Many users of Android devices sooner or later are tempted to root them. Here we discuss the advantages and disadvantages of having root permissions on Android devices — and if your device should be rooted at all.
Why people root their Android devices
Obtaining superuser access rights, popularly known as rooting, lets owners take full control of their devices. It is possible to do virtually anything with superuser access rights, and quite a few apps (including some in the Google Play store) require root permissions to function properly.
Superuser access privileges are typically sought to expand regular Android capabilities. For example, you can limit network activity for some or all apps, delete annoying preinstalled apps, speed up the CPU, and more.
We used Kaspersky Security Network to compile a list of the most popular reasons that users root their Android devices.
- Install apps that hack games. These apps gain access to the memory where games are stored and modify parameters to allow free gameplay.
- Access the file system. Unrestricted access to the file system may be useful for recovering erased files, moving apps to an SD card, or using root explorers, which are applications with advanced file-system functions.
- Tweak, overclock, or clean the device. Overclocking means increasing the CPU clock frequency of a device so that it works faster.
- Change the Android version. Some users flash third-party firmware ROMs (install different versions of the operating system) created by enthusiasts.
How people gain root privileges
According to our data, people use applications such as Kingroot, 360 Root, Framaroot, Baidu Easy Root, Towelroot, One Click Root, and Mgyun to gain superuser access rights. Unfortunately, many of these applications either show advertisements or install adware on a device. Their behavior is not necessarily malicious, but nothing good comes of it.
We do not recommend using any of those applications for rooting. Well, we don’t recommend rooting at all. Here’s why.
The dangers of rooting
As we said, superuser access rights grant full control over a device. Although that access has some potential advantages (mentioned above), it comes with disadvantages as well.
It is important to understand that having a device with superuser system permissions violates Android’s basic security principles. Rooting is, in effect, do-it-yourself hacking of the operating system of your tablet or smartphone.
Normally, Android apps work in isolated environments (in so-called sandboxes) and cannot gain access to other apps or the system. However, an app with superuser access rights can venture out of its isolated environment and take full control over the device.
With superuser access rights, apps can do whatever they like — for example, view, modify, or delete files, including those that are required for device operation.
Also, note that rooting voids the device’s warranty. Sometimes, the process of rooting can even brick a device, and in that case, you’re simply out of luck; there’s no way you’ll get a refund for it.
Malicious applications and rooted Androids
After gaining superuser access rights, malicious applications enjoy full freedom. In fact, the first thing many Trojans for Android do is attempt to gain root access. Users rooting their own devices offer quite a gift to malware developers.
With superuser access, mobile Trojans can:
- Steal passwords from a browser (as the Tordow banking Trojan did);
- Purchase applications surreptitiously in Google Play (the Guerrilla and Ztorg Trojans did that);
- Substitute URLs in a browser (as the Triada Trojan did);
- Install applications stealthily, including onto system partitions;
- Modify firmware so that Trojans remain on a device even after it is reset to factory settings.
Some ransomware Trojans use superuser access rights to improve their chances of staying in the system.
In most cases, malware is capable of gaining superuser access rights on its own by exploiting vulnerabilities in the system. But some malware applications use existing permissions. Furthermore, according to our data, approximately 5% of malware applications — for example, the Obad mobile Trojan — check devices for root permissions.
The geography of rooting
Our statistics show that rooting is most popular in Venezuela, with 26% of users having rooted smartphones. Algeria takes the lead among African countries, with 19% of smartphones operating with superuser access rights. In Asia, rooting Android is most popular in Bangladesh, with 13% of devices rooted. In Europe, Moldova, at 15%, has the lead.
As for Russia, 6.6% of owners of Android devices use rooted smartphones, which is close to the world average percentage (7.6%). Neither North America nor Western Europe includes any top-rooting countries.
Our statistics show that the top 10 countries where Android devices are rooted most frequently and the top 10 countries where mobile devices are successfully attacked overlaps by 60%. And 9 of the 10 countries with the largest number of rooted devices are in the top 25 countries where devices are attacked most often.
Does antivirus work on a rooted Android device?
Regrettably, although criminals can exploit the advantages of gaining superuser rights and use them to bypass security mechanisms, the good guys still have to play by the rules. In short, antivirus works on rooted devices, but superuser access doesn’t increase its effectiveness.
Of course, how well malware can take advantage of the capabilities of a rooted system varies. But the risk of a security solution letting a threat through on a rooted device is higher than on a device without superuser access rights.
So, should you root your Android device?
Using a system with superuser access rights is similar to driving a heavy truck. If you are really capable of handling that, then why not? But if you aren’t, then get the necessary knowledge and skills first. So if you’re not into IT and don’t consider yourself a pro-user, then we do not recommend rooting Android.
A few more pieces of advice:
- Install applications from official stores only — but even so, don’t trust them blindly. Although the Google Play store is far more trustworthy than random Internet sites, Trojans sometimes get in.
- Limit yourself to known apps from known developers and only those apps that are really needed.
Scan installed apps with a reliable antivirus — for example, our free Kaspersky Internet Security for Android.