Root access no longer the default in latest version of CyanogenMod

If the headline had you doing a double take, you’re not the only one. One of the best and most popular alternative Android builds, CyanogenMod is deeply rooted (pun most definitely intended) in the world of underground Android development and has long been associated with unlocked devices featuring superuser access. In the newest edition, CyanogenMod 9, the team behind the ROM is taking a step back in the interest of security. By default, root access will be disabled in CM9. Users will have the option of enabling root in three different modes. One for ADB, one for applications, and one for both.

The change in policy signals the emergence of CyanogenMod as a legitimate alternative to OEM-installed versions of Android. With each new release the ROM picks up polish and grows its userbase. What was once a small horde of Android enthusiasts looking for operating system customizations has grown into a slightly more mainstream audience. As Uncle Ben always said, “with great power comes great responsibility.” With more and more users coming to Cyanogen — and some on the less technically savvy side — it’s only responsible to provide the most secure OS possible as a default.

[via AndroidCentral]

Continue reading:




  • Ilan Cortes

    In CM9 we trust.

  • Mapekz

    Someone’s going to say something stupid and be like “What’s next? CM team is going to start locking bootloaders?”

    This is a very good move for the sake of Android as a whole.

    • lynyrd65

       No it isn’t. Root is already becoming legitimate, this move shows a departure from that and is unacceptable.

      • https://plus.google.com/u/0/107214144202094295079/posts James

        What?

        • lynyrd65

           Schvat are you sinking about?

      • lordofthereef

        It sounds like they are giving you the choice to open root if you want it in the settings somewhere. This way, the person that doesn’t really know what he/she is doing is not at risk. Why, exactly, is that bad?

        • lynyrd65

          You still have to give apps super user permissions when you first open them. I could see this being a problem as more users who root their phones though (not knowing what it is and giving permission any way).

          I think a better option would be to ask a prompt upon first boot whether to enable super user with options listing that super user is for advanced users.

          • lordofthereef

            I don’t disagree. Your initial argument seemed to be that this would somehow hurt the scene and illegitimize rooting. That is, essentially, what I was disagreeing with, for many reasons, not the least of which you have to root your device to even get CM9 on it in the first place. :)

          • Aztec713

            Well their are certain things that allow for them to automatically be given root access without user permission. which is why they are probably making this move.

          • Chris Sewell

            This isn’t just about apps having root access. This is also for adb (which certainly shouldn’t have root access by default).

            Androidcentral: ”
            A good analogy is Android’s “unknown sources” option, which allows applications to be loaded directly from an APK file rather than the Google Play Store. It’s there for those that want it, but disabled by default for security reasons. As CM matures and its audience grows more mainstream, it makes sense that there’s a renewed focus on security.”How is this really all that different from that? And in reality, it’s not THAT much of a hassle for users compared to the benefits of having a more secure ROM for 1.5 million + users.

      • squiddy20

        If root is “becoming legitimate” like you say, then why does rooting any device STILL void the warranty? Why does access to Google Movies disappear on a rooted phone or tablet? Why do most carriers lock/encrypt bootloaders to PREVENT root? Root is no more “legitimate” than it was 3 years ago, just slightly more mainstream/well known.

        • lynyrd65

          Because many manufacturers see it as a liability while others do support it. Sony, Samsung, Google and others have specifically hired staff to work with Open Source Developers because they recognize that it is better to support the root community rather than fight it.

          HTC and Motorola are still twiddling their thumbs and they’re paying for it. Their sales are dropping dramatically as power users defect to other OEMs like Samsung.

          Google movies, Netflix and others act the way they do to appease the EVIL and HEINOUS gluttons we know as the RIAA and MPAA. While I wish Google was powerful enough to tell them to put out or get out, they can’t. To be competitive in that space they have to appease them. I hope this stance changes as Google gets more leverage.

          • http://Ces1ne.tumblr.com/ Ces1ne?

            I prefer samsungs devices lately, but if what HTC has been doing lately is “twiddling their thumbs” in regards to root than it should be pretty amazing when they embrace it….smh, what more do you want them to do???

        • lordofthereef

          Voiding the warranty is simply an easy way for companies to get out of having to repair/replace devices that may have been  damaged due to software tweaks that the end user may have done. Also, it’s any easy way to not have to provide tech support on a product that might be failing due to some poorly coded flavor of Android. EVERY company does this (virtually), be it gaming consoles, phones, etc. The only exception that I can think of seems to be computers, and I wish more of the liberties we have on our desktops would get transferred to our handhelds.

        • Chris Sewell

          In reply to rooting and Videos (google movies):

          Google has to do this because of licensing of the videos they rent out. Having root access is always going to play a role in making it harder for you to access drm media.

      • Chris Sewell

        lolwut?

        How does this show a departure from root? We simply made using root more secure….

      • Michał Polak

        Yes it is. You still have the option to turn root on in settings (easy enough for anyone who wants/needs it), yet it keeps novice users secure. Do you use your linux on a root account on a daily basis?

        • lynyrd65

          Super user (the app) doesn’t automatically give every app su permissions it asks first like desktop Linux distros do.

    • zorxd

       This is a good move. But in the end, they should do what should have been done since the beggning: protect root by a password just like on any linux PC.
      Especially on adb, since you have access to a real keyboard so typing a password isn’t hard.

  • ObasiS

    This is a great idea. It’s nice to not have to be rooted if you don’t want to, seeing as some apps won’t work with rooted phones.

  • Alex Paulson

    No big deal. Personally, i’ll just root it the second my phone (hopefully) gets CM9.

  • Chrisrj8084

    I have to wonder though, wouldn’t a “user” have to initially root their device in the first place to install an unrooted rom? Seems a bit self defeating to me but I applaud them for giving it a more mainstream appeal.

    • snowblind64

      Not on a phone with an unlocked bootloader. 

      I temporarily flashed a custom recovery using ADB then rebooted the phone into recovery to load the 4.0.4 leak on my Gnex. Never had to root. I think people get the perception that root is needed to flash ROM’s due to the popularity of ROM Manager which requires root to flash custom recoveries while android is up and running.

    • Chris Sewell

      You do not need root to flash a ROM. 

      Example: fastboot oem unlock on a galaxy nexus does /not/ root the device. However, you can flash CM which is a rooted ROM after flashing a custom recovery image.

  • Cipher Zero

    “…is taking a step back in the interest of security” It’s freaking Cyanogen, a ROM built for rooted phones, not HTC Sense.
    “…the emergence of CyanogenMod as a legitimate alternative” Judging from the way Phandroid blogs (you don’t see them talk about other ROMs, AOSP or otherwise), no other ROMs exist anyway.
    I wouldn’t say that CM sucks, but it was never my first choice, and since I’ve been getting CT ROMs from a group of friends, I have zero use for CM anyway, BUT why does it seem that whenever Samsung gets anywhere near4 anything in the smartphone world, it gets effed-up? Nexus S and GNex – not very good and worse (Thank God that Google will not likely use Samsung again for the Nexus 4 for a lot of reasons). They hire Steve Kondik (head of Team Douche), and CM9 – a ROM that you need to root your phone first to install has options for root access via Android Debugging Bridge (ADB)?! Are you f@#%ing kidding me?
     Actually, why do I care? I haven’t used Cyanogen since I had an OG Droid. /rant

    • DeePo

      Sorry but your rant doesn’t make any sense + what’s so wrong with the GNex?

      • Cipher Zero

        As for the rant, I don’t know how to make it any plainer than that. I’m not being insulting by any means, so don’t take it as such.

        What’s wrong with the GNex? No expandable/removable memory, buggy OS, issues switching/locking onto 3G/LTE,  horrible battery life, it seems to be much more Samsung’s phone than Google’s phone. Yes, I know a ton of people will comment that they have wonderful, perfectly seamless experiences with their GNex, have 37-hour battery life, and no lag or compatability issues. I had a GNex, I didn’t like it, so I returned it. I’m not saying that they’re utter garbage. Not at all. They have a nice spec sheet,but they are hyped up to be a LOT better than they actually are. Although sales-wise, the Nexus One was a flop, it was the best Nexus IMO. The Nexus S still doesn’t have ICS for the most part (even though there are devices being released with ICS before the NS got it). The GNex has “Samsung” written all over it rather than “Google”, and that is aside from the issues I’ve stated. Yes, there are custom ROMs, obviously, but it’s a frikkin’ Nexus. The latest Nexus at that, and I am more underwhelmed by it as the days go by. Obviously, YMMV, and everyone has different experiences, but I didn’t care for the GNex I had, or the ones I’ve played around with that some friends have. The fact that said friends come to you asking how to fix issues inherent to the GNex speaks volumes.
         I know I’ll get flamed for this, and it isn’t overly likely, but I hope that Motorola gets to do the next Nexus, or at least the Nexus 5.

        • DeePo

          Well I can see you’re disappointed with GNex, pointing at Samsung being “guilty” of building low quality devices, that’s strange cause looking at Apple efforts to get rid of Samsung, it looks like they’ve a very different opinion, I do, the SGS II has been the most successful Android phone on the market, as the SGS before.
          Don’t get me wrong, I like HTC also, got a N1, pretty interested in their One lineup, but I’m pretty confident that the SGS III is going to be the next best Android phone.
          GNex as all Nexus phones is not meant to be a flagship but a benchmark, all the fancy features (display first) comes from Sammy, Google just need a reliable hardware, did it come with a buggy OS? Not that much really, yet it’s quite normal since it’s due to be a test device. I do agree that NS should have got ICS long ago, that is true, but this post is about CyanogenMod, so let me say that I still keep an N1 as a second phone only cause there’s C7 on it

          • Cipher Zero

            …, it looks like they’ve a very different opinion <—-OPERATIVE WORD
            "SGS II has been the most successful Android phone on the market, as the SGS before" The iPhone is the #1 selling smartphone, period. Does that mean it's the best?
            "GNex as all Nexus phones is not meant to be a flagship but a benchmark." The word you're looking for is "reference platform", and I've been trying to tell people that for a long time, for some reason, people call the Nexus phones "Google's Flagships" as if they have 13 Nexus models at any given time
            I love Samsung's LED TVs and entertainment electronics, I have 2 offices, 3 bedrooms, and a living room full of Samsung electronics, I used to have a Samsung Alias (old feature phone)years ago, and really liked it, but  the fact is, I don't like Samsung's Android phones. That's it. Period. End of story. That is my "opinion" and pointing out what Apple thinks of Samsung and how everyone loves CyanogenMod isn't going to change my mind about either. I don't like the GNex, I don't care for CM, I have CT ROMs that I use, and before I had custom tailored ROMs, I flashed nearly every ROM publicly available at some point or other, I didn't care for Cyanogen then, and I care even less for it now, especially when people act like it's the only alternate ROM out there.
            I think it odd that people who own (or keep) a GNex or tout how wonderful CM is, and feel the need to run about telling everyone how great one or the other is reminds me of, hmmm…what do you kids call them? oh yeah, "sheep".
            On that note, I'm done here, I'm not going to keep coming back to a two-day-old thread to discuss my opinions, and I've long since turned off email notifications for Disqus. They're just opinions, no one is trying to defend a doctoral dissertation here. I don't like the GNex, I don't care for CM.
            The End.

    • russeini

      cant agree more…..actually i tried cm on a couple of my phones nd never liked it….always buggy smwhere…although i respect their efforts but i cannot b convinced that such a team can produce better products than specialized product teams with huge resources nd testng grounds as those at the big companies….take the miui rom 4 example….to me its just another launcher on top of android nd they claim they have a rom base! People like cm or miui i tend to believe bricked more devices thanactually fixed. Maybe their consciences finally woke up to the amount of bricks they caused nd decided to play it safer!

      • http://twitter.com/MikeTaylor00 Michael Taylor

        You can’t brick your phone from CM9.  You obviously don’t understand the term “brick”.  CM9 does not brick or unbrick any device.  Updating the recovery or radio is how almost all bricks happen.  And when a phone is bricked it is dead, no coming back.  It pisses me off to no end when some doosh posts that he bricked his phone but then went into recovery and flashed the ROM again and now it isn’t bricked anymore.  If it was “bricked” it would not get fixed without replacing hardware.  It would be as useful as a brick. 

        • russeini

          I obviously meant that normal people nd not wizkids like u i assume bricked their phones while attempting to install/uninstall CM or whatever…..custom roms = more bricks. Get it?

          • Covert_Death

            no, your still wrong lol please go understand what it means to brick a phone

          • Cipher Zero

            I’m not insulting you, or flaming you, but CM (or any ROM for that matter) won’t brick a phone. It takes a lot to actually brick a phone. In fact, I have more than a few phones lying around that people swore that they’ve bricked and either gave to me, or sold them to me for almost nothing. There are 4 DX1s sitting in my closet because four people swore up and down that they were bricked, thinking that they’d blown an e-fuse, but I .sbf’d them, and they were fine. If they were actually bricked, I wouldn’t have been able to do anything with them at all (hence the term “bricked” lol). People often confuse boot-loops, or even a blank screen with “bricked”, but it just isn’t the case. Another common (and very foolish) mistake is when people flash a new ROM or kernel without doing a backup first. You should never, ever, flash a ROM or kernel without running a backup first. One of the only exceptions to that rule is if you flashed a ROM without gapps (Google apps; the market – sorry “Google Play” (most stupid name ever), Google Maps, etc.) and you need to flash gapps right after flashing the ROM. If you ever get stuck, there are a ton of forums and IRC chat rooms around with people that can help you out. Depending upon your level of knowledge, XDA is one of the best resources out there, droidforums.net is a decent forum, but specific to Verizon phones. android.net is a pretty comprehensive site and more user-friendly than XDA. androidforums.com may have some useful information, but you have to sort through a bunch of trolls, garbage, irrelevant subjects, and people who spend their lives trying to prove how “intelligent” they are by going into a forum full of people 30 years their junior and try to bestow their idiocy er, “wisdom” about nearly everything but android among the younger crowds because people their own age would laugh them off of the boards. XDA will yell at you for not searching a question first, AF is full of thinly-disguised trolls, droidforums only deals with Verizon phones. Each one has their good and bad points, if you’re a forum-type person, check them all out and see which one works best for you. There are also message boards/forums dedicated to one particular phone, which can be very helpful if you’re trying to find an answer about something regarding your phone and don’t want to read through someone’s pointless political rambling .

  • ThreeFourSeven

    I’m missing something. Don’t you have to root your phone to get CM9?!

    • Cipher Zero

      Yes, you do.

      • Chris Sewell

        No, you don’t.

    • Loren Cogar

      No, see my above comment :)

      • km75sr

        Yes you do. You are giving out inaccurate information. Have you ever even flashed a rom? And if you have on what phone and what rom?

        • Chris Sewell

          You’re wrong. Sorry buddy.

          You do NOT need to root to flash a rom. 

          Fastboot oem unlock on the Galaxy Nexus, for example, does NOT root the device. 

          Fastboot flash recovery recovery.img (cwm recovery for example) does not root the device.

          Only when you flash a rom, or a update.zip that installs su, will you have root access to the device.

          • km75sr

            What you are saying is irrelevant. I said that you don’t need to have an unlocked bootloader to flash a rom. On a bionic, a droid 3, a droid 2, you can’t even flash a rom unless your device is rooted. You cant flash a custom rom through the phones recovery. You install custom roms through either clockwork or safestrap. In order to install either of those your phone your has to be rooted. What kind of phone do you have? Is it rooted? And if it is what rom have you installed and how did you install it?

          • vidoardes

            Will you please stop spreading your crap all over these comments, maybe this will make it clear:

            YOU DON’T NEED ROOT TO INSTALL A CUSTOM ROM.

            Clear yet? If you have a bootloqder from Motorola that is lock down tighter than Fort Knox, then there may be a hack to circumevent this which includes gaining root access, but that is what it is, a Hack. If you have phone where the manufacturer is offering to unlock your bootloader, (I.e. most of them)

            YOU DONT NEED ROOT TO INSTALL A CUSTOM ROM.

            Savvy?

          • km75sr

            Lmao. Ummmmm…..genius you do realize what root is right? Of course you don’t. Let me help you out. Root permissions are the same as Superuser permissions. So even if your bootloader is unlockable(say you have an HTC phone for ex:) in order to flash a rom you still need access to the Root components of your phone. You can’t flash a custom rom on an HTC phone UNTIL you use the tool to unlock the bootloader. What does unlocking the bootloader do??? It gives you access to the ROOT components of your phone. Which in turn allows you to flash custom roms. And by the way just because a manufacturer gives you a way to unlock the bootloader it doesn’t mean you are not hacking the phone. Hence the reason if you use HTC’s tool to unlock the bootloader you still void your warranty. Because it IS a hack. And as a side note I initially was addressing those making comments on here saying that you NEED AN UNLOCKED BOOTLOADER TO FLASH A CUSTOM ROM. A unlocked bootloader allows you to install CUSTOM KERNELS amongst other things but it is not a prerequisite to flashing a rom. Anyone using a Motorola phone knows that. Root technically is not a hack. Its a term. The hacking is how you obtain access to the root permissions. Do some research. Don’t just casually scan over forums or whatever it is that you read to get your info and assume you know everything. Read something!

          • vidoardes

            There is so much wrong with your post I can’t be bothered to correct any of it, I just hope no one ever asks you for advice about android (or linux in general).

            You don’t know the difference between the ROOT user (which is what is disabled in CM9) and memory partitions. I suggest you go do some reading before make even more of a fool of yourself.

            Usng Motorola as an example is only gonna help make you argument look more pathetic. You are using root access to get tools onto the phone to hack past the security, installing the custom ROM doesn’t need root permissions, just like you don’t need administrator permissions to put a disk in and install a new copy of windows on a PC. What you are talking about is using root to circumvent security.

  • Stephen

    Makes sense

  • Tom Burall

    The full text of this announcement is at: http://www.cyanogenmod.com/blog/security-and-you  This change gives the user the option to turn root access off and on as needed. Sounds great to me!

  • https://plus.google.com/u/0/107214144202094295079/posts James

    There is an option to enable root in the settings menu, it just isn’t enabled by default. What’s wrong with that?

  • David Gray

    Ok so let me see if I understand. This means that if I’m tired of the stock ICS I’m running on my T-Mobile Nexus S (Unrooted) I can somehow flash CM9/10/whatevers next WITHOUT having to ROOT my phone? How is that possible? I mean I’m pretty tech savy and rooted my old MyTouch Slide 3G but I always thought that to replace/flash a new OS you would need ROOT access. Any smart people out there, help me out with some detailed information (and do be shy to show off your brain, give me TECHY details). Thanks

    • Loren Cogar

      Root is an OS level privilege.  To flash a rom you need an unlocked bootloader and a custom recovery.  Root doesn’t come into play until you have loaded the ROM. 

      • km75sr

        You don’t need an unlocked boot loader to flash a rom. The Droid 4 the droid 3 the bionic the razr all have locked boot loaders and they have cm9 ics roms readily available to them

  • http://profiles.google.com/andrewc513 Andrew Chandler

    Wouldn’t this be just as simple as having SuperSU preinstalled but disabled by default? Then turn it on and update binaries for root? Seems like this should be a non-issue..

  • Eyad (formerly CTownOL)

    It’s a good move. This incident is somewhat similar to when that racy background picture was banned due to the increase of CM’s popularity. Banning that picture was a symbol of CM’s growing userbase (with their different preferences and morals) and with that: more nontechnical users. CM9 is more than just root support and power, my guess is that it’s mostly been used to upgrade your Android version beyond what your carrier or manufacture wanted your phone to do (and that’s not counting the fact that the spirit of the CyanogenMod Project is MUCH more open than Android itself). Anyway, technical users can easily enable root.

    So, in a nutshell: This decision is further proof that CyanogenMod is still growing!

  • Jay

    Makes sense for the safety of users. Not everyone that uses Cyanogenmod installed it themselves, some had friends or family do it. It makes CM more of an approachable OS to newbies. Not to mention OEMs aren’t required to use stock/Google’s Android build. Like Miui making it’s way to pre-installation, so too can Cyanogenmod.

    • servo36

       the article is unclear, you will still need to root the device.  But the Root permissions are not enabled by default, only programs that need access and adb.

  • AJA0

    Don’t you have to be rooted to even install Cyanogenmod? It makes no sense that installing it would disable root access.

  • Mike Reid

    I’ve been wondering why I have to run “adb root” to get the adb shell as root by default lately…

    Good move, IMO. Some people have others root and install CM on their phone. Heck some of the OEMs may offer CM at some point…

  • andrew__des_moines

    I tried CM on my old Captivate briefly after previously using Cognition.  I found CM to be unusable, the support wiki error riddled, and the support forum unworkable.  I don’t know if CM was that awful or DesignGears was that good, but I would be reluctant to try CM again.

  • maximillion82

    That’s not a big deal at all. If someone wants root they can still access it.

  • servo36

    this is a security feature, its like how in windows vista / 7 the administrator account is no longer enabled by default, this has nothing to do with locking bootloaders.

  • Christopher Davis

    This makes me laugh. People commenting on this are flaming up and making stupid assumptions. CM9 will require and unlocked bootloader and custom recovery just as it always has. Root is the ability to give applications and OS operations full clearance to whatever they want essentially. All this means is that you can turn root on and off thereby being able to use programs and content that rooted users have previously been locked out off. On top of that it gives users the option of turning it off to protect their security. For example, if somebody hates the skin their phone has and wants CM9, but doesn’t want to risk the security holes of root and applications taking their personal data they can just turn root off after having CM9 installed and having their OS look and perform as they want to. This is adding another feature, a perk to using their ROM. This only gives the user one more thing they can do within Android to make it whatever they want and isn’t that what open source and ROMs are supposed to be about. It’s ridiculous to bash this, by doing this companies may partner with CM to fund their production for the Android ecosystem. This doesn’t hurt anything, it doesn’t take root away, it doesn’t hurt anyone who wants root. 

    • km75sr

      CM9 doesn’t require an unlocked bootloader. I have a CM9 ICS rom currently running on my MOTOROLA BIONIC. The bootloader is definitely locked.

      • Covert_Death

        no, your bootloader WAS locked until you rooted it, unlocking it… MOTOROLA just hasn’t unlocked it FOR you.
        big difference

  • km75sr

    I’m surprised by some of the comments on here. Most noticeably is the fact that some people seem to think you need an unlocked boot loader to flash a CUSTOM rom. YOU DONT!!! I have a CM9 ICS rom running on my bionic. And the boot loader is NOT unlocked.

  • ultimatedroidfanz

    This is total bull. The Android community hates you now!!!!!

  • http://www.motoask.com/ Motorola Atrix forum

    That is a pretty good idea. Some people do not know what they are doing.

  • Rage4Order

    Clearly, the people on here that somehow seem to think this is a bad move simply do not understand what root access means, and also did not read CyanogenMod project’s statement on the issue.

    Let me simplify it for you people:  1) CM is not removing root, they’re simply disabling it as a default for adb shell sessions.  This (IMHO) should have been done all along.  Vast majority of users never even touch adb, and it’s a potentially major security vulnerability vector that doesn’t need to be there.  For those that want a root shell through adb, simply issue the command “adb root” and then you’ll get a root shell.  2) root access for those that don’t understand what that means is inherently a dangerous thing.  I say that as someone who has well over 20 years experience with Unix/Linux systems, and has seen the damage that such ignorance can cause.  Look, Google engineers have spent a lot of time designing the Android system so that root access would not be necessary for ordinary users, and as CyanogenMod project grows, it’s attracting more and more less-than-technical users who more than likely don’t understand all the implications that come with having full administrator access to the phone and could inadvertently expose themselves to all kinds of problems ranging from simple mischief to serious issues like identity theft.  Implementing a policy that attempts to minimize such problems is a good thing.