally. One might begin to wonder if people will be able to write programs that will pass the superuse permission that pops up on your phone.

    If you're running another profile besides root you protect your phones file system.
    When you are on a Unix system, if you do not need to run as root for the task you are performing, don't. If you follow that rule, you help yourself a lot. What it means is that even if your account on the system is compromised, giving an intruder access to the system, the damage they can do is limited unless they can escalate priviledges. They can trash your account, but not the accounts of others, or the system files.
    http://egoburp.blogspot.com/2004/11/...-dont-run.html


    There are already mobile examples of something like this happening.

    http://nakedsecurity.sophos.com/2009...-astley-photo/

    If you jailbroke your iphone, did not change the default root password and had a SSL app installed and connected to an open network you may have received the ikee worm. If somebody is always running their phone in root this can become an issue. It's an unnecessary risk.

    I assume that is what the OP is trying to figure out. Is the phone always in root or do you log into root to grant these programs the correct permissions.

  2. #17
    Join Date
    Dec 2010
    Posts
    802
    Carrier(s)
    Straight Talk
    Feedback Score
    0
    vBActivity - Stats
    vBActivity - Bars
    Hey I was being sarcastic, it seems as though the OP either doesn't like or is not willing to accept our answers. So I though we (android users) may be all better off if he didn't use one. I love android and feel perfectly safe using it.

    Sent via the HowardForums Android app

  3. #18
    deathtrip Guest
    Let me just state that just because you have rooted your phone does not mean that everything on the phone is done under superuser access.

    Applications that require superuser access, or "root user" access will execute the "su" or equivalent to "sudo" command on the phone for that application.

    You can have the superuser application ask for permission each time something needs superuser or "root user" access/permissions, you can also grant applications the right to have superuser or "root user" access anytime the application you wish to use has been executed.

    Your phone's user account has standard usability as a standard user, just like you would on a Linux desktop, and running a device as a root user full time is not only a security risk, but it would be just bad conduct.

  4. #19
    Join Date
    Feb 2003
    Location
    Denver, Colorado
    Posts
    2,193
    Device(s)
    HTC ThunderBolt 4G/LTE
    Carrier(s)
    Verizon Wireless
    Feedback Score
    0
    vBActivity - Stats
    vBActivity - Bars
    Quote Originally Posted by deathtrip View Post
    Let me just state that just because you have rooted your phone does not mean that everything on the phone is done under superuser access.

    Applications that require superuser access, or "root user" access will execute the "su" or equivalent to "sudo" command on the phone for that application.

    You can have the superuser application ask for permission each time something needs superuser or "root user" access/permissions, you can also grant applications the right to have superuser or "root user" access anytime the application you wish to use has been executed.

    Your phone's user account has standard usability as a standard user, just like you would on a Linux desktop, and running a device as a root user full time is not only a security risk, but it would be just bad conduct.
    Thank you for that detailed explanation! As a soon-to-be new Android user that understands Unix (not Linux specifically) that really helps!

    -Frank
    [HTC Thunderbolt™ 4G/LTE!]
    It's not your dream phone. It's the one after that!©
    Look here for a [VZW Coverage Map] to check your area. Select 4G before hitting [Refresh Map]

  5. #20
    Join Date
    Apr 2008
    Posts
    3,941
    Carrier(s)
    Straight Talk Wireless
    Feedback Score
    0
    vBActivity - Stats
    vBActivity - Bars
    Quote Originally Posted by evilbaby View Post
    Always running as SU is a bad idea generally. One might begin to wonder if people will be able to write programs that will pass the superuse permission that pops up on your phone.
    Where are you getting this nonsense? I've had my D2 since August, 2010, and been cruising a few forums since. I have yet to see anyone regret running SU. There is no choice, either way. You can either root and run SU all the time, or not root at all and not run SU. I'll take my chances.

  6. #21
    Join Date
    May 2003
    Location
    Los Angeles area & PA/NJ, USA
    Posts
    17,403
    Device(s)
    Nexus One
    Carrier(s)
    AT&T
    Feedback Score
    0
    vBActivity - Stats
    vBActivity - Bars
    The point is, when you root and have super user access, there is nothing that can access as admin without your explicit consent. The super user app must ask your permission each time something needs that access, no way around that.
    Current Device: Nexus One
    Phone History: |N97 Mini| |5800| |E71-2| |N95-4| |N95-3| |N75| |6131| |6230| |SE T616|


    | My HoFo Feedback |

  7. #22
    Join Date
    Feb 2006
    Posts
    1,965
    Device(s)
    Samsung Galaxy Nexus
    Carrier(s)
    Rogers
    Feedback Score
    0
    vBActivity - Stats
    vBActivity - Bars
    Quote Originally Posted by UrbanBounca View Post
    Where are you getting this nonsense? I've had my D2 since August, 2010, and been cruising a few forums since. I have yet to see anyone regret running SU. There is no choice, either way. You can either root and run SU all the time, or not root at all and not run SU. I'll take my chances.
    Actually its not nonsense. Always running SU is a horrible practice and that is well documented. Thankfully has deathtrip explained just because the phone is rooted does not mean it is always running in SU. If you look at my earlier posts I explained that I wasn't entirely sure how Android ran under root and told the OP to goto XDA forums where they could give answer with certainty.

    So before you go labeling things nonsense you should research the topic you're talking about.

  8. #23
    Join Date
    Nov 2009
    Posts
    18
    Device(s)
    Sony Ericsson K790a
    Carrier(s)
    Rogers Wireless
    Feedback Score
    0
    vBActivity - Stats
    vBActivity - Bars
    ...I assume that is what the OP is trying to figure out. Is the phone always in root or do you log into root to grant these programs the correct permissions.
    That is exactly my concern. Thank you for taking the time to respond


    Let me just state that just because you have rooted your phone does not mean that everything on the phone is done under superuser access.

    Applications that require superuser access, or "root user" access will execute the "su" or equivalent to "sudo" command on the phone for that application.

    You can have the superuser application ask for permission each time something needs superuser or "root user" access/permissions, you can also grant applications the right to have superuser or "root user" access anytime the application you wish to use has been executed.

    Your phone's user account has standard usability as a standard user, just like you would on a Linux desktop, and running a device as a root user full time is not only a security risk, but it would be just bad conduct.
    Thanks for the reply! I just want to take reasonable steps to protect my information, and the money I've invested (in a phone). I depend on my current cellphone for a lot of different things because I travel for work, so I want to make sure I understand the pros and cons.

    Thanks to all for the replies.

  9. #24
    Join Date
    Apr 2008
    Posts
    3,941
    Carrier(s)
    Straight Talk Wireless
    Feedback Score
    0
    vBActivity - Stats
    vBActivity - Bars
    Quote Originally Posted by evilbaby View Post
    Actually its not nonsense. Always running SU is a horrible practice and that is well documented. Thankfully has deathtrip explained just because the phone is rooted does not mean it is always running in SU. If you look at my earlier posts I explained that I wasn't entirely sure how Android ran under root and told the OP to goto XDA forums where they could give answer with certainty.

    So before you go labeling things nonsense you should research the topic you're talking about.
    I am labeling it as nonsense, because that's all it is. Once SU is installed, it's always running. I have experience with it, believe me. I've installed numerous ROM's, which require root and CWM. I deal with SU every single day, and I have yet to see any "documentation showing it's bad practice." I would love to see where you're going to pull this documentation, because I want to see it. As I've said, you root and install SU, and take your chances, or don't root at all and you won't have to worry about it.

  10. #25
    Join Date
    Feb 2006
    Posts
    1,965
    Device(s)
    Samsung Galaxy Nexus
    Carrier(s)
    Rogers
    Feedback Score
    0
    vBActivity - Stats
    vBActivity - Bars
    Quote Originally Posted by UrbanBounca View Post
    I am labeling it as nonsense, because that's all it is. Once SU is installed, it's always running. I have experience with it, believe me. I've installed numerous ROM's, which require root and CWM. I deal with SU every single day, and I have yet to see any "documentation showing it's bad practice." I would love to see where you're going to pull this documentation, because I want to see it. As I've said, you root and install SU, and take your chances, or don't root at all and you won't have to worry about it.
    Just Google why not run as root. If you run as root always any app you install would have the same permissions as root and therefore could do whatever it wants with or without your permission.

    http://superuser.com/questions/21837...to-run-as-root
    http://serverfault.com/questions/579...ays-being-root
    http://matir.wordpress.com/2007/08/1...ally-not-okay/
    http://everyjoe.com/technology/expla...hubs_migration

  11. #26
    Join Date
    Apr 2008
    Posts
    3,941
    Carrier(s)
    Straight Talk Wireless
    Feedback Score
    0
    vBActivity - Stats
    vBActivity - Bars
    Wirelessly posted (Mozilla/5.0 (Linux; U; Android 2.2.1; en-us; DROID2 Build/VZW) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1 480X854 motorola DROID2)

    Quote Originally Posted by evilbaby
    Quote Originally Posted by UrbanBounca View Post
    I am labeling it as nonsense, because that's all it is. Once SU is installed, it's always running. I have experience with it, believe me. I've installed numerous ROM's, which require root and CWM. I deal with SU every single day, and I have yet to see any "documentation showing it's bad practice." I would love to see where you're going to pull this documentation, because I want to see it. As I've said, you root and install SU, and take your chances, or don't root at all and you won't have to worry about it.
    Just Google why not run as root. If you run as root always any app you install would have the same permissions as root and therefore could do whatever it wants with or without your permission.

    http://superuser.com/questions/21837...to-run-as-root
    http://serverfault.com/questions/579...ays-being-root
    http://matir.wordpress.com/2007/08/1...ally-not-okay/
    http://everyjoe.com/technology/expla...hubs_migration
    No, that's not true. Any app that requires root will ask permission to run. You can "accept" or "deny."

  12. #27
    Join Date
    May 2003
    Location
    Los Angeles area & PA/NJ, USA
    Posts
    17,403
    Device(s)
    Nexus One
    Carrier(s)
    AT&T
    Feedback Score
    0
    vBActivity - Stats
    vBActivity - Bars
    Quote Originally Posted by evilbaby View Post
    Just Google why not run as root. If you run as root always any app you install would have the same permissions as root and therefore could do whatever it wants with or without your permission.

    http://superuser.com/questions/21837...to-run-as-root
    http://serverfault.com/questions/579...ays-being-root
    http://matir.wordpress.com/2007/08/1...ally-not-okay/
    http://everyjoe.com/technology/expla...hubs_migration
    But those links explaining why It's not smart to run as super user don't really seem to apply to rooting your android phone, at least from my understanding. I thought I remember when using Linux, run as super user gives everything access. But when you root an android phone, you don't run as admin. You still are running as the limited user, and anything that reaches outside that and attempts super user access gets stopped by the super user app with a pop up prompt asking if you grant permission or not, and to what app or process is requesting.

    From my memory, On Linux you had to actually log in as the admin. Maybe I'm confusing my memory though.

  13. #28
    Join Date
    Feb 2006
    Posts
    1,965
    Device(s)
    Samsung Galaxy Nexus
    Carrier(s)
    Rogers
    Feedback Score
    0
    vBActivity - Stats
    vBActivity - Bars
    Quote Originally Posted by UrbanBounca View Post
    Wirelessly posted (Mozilla/5.0 (Linux; U; Android 2.2.1; en-us; DROID2 Build/VZW) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1 480X854 motorola DROID2)



    No, that's not true. Any app that requires root will ask permission to run. You can "accept" or "deny."
    It does ask for permission, an explanation is given below. However if you follow the flow of the conversation.

    me:Always running in SU is bad
    somebody else: that's nonesense
    me: no its not, follow the links as to why always running in SU is a bad idea.

    That is what the reply was about. Not if every app will ask for permission(more on that later)

    Quote Originally Posted by RogerPodacter View Post
    But those links explaining why It's not smart to run as super user don't really seem to apply to rooting your android phone, at least from my understanding. I thought I remember when using Linux, run as super user gives everything access. But when you root an android phone, you don't run as admin. You still are running as the limited user, and anything that reaches outside that and attempts super user access gets stopped by the super user app with a pop up prompt asking if you grant permission or not, and to what app or process is requesting.
    Correct, which is a good thing, however(and this outside of my knowledge) but if it handled like the iPhone jailbreak it could lead to issues

    When an app needs root access the superuse app is called which gives you the option to allow/deny. From the 4 phones I've rooted I've never once been asked to set the root password. The superuser app has always written my permissions for me. If like the iPhone there is a default su password that could allow malicious apps or worms to grant their own access without involving the superuser app.

    I've already posted a link to how a jailborken iPhone was exploited in this way.

  14. #29
    deathtrip Guest
    Quote Originally Posted by UrbanBounca View Post
    I am labeling it as nonsense, because that's all it is. Once SU is installed, it's always running. I have experience with it, believe me. I've installed numerous ROM's, which require root and CWM. I deal with SU every single day, and I have yet to see any "documentation showing it's bad practice." I would love to see where you're going to pull this documentation, because I want to see it. As I've said, you root and install SU, and take your chances, or don't root at all and you won't have to worry about it.
    Again, you are wrong. Once your phone is rooted, all you get is the ability to allow your standard user to run applications which require root access. Applications that require root check for the ability to run as root, or if the superuser application is installed so that it can EXECUTE applications with root access. There is nothing "running" until you execute an application.

    And, running a Linux/BSD/Unix OS as the root/superuser/admin is bad practice because then your user has access to open/read/write to files/locations that your standard user would not be able to, and if you didn't have a clue as to what you were doing you'd screw it up.

    There's no crime in doing so, just bad practice and anyone who uses Linux/FreeBSD would know that first hand.

Page 2 of 2 FirstFirst 1 2

Similar Threads

  1. Replies: 19
    Last Post: 08-28-2013, 11:55 AM
  2. Rogers Branded X10a Android 2.1 Firmware is HERE + ROOT
    By azian_advanced in forum Sony Ericsson
    Replies: 10
    Last Post: 12-05-2010, 11:42 AM
  3. Replies: 38
    Last Post: 07-06-2010, 04:22 PM
  4. Root Mobile now available on Android
    By ChristopherMcG in forum Android Apps
    Replies: 2
    Last Post: 03-23-2010, 10:09 PM
  5. PdaNet: Tether Android without root
    By bmaugans in forum Android
    Replies: 5
    Last Post: 04-01-2009, 05:55 PM

Tags for this Thread

Bookmarks