The massive popularity of Android smartphones has brought several features and options of the OS to the public domain. One of these options remains the ability to ‘root’ the device. Rooting an Android phone implies gaining (superuser) access to the kernel code of the software and using this access to improve performance and enjoy/replace several features that the OEM’s (Original Equipment Manufacturers) do not offer.
This process has been considerably simplified with the availability of one-click rooting apps. While rooting nullifies the warranty and carries a risk of ‘bricking’ (when the device crashes and becomes as useful as a paperweight or a ‘brick’) the device, it does have its benefits. However, the potential hazards that rooting poses far outweigh its benefits. Here’s how:
- Root access navigates around the stock security features (like permissions) of Android.
- Some rooting procedures require mobile scanning software to be disabled.
- Other possible side-effects are reduced battery life, overheating, strain on system utilities and lack of OTA (over-the-air) updates.
Rooted phones perform ‘sideloading’ (installing apps from sources other than Google Play) with greater ease. This can expose the device to several unwarranted security risks and grant malicious parties root access through corrupted apps or software.
The application ‘WebKey’ is a good example to study how rooting your precious Droid can go seriously wrong. WebKey can be installed on a rooted phone only. It has several features for people who want remote access for their devices, making it quite useful in instances of a lost or misplaced phone. While this is a welcome innovation can you imagine the possibilities if a malicious party got root control over your device? A malicious party with access to your device could perform the following tasks from a remote browser:
- View call and message logs
- View the browser history
- View what the user is seeing on the screen in real-time
- Switch on the camera app and look through the viewfinder
- Record conversations around the device with a voice memo app
- Track GPS signal and record location
- View contents of the SD card and the internal memory
- Read contacts info and other data
We do not mean to single out WebKey as a malicious app as it certainly has its benefits for people who misplace or lose their device. We simply mean to cite its example to exhibit the possible repercussions of a rooted phone being breached. Apps like ‘AirDroid’ and ‘Droid Control’ can also be misused in the same manner.
Other threats that a malicious root app brings are:
- Replace the stock email (Gmail) with another app
- Install a keylogger and track key inputs
- Make purchases from the Google Play store
- Send premium-rate SMS messages and call toll-numbers
- Download and install modified ROMs
- Delete crucial apps and data
Rooting definitely has its advantages for Android owners but before you root your smartphone you need to be aware of the security risks involved. Quick Heal Mobile Security protects your phone from several threats. But this does not mean that you overlook the threat from unsolicited apps that can gain root access to your phone.
NOTE: WebKey, AirDroid and Droid Control are NOT malicious apps. They have been mentioned to explain in a better manner the potential dangers of malicious parties gaining root access.