Aug, 17 2009

Over the weekend, Tyler and Joey spotted the tweet of an Android Developer/enthusiast named RyeBrye who claimed to have an application that – when used – would almost instantly root your phone. There were a ton of skeptics and rightfully so – giving an installed APK this level of access to your phone’s core OS functionality sounds kind of troubling. What if this “1 Click Root” was really “1 Click Brick” that instantly and permanently broke your phone?

Fear not: we can confirm 1 Click Root is real and it works on a number of different Android models. First lets talk about how YOU can use this application to root your phone and THEN lets talk about the implications of this application and its mere existence.

1 Click Root via Recovery Flasher
The original information for 1 Click Root was put together by RyeBrye (who says Zinx did all the work). Since then, UnknownKnita took RyeBrye’s raw APK file and published it to the Android Market as Recovery Flasher, adding a How To Guide and publishing the following video for your convenience:

There are also detailed instructions on RyeBrye’s Blog if you scroll down to the big letters that say UPDATE: More Detailed Instructions. You may want to check that out as it goes a bit more in depth. Please note that it is confirmed to work on the Dream and Magic but instructions may be slightly different so read up before you do ANYTHING and as always, proceed at your own risk.

recover-flash recover-flash2

How It Works
The whole story is explained by RyeBrye but I’ll try to make a long story short: there is an exploit in Android listed as exploit CVE-2009-2692 by the National Institute of Standards and Technologies National vulnerability Database. Google fixed/patched this problem on August 11th, but your phone is still operating with software that has this flaw and until your carrier pushes out an OTA update fixing the problem, 1 Click Root will work. The exploit allows you (or those who know how to) to execute anything at root but the prepackaged Recovery Flasher APK makes it clean and easy, utilizing that exploit to flash a ROM.

Why This Is A Problem
Sure, you love this exploit because it can hook you up with a rooted phone with minimal trouble. But someone could also use this exploit for very, very evil purposes and if you get a malicious APK on your phone that uses this exploit to either grab your personal information, brick your phone or something else… that wouldn’t be good. So as you can imagine, Google has somewhat of a PR and logistical nightmare on their hands and I’m sure a ridiculous amount of resources will immediately go towards getting carriers to push out patched updates.

RyeBrye himself notes the nature of this news and apologizes to the people who are likely put in panic mode as a result:

Apologies in advance to anyone who has to work quickly and work hard to patch this exploit in the wild. (Although it should be noted that if you just shipped phones that weren’t neutered in the first place, it would save us all a lot of work and help us all be on the same team… but that’s a topic for another post.)

The story is much different for users though, as one of the recommended Pre-Rooting steps includes:

Be prepared for the awesomeness you are about to unleash

Awesome? Indeed. Awesome indeed.

I Am Newb, Hear Me Roar
If you have no clue what all this rooting stuff is about, perhaps we can explain it in simple man’s terms. Google doesn’t provide full access to all of the functionality of the Android OS on phone’s shipped through carriers. Instead, it locks out and restricts certain capabilities for the safety of newbs like you. But WITH access to all of these features (aka root) you’re able to do some pretty amazing things. For example, you can install “future” versions of the Android OS.

Remember how everybody was screaming about “OMG I want haz cupcakez!” a few months ago? Cupcake was the “next” version of Android which, at this point, has already been released. Now the “next” thing is Donut and by using Recovery Flasher to Root Your Phone with 1 Click, you can install this “future” version of Android.

Wrapping It Up
This is a great thing for newbs who want root access but are afraid to go through all of the difficult steps. But for Google, the Android team, and carriers with Android Phones this is somewhat of a nightmare. This is a HUGE flaw and the exact reason why some carriers said they didn’t want to get on board with Android to begin with – at least until the platform was proven.

This is somewhat of a test – how will Google respond? How quick will patches be delivered OTA? Will Google police Android Market until a security fix goes out, hoping to catch any malicious apps in the process? Chances are that any malicious app will be delivered direct to device, otherwise the person is pretty much agreeing to be caught if they go directly through the market.

We’ll be watching closely as Google responds to this issue and you should watch this space as we’ll definitely bring you related news and updates. What an insane way to start a week… this is gonna be fun! Thanks to Unknownwita for sending this in and doing lots of legwork that others can use/enjoy! And of course to RyeBrye and Zinx for getting the job done in the first place!

recover-flasher