Just a quick PSA for those of you who either develop or use apps that require root. Chainfire, the man behind some of the most helpful and useful root apps out there, has alerted the community about possible changes to Android’s file system that would effectively break root access for many apps.
According to him, new code commits to the Android Open Source Project master tree prevents SuperUser from executing files located in /data. Chainfire explains what’s happening in a quick couple of lines:
A lot of root apps (though by no means all of them) include binaries or scripts that they extract to their app-specific files or lib directory (located on the /data partition) and execute from there as root. This will no longer work out-of-the-box, and generate an access denied error.
Though there are certainly several ways around the issue for the affected apps, there doesn’t seem to be a single generic solution that would work for all cases and can be implemented in the su command itself (though of course if you can come up with one, I’m all ears).
He says it’s likely we’ll be seeing this in the next major version of Android (be it 4.4.3, 4.5, 5.0 or whatever Google decides on). So what does that mean? It’ll mean tons of app developers will likely have to update their apps to circumvent this unfortunate issue looming over the community.
While there’s no known solution just yet, Chainfire says it’s important for the community to be aware of the issue early on. This would allow developers to pool the power of their overly smart brains together and work together to make sure this doesn’t become an issue by the time the next version of Android is out.
How can you, the user, help? Simple: contact all of the developers of your favorite apps and pass them the source link you see below. Make sure they’re aware of the impending issues so that they can be on the edge of development and make sure this doesn’t affect their apps’ usage. Otherwise, we’re going to have a lot of sad folks dropping a lot of 1-star reviews in the Google Play Store in the near future.
[via Google+]
When you factor in that most of the top paid apps on the play store are Root and power user apps this seems like a really bad idea… Hopefully Google is not making a mistake and trying to close off Android.
They’re not closing it off, they’re trying to make it more secure. Doing things this way makes it more difficult for apps with malicious intent to execute script or code on the /data partition.
The android police article has a little more info: http://www.androidpolice.com/2014/01/20/a-future-version-of-android-could-potentially-break-a-large-number-of-root-apps-chainfire-explains/
I get that, but if legit root app devs can get around this, than so can malicious app devs. Most people don’t root, and most that do know the risks.
This prevents some exploits that try to get root. Obviously any app that you *give* root to will be able to work around it.
The whole point of this article is that the apps you gave root access to will not work properly, and you’ll get an access denied error code (if they use these methods).
Yes and I told you why… to prevent some exploits that try to gain root. Apps you gave root access to can work around this easily, just as you said in your previous post.
This prevents malicious exploits and apps you give root access to. Both will be able to work around this. If an app I give root access to can work around this so can an app that gained root access without my knowledge.
You misunderstood. I’m talking about exploits that try to gain root access without your consent. Many of the those exploits manipulate the /data partition in unintended ways in order to get root. This change should prevent that, and there’s no workaround other than finding new security holes elsewhere in the system.
Legitimate root apps that you consent to giving root to can work around this in several ways.
I’ve rooted every single android that I’ve owned, which is a few dozen. For my next android device, I don’t want to root it, I want to use it as is which means I want it to come out of the box working to my liking. I’m tired of rooting and tweaking just because some of these brain dead oems don’t know how to create a good software experience. /rant
But… AdAway, TiBu, Xposed…
Titanium Backup could be rendered obsolete if Google ever implemented a complete backup solution that actually worked as well, but we’d always need root for AdAway, unless you learn to live with ads again
Others have said Carbon backup can do everything TiBU can without root. I don’t know for sure, I still rely on TiBU since the first time I tried Carbon it couldn’t do much at all. It’s worth a shot if I’m ever unable to root, but it had to have come a long way if it truly does compete with TIBU.
I tried Carbon (now known as Helium) recently. There were certain apps it could not backup without root.
I feel you on TB being very useful root app. @toomuchgame441:disqus, wanting to go for an out of the box experience is cool too. Even if OEMs slim down their own skins on Android there will always be great reasons to have root access. Right now there just doesn’t seem to be great un-rooted equivalent version of apps like Titanium Backup, Greenify (root features), Xposed and others like them.
I don’t like to go crazy with themes, that’s why these days I always rock stock-based ROMs with no theme. I’ll just Xposed to tweak one or two items like the battery icon or using the volume buttons as track controls for my music, disabling increasing ringtone… stuff like that. I can have all that stuff but with a stock-looking environment which is very close to what it was out of the box. The best of both worlds.
@AGx07:disqus I’m with you on the Note 3. Everything I mentioned above is for utility purposes, not performance. It goes back to what I always say about having a powerful hardware platform which will keep your device rather future proof so you can tweak the software however little to your liking. The damn thing’s already rather powerful, a little bit of custom touches here and there makes it a fantastic Android experience.
I’m glad the PSA is out and developers can start looking at their apps. When there’s a will, there’s a way and Android developers will usually overcome anything Google throws at them. Consumers like us win!
Learn to live with ads. My god they aren’t that bad. And that’s how a many app developers get paid Just grow up.
This is true. I’ve stopped installing adblockers because I want to use the “free in-game credit” offers, but adblockers block the redirect link. =.[
Though some developers are just outta line. They’d have a button you have to click on the bottom and right when you get ready to click it, an ad would load there. LoL!!
I be like “Oh, that’s dirty.” =.P
If you reeeaaalllly want to use those “free in-game credit for watching an ad” offers that are blocked by default, you can just take note of the blocked URL and then add its pattern to AdAway’s whitelist. I think I’ve done this a single time, but can’t remember for which game.
Whitelisting? Yes. I was actually trying to do that so I can still block ads, but I noticed that the redirect link was different all the time.
It may have been a main link I should have Whitelisted, but I didn’t feel like looking it up for some free credits. I just didn’t install any adblockers the next time I wiped my phone.
Though the only place ads are unacceptable is Hulu Plus and Youtube. LoL!!
Usually the address to whitelist for things like this are related to the company that pays the credits. If you dont know the specific address you can pull your hosts file and use an editor with a search function to search for anything with that companies name and remove it.
Alternatively, if there are only a few sites that really bother you with adds, you can simply modify your hosts with them…
Personally I use a hosts file from adaway that I heavily modify, as it really ticks me off to lose out on newegg ads or having to switch to the pc or remove their full featured hosts file just to get a sex toy for a special weekend with the gf.
Yes. I remember reading about that. It’s not that I don’t know how to do that (Well, I don’t, but I’d be able to learn), it’s just I didn’t feel like taking the time to do it. LoL!!
As you can see, I’m very lazy. =.=
*golf clap*
And what about the apps that don’t have an ad free version hmmmmm? I don’t mind paying for apps if I use them enough.
I don’t even root for performance purposes anymore. Example: I own a Note 3, one of the most powerful devices out there. I wont say its perfect but its snappy enough that any real performance issues aren’t noticeable. I rooted it anyway because I use apps like GMD, AdAway, Xposed, etc. These are all utility, not performance. I totally get your point on not wanting to root because oems make bad devices but people root their Nexus devices and these are about as good as they’ll get on the software front. Why? Utility, my friend. Utility.
As Jason said, I also root to use adaway and Xposed, I don’t think I could live without Viper4Android either.
I was disappointed with Google when they broke root with Jelly Bean, but I decided to live without it, and found that loss of root didn’t rally affect me much after I made some adjustments. My Moto X is great out of the box, and I have no desire to root it. Instead of spending time and effort on breaking root apps (I mean fixing potential security holes), I wish Google would focus on filling the feature gaps that are the incentive for rotting in the first place. How about a working and useful backup solution built in to Android? Maybe give users some control over app permissions? Re-separate ringer and notification volumes? People root to overcome what they see as deficiencies in Android; Google should be acknowledging and addressing these deficiencies instead of squashing the community’s ability to do so.
I’m sorry, but I laughed at “rotting”.
Though you do have quite valid points.
A backup solution WITH data is in need. So far it requires the developers to add the functionality to their apps.
So who’s to blame in that situation?
Linking volumes is just a preference. It’s not that hard to add, I presume. Though I don’t use it anymore. Funny since I used to NEED that. LoL!!
I root to do things that require the use if root, like theming and connecting my PS3 controller. To add that functionality by default would probably be too much for a regular consumer.
Just think about what you can do if you root and then think about people who buy the “top” or “popular” phones. Should Google really take the time to add all that?
These are questions I think about. I have no answer for them.
My phone has Jelly Bean and is rooted. Not sure what you mean about them breaking root.