Ask Slashdot: Can I Trust Android Rooting Tools? 186
Qbertino writes After a long period of evaluation and weighing cons and pros I've gotten myself a brand new Android tablet (10" Lenovo Yoga 2, Android Version) destined to be my prime mobile computing device in the future. As any respectable freedom-loving geek/computer-expert I want to root it to be able to install API spoofing libraries and security tools to give me owners power over the machine and prevent services like Google and others spying on me, my files, photos, calendar and contacts. I also want to install an ad-blocking proxy (desperately needed — I forgot how much the normal web sucks!). I've searched for some rooting advice and tools, and so far have only stumbled on shady looking sites that offer various Windows-based rooting kits for android devices.
What's the gist on all this? How much of this stuff is potential malware? What are your experiences? Can I usually trust rooting strategies to be malware-free? Is there a rule-of-thumb for this? Is there perhaps a more generic way for a FOSS/Linux expert who isn't afraid of the CLI to root any Android 4.4 (Kitkat) device? Advice and own experiences, please.
What's the gist on all this? How much of this stuff is potential malware? What are your experiences? Can I usually trust rooting strategies to be malware-free? Is there a rule-of-thumb for this? Is there perhaps a more generic way for a FOSS/Linux expert who isn't afraid of the CLI to root any Android 4.4 (Kitkat) device? Advice and own experiences, please.
I rooted once (Score:5, Funny)
My phone exploded, and I had to have one of my hands amputated.
Learn from my mistake. Don't do it. Your hands are too important.
Rooting an android (Score:5, Informative)
I've been running rooted for about 4 years on various phones.
There are quite a lot of tools that you can run while rooted that are impossible otherwise.
This includes the ROMs themselves which don't usually come with the normal Google tools at all.
Then you can leverage tools like AppOps (integrated into many of the custom ROMs) to control granularly what info apps can get.
You can run things like AdAway, which basically block ads systemwide (including in apps).
The F-droid app repository has quite a lot of open-source software, and you can build a perfectly functional phone without Google apps.
As already mentioned, XDA-developers is a good place to start, even just to find info about your specific device, and guides for rooting, etc.
On balance, my opinion is that, if you do your diligence and set things up correctly, a rooted phone can absolutely be more secure than not.
As a small suggestion, if you decide to jump in, I highly recommend using ClockworkMod (Koush) superuser manager, because it's open-source and let's you set a pin for SU without paying for an upgrade.
Re: Disposable Androids (Score:5, Informative)
Yep, if you have any qualms about doing stuff on Android, feel free to get a cheap Android tablet to experiment on, like the old $200 Nexus 7. Then you can feel free to fill that one with games and crapware and wipe and reload it regularly like a Windows gaming box. This lets you play without too much risk without compromising your primary Android device. If you use the same google Play account, you don't even have to buy your paid apps twice (though of course then you're exposing your google account that you use to pay for Google apps, but if you're like me, that's separate from your personal gmail account)
My primary Android device is my phone, and I just keep a bare minimum of essential apps on it so it runs fast and lean. After the Android 5 update, haven't even felt compelled to root it.
Re: (Score:2)
... reload it regularly like a Windows gaming box.
Wow! The Windows install/update/drivers process is so painful that I am extremely careful in selecting what I install on my gaming machine. I can upgrade to a new version of Fedora in 15 minutes, give or take a minute or two, though. When it comes to my Windows installation, the ONLY thing I install is games I intend to play. Now if I need to experiment in a Windows environment I don't care about, I use VirtualBox and turn on snapshots.
Re: (Score:2)
Eh, with Windows 7 it hasn't been that bad, or even with Win98 before that. Every six months or so when it starts having problems, just reinstall from scratch, walk away and let it reboot a few times to finish updates, then install the nVidia updater and Steam and anything else from ninite.com . Just a few more steps than setting up a fresh Linux Mint box.
That said, the last time my C:\ drive failed, I restored my AppData dir from backups into the new system but still couldn't get some of my games to fin
Re: (Score:2)
You left the part out where this may take three hours, during which browsing for drivers and programs may be a great security risk.
There's even the bug where the SP1 of Windows 7 refuses to install (mine does, googled answers suggest it's a boot due to using dual boot/multiboot causing the damn thing to not recognize the 100MB "system partition" ; there is no solution besides grabbing a Windows 7 + SP1 warez iso and reinstalling)
There's keeping up with antiviruses to know which "free" one is not pseudo-rans
Re: (Score:2)
One trick I learned is to format the machine completely (using the clean all command under disk part), install the OS of choice, load needed drivers and updates, and once it is in a place where everything is stable... then activate it, and save off a couple wbadmin backups.
Now, if I need to reload a physical Windows box, I boot the Windows media, format, then reload the image, and reboot. Back to how it was. I can always get fancier by having a USB flash drive with Offline WSUS [1] images so I can get all
Try Here (Score:5, Informative)
http://forum.xda-developers.co... [xda-developers.com]
Comment removed (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2)
Confirming that. TowelRoot is what I used when the KitKat upgrade came out for my S3.
Re: (Score:2)
I've had my Samsung S5 (Verizon) complain that TowelRoot was malware.
Also, after rooting, the update process seemed to fail from that point onwards; I can't install any vendor-provided update successfully.
Re: (Score:2)
I've had my Samsung S5 (Verizon) complain that TowelRoot was malware.
That's more like a contraindication, though. Like a vote of confidence where the entire floor except for the distinguished gentleman Knox from the state of Samsung goes mf-ing AYE!
To add more info: (Score:4, Informative)
The XDA-Developers forum is full of tinkerers and developers themselves. They get a lot of traffic so proposed roots and mods will have quite a bit of feedback allowing you to judge the quality before you attempt to do something.
Additionally the XDA guys have a known history of calling out other people's shit. They are the ones who find questionable security practices, back to base datalogging and basically nearly everything negative or questionable you have heard about an Android manufacturer you'll have heard it on XDA first.
I wouldn't trust any shady site for any kind of root exploit, just links from the XDA-Developers forum.
Re:Try Here (Score:4, Funny)
Not that cesspit of hackers!
The only way to be safe from malware is to stick to respectable corporate sites like C|net's download.com.
Re:Try Here (Score:4, Informative)
Ugg. xda-developers is a forum of very smart people, but it's a frustrating place to go to find information. Having to read through dozens of pages of posts trying to glean bits of information is rather fatiguing. Especially topics that stretch on for literally years with hundreds of posts. Sometimes the first posts are updated to provide latest information, sometimes you have to read through several pages of comments to find what you're looking for.
Really all web forums just suck, plain and simple.
Rooting - (Score:5, Informative)
I have had Android devices from Cupcake onward and have always rooted them. That being said, I don't presume that rooting will work and I always presume that I may end up with a bricked device. A reminder that as soon as you start rooting, you have voided your warranty. I have also bricked devices. I learned how to make a jtag that way.
Your milage may vary.
Re: Rooting - (Score:3, Informative)
You havent voided warranty on a rooted device. Most drvices all? Can be safely brought back to factory with all markers erased. Thats been my experience with samsung, asus, and motorola devices
Re: Rooting - (Score:4, Informative)
You havent voided warranty on a rooted device. Most drvices all? Can be safely brought back to factory with all markers erased. Thats been my experience with samsung, asus, and motorola devices
Not true for current Samsung devices (S4 onwards) with the KNOX-enabled firmware. If you root those, you will trigger an eFUSE which flags your phone as "warranty void" forever. So yes - you can root even those phones, but you WILL lose the warranty. http://omegadroid.co/wanted-kn... [omegadroid.co]
Re: Rooting - (Score:4, Informative)
Not true for all... I've rooted the Note 3 without triggering the Knox. (KNOX is the reason my next phone won't be a Note 4 or 5, after owning Note 2 & 3).
Re: Rooting - (Score:5, Informative)
Not quite true. If you don't replace the bootloader KNOX won't be tripped. I have an S5 with an unlocked bootloader (t-mobile) that I have rooted without tripping KNOX, using ChainFire's rooting tools.
Re: Rooting - (Score:5, Interesting)
Has this actually been tested in court? Seems to me like a root-capable su is compatible software for all intents and purposes and therefore dropping warranty support for users who root should be a violation of the Magnuson-Moss warranty act.
Re: (Score:2)
Well, the lead plaintiff can be awarded a significant amount by the court for his/her troubles. It is pretty much entirely up to the court, however.
Re: (Score:2)
if you agree to it in the terms of the purchase, so be it.
Contracts cannot trump law. HTH.
That's like complaining about a dealer not honoring a warranty on your car after you hack the on-board computer to do stuff, and it damaged your car afterwards.
The question at issue in any particular warranty claim is whether the changes that the user made caused damage. If the user were installing a su which didn't prompt them (some Android TV sticks come with an su like this, it just succeeds!) or if there were evidence that they permitted root access by a specific application which can cause whatever problem the user's device is actually suffering, then there's grounds for denying warranty coverage.
The reason why some manufacture
Re: (Score:2)
S4 here, it has KNOX. my bootloader is stock but I use safestrap and HyperDrive ROM. Normally with safe strap you still have your normal rom when you are done but I do not. I can put it back whenever I want if ever needed, remove safe strap, etc. As others have noted XDA Developers is a very good place to start.
Read up on your exact phone and version you have on the phone.. Honestly just rooting is usually pretty simple and easy removable. Replacing the whole ROM is not hard, but more involved.
Re: (Score:2)
Don't write WILL in capital letters. There are definitely cases of people having phones fixed under warranty after triggering the KNOX flag. In some countries rooting a phone will also give you legal protection against losing warranty.
Re: (Score:3)
i europe you cannot void the warranty by rooting.
Re: (Score:3)
To brick the device is quite difficult (if you don't do it on purpose). Usually you can always reflash the original firmware. To end up in a bootloop, however, is easy and quite scary if you've never done this kind of stuff before.
excellent question (Score:3)
That's a good question. I don't think many of the tools and ROMs have been analyzed for security by qualified people. As someone else mentioned, http://forum.xda-developers.co... [xda-developers.com] is the most popular source. You'd hope that if there were major issues with the tools used there someone would notice.
You can extract a rooted ROM and compare the contents to the stock ROM.
Required class action lawsuit against Google (Score:2, Insightful)
Imagine if Windows PC manufacturers supplied PCs lacking Administrator access in Windows. People would quite rightly complain, and many would sue their respective PC manufacturers in order to gain full control over their own legal possession. But what if Administrator access were not being supplied because Microsoft did not provide it in Windows in the first place? In that situation, the many lawsuits would rapidly collapse into a single class action against Microsoft.
That is exactly the situation we h
install applications, CAs, encrypt storage, set se (Score:3)
That's an interesting thought. I imagine Google would have two responses to that. First, an Android user can install applications, set security policies such as requiring a PIN or pattern lock, encrypt the data storage - mostly the same things a Windows administrator can do. To say, completely wipe the disk and install a different OS, one does that via the bootloader, not in the OS. That can be done on many (most?) Android devices and is outside of Google's control anyway.
Secondly, contrary to your cla
Re: (Score:2)
good points, except Google DOES provide su (Score:2)
You make some good points, except I think you're confusing "rooting" a device which the OEM locked you out vs what an OEM would do to provide root access. Google DOES provide su, which is the file you use to provide root. OEMs could ship phone with su included. They could get it from the Google code URL below.
What's tricky and risky on some devices, but not others, is getting access to install su if the OEM has not provided it. In other words, su (root) is just like the hotspot feature or any other syst
Re: (Score:2)
and it comes in one and only one form : adb root (the ability to have root access from adb)
Re: (Score:2)
or that they will delete all those files they "don't need" in c:\windows\system for that matter.
excellent question (Score:2)
The same way we noticed teh SSL vulns....?
XDA Forums (Score:4, Interesting)
In general, if you're computer-savvy, hitting the XDA Forums will be your best option (IMO) if you're concerned about security. The SuperSU Package can be sideloaded into the device via manual ADB commands for most devices out there (some of them are considerably more difficult than others eg: Current Samsung devices with KNOX). I've owned multiple devices from several vendors and I have yet to have an issue with the posted information from the XDA forums. I would expect that anyone attempting to pass shit-ware in there would get found rather quickly unless it's a very niche device with few people actually interested in it.
Personally I've yet to use any of the "one click root" kinda options I've seen posted to various sites....
Re: (Score:2)
Other than tripping Knox, I haven't had any issues with it. Locked bootloaders have given me more trouble than Knox.
do it yourself (Score:3)
My advice: don't rely on specialized tools that claim to do the work for you, but learn how to do it by hand with adb and fastboot.
Re: (Score:3)
Wow, you're funny. As tools which are part of the Android SDK, if you don't trust them then you probably shouldn't have an Android phone in the first place.
Re: (Score:2)
What - exactly - are you worried about here? (Score:4, Informative)
On the phone, if you're just rooting, you're trusting the manufacturer of your phone, which isn't necessarily wise, but I see that's WHY you're rooting. So, you can get the XPosed Framework and XPrivacy, and set permissions for the various packages on your phone. Both are open-source.
If you don't actually read the code, then by definition you're trusting, period. So what's the issue?
Re: (Score:2)
. So, you can get the XPosed Framework and XPrivacy, and set permissions for the various packages on your phone. Both are open-source.
Not on lolipop :)
That said, I have yet to have an android phone (or device) that I have not rooted. I love adaway way to much to live without it (and titanium backup is a great tool.) I actually prefer CM or AOSP based roms now but mileage varies depending on the device.
Re: (Score:2)
On the PC, typically Odin is the only Windows executable involved with rooting an Android phone.
What is your basis for saying that? Odin is a Samsung internal flashing tool for Samsung devices. There are open source tools which work better (IMO) and also still only cover Samsung phones.
This is of little comfort to the Lenovo tablet which the OP was asking about. Many other devices don't have such easy flashing tools such as Motorola where root exploits and the ability to flash come from exploits that people have found and abused.
Also XPrivacy is not a silver bullet. It only works on an application lev
Can you read Chinese? (Score:3)
Manual steps vs. payload (Score:5, Informative)
Most root exploits I've seen have two components to them: the attack vector, and the payload.
The attack vector is usually a series of commands that have to be run to get the payload onto the device. This part is fully auditable and usually "open source" in the sense that you can perform these commands yourself. If someone sends you a .bat script with a bunch of adb commands, you can always open up the script and read it and make sure nothing is malicious in there.
The real problem is that 99% of the root exploits out there have to upload some kind of a binary file to the device, which is then executed. In MOST cases, the source code to this binary is not disclosed, perhaps to make it harder for the manufacturers to fix the exploit, or to keep their attack methods secret, in case the code might expose some more general pattern of attack that would enable the manufacturers to close a whole series of root exploits.
So basically you are trusting someone who compiled a Linux binary *whose job is to obtain escalated privileges on your device* to then not use those privileges to install some kind of tracking malware, data siphon, or cookie exfiltrating software, or even just a rootkit providing them a backdoor, which initially does nothing but can be activated at any time when the author feels they need something from your device (like participating in a botnet, perhaps?).
I'm a little surprised that the comments so far haven't really tackled the crux of your question, which was NOT "how do I find root exploits", but "are they trustworthy". Remember, folks, just because it's posted on XDA, doesn't mean it's trustworthy. Anyone can register an account on XDA; absolutely anyone.
I've read statements from root exploit authors who've said in plain language that they have no motivation to bundle malware in their root exploits and thus don't ever do so, but that's like the NSA saying they don't spy on Americans. We have no way of verifying the statement, and several reasons to suspect the contrary.
If you are in doubt, I would suggest that you forego root exploits altogether. Instead, you should simply refuse to buy any Android device where the manufacturer does not provide you a means to unlock the bootloader. Once you have a (legit) unlocked bootloader using official tools from the manufacturer, you can then proceed to install any ROM you want -- even an open source ROM that you could audit yourself -- which then gives you root access. Remember, on an Android device, root is far less powerful than an unlocked bootloader, so that's really what you should be aiming for anyway, to have a truly "open" device as an enthusiast.
Re: (Score:2)
I would suggest that you forego root exploits altogether. Instead, you should simply refuse to buy any Android device where the manufacturer does not provide you a means to unlock the bootloader. Once you have a (legit) unlocked bootloader using official tools from the manufacturer, you can then proceed to install any ROM you want -- even an open source ROM that you could audit yourself -- which then gives you root access. >
I didn't really get this until I got my tmobile S5. Not only is an unlocked bootloader safer, it's much easier to play with and you don't have to worry that someday you will have to decide if you want to risk upgrading and losing your unlocker bookloader (freedom.)
I started with an EVO 4G. I updated it when I first got it like I do with OS's for computers. I ended up with a locked bootloader and couldn't do any of the cool stuff I had wanted the phone for. Sure months later a new exploit was found but i
Re:Manual steps vs. payload (Score:5, Insightful)
Well, the way I see it, I'll trust a random XDA developer pushing closed-source hacks way more than I trust my carrier and/or handset manufacturer.
It'll grant you that it's a low bar.
Who do your trust (Score:2)
"Well, the way I see it, I'll trust a random XDA developer pushing closed-source hacks way more than I trust my carrier and/or handset manufacturer."
That's just plain silly.
Unless your random XDA developer also manufactured the phone and supplied the stock firmware, then you need to trust two parties: that random XDA developer AND your carrier. Remember just because the phone is rooted doesn't mean it also isn't running the manufacturer's (if any) malware.
So a phone which can be unlocked using a manufacture
Re: (Score:2)
Sure. But we're talking about evaluating trust, not whether or not the phone's running malware. If I'm running a stock firmware, in my mind it's already compromised; slapping an XDA hack on top of it doesn't strike me as increasing risk substantially.
That being said, I don't find getting root at all useful unless it's a means to the end of unlocking the phone and replacing the stock firmware. I t
Re: (Score:2)
Then the flip side to the argument is that most exploits and malware by vendors is discovered by XDA which in general people would consider white hats.
Do you setup an identity theft business inside a police station? Yes you'd be able to get a lot of identities, but think about the odds of getting caught.
We will not be able to tell you (Score:2)
We neither know where you take your tools from nor the actual version you're using. And even if we did, by the time such a through analysis is done, the next version rolls about and we can restart rolling that boulder uphill. And even if we did, why should you believe us? There are too many corporations who have a vested interest in you not rooting that device and thinking that any and all rooting tools are malware. Misinformation would most likely dominate such an examination effort.
The best one can tell y
If you wanted ownership of the machine (Score:2, Informative)
1) Most of the important functionality (including the WebKit/Blink browser engine) are now embedded in Google Play Services, which you can't manage.
2) Total ownership of a device with a proprietary radio isn't realistic - even if you managed to install straight Linux on the thing (unlikely) the underlying firmware is in the bag.
3) Better to return that machine and go with a Yoga 2 Pro honestly. You'll have the ability to install Linux on it and have far grea
Re: (Score:3)
Re: (Score:3)
Re: (Score:2, Informative)
gMail and chrome != Google Play Services
Google Play Services is like iTunes for Android, there is an agent on the phone which does such chores as:
1) deliver GCM "push" notifications (and other housekeeping chores)
2) notify you of application updates
3) probably other stuff but I haven't had coffee yet
+1 to brad-x, if you are serious about owning the machine then you should not be on Android
Re: (Score:2)
Re: (Score:3)
1) Most of the important functionality (including the WebKit/Blink browser engine) are now embedded in Google Play Services, which you can't manage.
This depends on how you define important functionality. You can't use any gapps without play services, and you will need another browser, but there are other browsers.
Total ownership of a device with a proprietary radio isn't realistic - even if you managed to install straight Linux on the thing (unlikely) the underlying firmware is in the bag.
Most of us like to have some kind of wireless communications, and that's going to be true of pretty much *. Including the Yoga 2 Pro.
A rooting tool is inherently untrustworthy as it exploits flaws in the target system.
That really doesn't follow.
RTFM (Score:5, Interesting)
RTFM and get ready to build stuff yourself. You will need to do some research for your particular device and then decide for yourself.
When I started using Android, it was a Nexus 4. Since the Nexus 4 came from Google, and was widely used by developers, it was easy to unlock the bootloader and root it using tools that were open source and reputable.
When I purchased a new and less popular phone, I wanted to root it and give it the same treatment. Unfortunately, the only tools I could find for my new device were posted in threads on the XDA forum. Someone posts a recovery + kernel and everyone just downloads and flashes it. Amazing. Well I run a banking app on my phone, how do I know that this thing is only a recovery + kernel and not something extra?
My other problem with the stuff people post on XDA is that some of the contributors don't seem to really know what they are doing. There's one custom kernel for my device that has a whole slew of useless options and the comment "Please do not ask me to add something, I don't know much about kernel ". So I think there is some amount of "recipe following" by some of the people that contribute on XDA: they figure out a recipe that works, and generate kernels or ROMs without really understanding what it is that they are doing.
So, my ultimate solution to the problem was just to build everything myself. This took several days for me to scrape together all the information I needed from Google, my device vendor, and random places on the web. I ran into the same problem: I needed tools to do this (specifically a compiler toolchain and a few other tools for assembling the kernel and recovery the way my particular device needs it), but I'm not going to download some random binary from GitHub.
I'm running Ubuntu 14.04, and the gcc-arm-none-eabi compiler worked fine for building for my Android. I didn't have to download any mystery meat binaries. I rewarded myself by sticking my name into the kernel version, so it says "3.0.4-AnonymousCoward" instead of "3.0.4-SomeAssholeFromXDA"
RE devices: I've only ever purchased devices from vendors who will let you unlock your bootloader. If you have a device that the vendor doesn't want you to have control over, your only option is to wait for an exploit that can get root (something like Towel Root). I will never trust something like that since the source isn't published, but I would never purchase a device that I can't control completely.
Hope this is helpful
No. But: (Score:2)
The relevant question is: could you trust the devices firmware in the first place? The las tfew year put a solid upper bound to my trust in this respect?
Fundamentally not secure (Score:3)
I had the same thoughts when I tried installing CM on an old Android device. In the end, the platform was never meant to be secure or really open to user scrutiny. I suppose with a considerable amount of effort you could achieve some sense of security by inspecting all major components, but if you are inclined to invest a considerable amount of effort, then you probably want much better security and are looking at the wrong place. Phones/tablets are fundamentally insecure, and this is probably by design.
Trust android rooting tools? (Score:2)
"and prevent services like Google and others (Score:2)
Usually, sure (Score:3)
Especially if you get them from XDA-Developers, where people have reputations.
Let someone else test the tools for you.
At least some of the tools actually let you patch the hole they got in through, this is true of the exploit for Asus Cube.
Paranoid? (Score:5, Informative)
Re:Paranoid? (Score:5, Informative)
(Android security engineer here)
Mod parent up.
This is the only way to be sure of what you're getting. The various rootkits (almost?) all include some closed-source binary which gets uploaded and run as root. Rather than using some hack to exploit some defect in your device's security and upload some random binary which does unknown things to your device, buy a device with a legitimately-unlockable bootloader. All Nexus devices meet this requirement. There are some Motorola devices that do, too, and there may be a few others from other manufacturers. Then unlock your device, install your new ROM (ideally, build it from source, but that's optional) and re-lock your device.
That will give you the control you want without exposing yourself to unnecessary risks.
I'm not saying this approach doesn't expose your data to risks, it does. The various third-party ROMs intentionally subvert various aspects of the Android security model. To really understand the risks, you need to understand Android security (I recommend "Android Security Internals" by Nikolay Elenkov), understand how your chosen ROM alters it, and understand how that will impact your usage. But it does put you in control, rather than the author of some random rootkit.
Oh, and note that it is important to re-lock your device. If you don't, anyone who gets your device can install their own custom ROM and get access to all of your data. Locking the bootloader ensures that the data partition gets erased before a new system is installed.
(Disclaimer: I work for Google, but this is not an official statement of any sort. It's purely my own opinion.)
Re:Paranoid? (Score:4, Informative)
All you need is adb and fastboot (Score:2)
Basically, all you need is adb and fastboot, both available in the Andorid SDK, which runs on Linux, and the the rooting zip files or images that you upload to the phone/tablet.
Easiest way to root the tablet is to install a rooted image.
Say goodbye to security (Score:2)
When you root, you almost always neuter Android security model. So goodbye to any security.
You can always do the flashing properly, with signing and stuff, but the procedure is major PITA: http://mjg59.dreamwidth.org/31... [dreamwidth.org]
Re:Say goodbye to security (Score:4, Insightful)
From your fine link:
This is unfortunate. Even if you've encrypted your phone, anyone with physical access can simply reboot into recovery and reflash /system with something that'll stash your encryption key and mail your data to the NSA. Surely there's a better way of doing this?
Anyone with physical access to your phone can, in theory, do anything they want to your phone. Including unlocking the bootloader, and then doing all that other stuff. What a fat waste of time that was.
Re: (Score:2)
Grammar (Score:2)
What are *your* experiences.
Re: (Score:2)
What are *your* experiences.
Way better than yours in German. Promise. ;-)
Re: (Score:2)
What are *your* experiences.
Way better than yours in German. Promise. ;-)
Genau!
Re: (Score:2)
Genau!
Genau! Achtung! Verboten! Halt! Gesundheit! Fahrvergnügen! ... Did I miss any cliche German words? :-)
Re: (Score:2)
Shadenfreude?
The Android I'd Like to Root (Score:2)
Would mainly be Pris.
But I'd also be pretty keen on rooting Zhora and/or Rachael as well.
Red pill or blue pill? (Score:2)
Can you trust the modded ROM you want to install?
Why should it be different with the rooting tool, the modded recovery or any other thing?
Which ever pill you'll take, you won't ever know!
Welcome in the real world!
Betteridges Law of Headlines (Score:2)
No.
And you cannot trust the ROM. And you cannot trust google. And you cannot trust debian.
Go, realize that you're always trusting someone, as long as you're not flipping bits to code your own OS. And then you're trusting the hardware.
Towelroot (Score:2)
My experience, for reference (Score:2)
I had an Android phone which I eventually was able to root/mod; here's some advice, for what it's worth:
- Get a device which has a supported root/mod path via XDA. Some devices are more rootable than others.
- Be careful about updates; most root tools only work for specific versions, and patches regularly break rooting methods/scripts.
- If you want to preserve root, you'll want to run a cusom ROM, so find a device which has a supported mainstream ROM for it.
- Unless you are an expert, it will take a while. P
Re:No (Score:5, Insightful)
"Computer expert" is a broad, broad definition. Nobody's a "computer expert", except in their narrow field.
So ease off with the smug. One might be an expert in their field and totally suck at another, both computer-related.
Re: (Score:2)
Have you seen any of the customer reviews on tech store sites?
"Tech level: 5/5 - I bought this RAM for my daughter's laptop, but the instructions weren't clear on how to open the case, and she still has a virus. 1/5 stars."
Re: (Score:2)
Benefit of the doubt: wake on RTC (Score:2)
And I'm not even going to detail the numerous people that think scheduled events will work when the desktops have no power.
Don't desktop PCs have a wake-on-RTC feature that will end suspend mode at a given time, analogous to wake-on-LAN but without the network? Or by "no power" did you mean unplugged from AC? In that case, perhaps they think missed scheduled tasks will run at next boot.
Re: (Score:2)
Last time I looked at that feature it was a smattering of different BIOS implementations. Nothing standardized, and I'm not entirely sure M$ has kept their support for setting it from inside the OS intact. PITA.
Re: (Score:2)
Only for the browser, which is not the main source of ads on Android. Apps like AdFree block adservers on hosts level, removing most ads from apps as well. For the remaining apps there is of course Lucky Patcher to get rid of the ads.
APK, meet APK (Score:2)
Apps like AdFree block adservers on hosts level, removing most ads from apps as well.
So if you root, does that mean you can get an APK to add a layer of security the APK way?
Re: (Score:2)
Huh? In this case, if I root I can edit /etc/hosts to reroute some domain names to localhost. AdFree puts all known adser ers i there. Wether an app or the browser tries to load an ad from such a server it won't load. Of course, patching the apk with Lucky Patcher prevents the app to try to load the ads completely, which might result in a better batery time.
Re: (Score:2)
I'm referring to Alexander P. Kowalski, a frequent contributor to Slashdot's comment section who is often seen advertising his Windows-based tool for aggregating hosts files. His initials happen to be the same as the end of the filename of an Android app package.
Re:Can you trust the hardware and firmware? (Score:5, Insightful)
Considering the bloatware that the phones comes with as standard like Facebook (that spies on your address book) and a number of unwanted apps that have been granted unkonwn privileges by the phone vendor I'd trust a rooting tool more.
Re: (Score:2)
If you can't even begin to vet the source there is no accounting for the bugs and potential back doors. We don't know what the adversaries intentions might be. While it could be profit driven as is the case with most malware it could also be espionage, spying on dissidents, or something else. Of which there maybe no acting on the bug/backdoor. That would make it significantly more difficult to detect in a closed source application.
After that, the next step would be to get someone to provably audit that open source code. We have seen that open source is no guarantee that the eyeballs are actually there. Even some malicious party could distribute something heinous and just get away with it by saying "relax, it's open source".
Re: (Score:2)
Do you buy the device that's 95% of what you wanted and try to modify it for the other 5%? Or do you buy nothing and go without the functionality you want. The vast majority of the time buying the item that's perfect for your needs isn't possible because it simply doesn't exist.
I'm all for voting with your wallet, but you have to be realistic, get the best option, don't hold out for the perfect option or you'll usually spend your life with nothing.
I have a galaxy note 4. I don't have it because I like the
Re: (Score:2)
Re: (Score:2)
Getting cyanogen on my HTC is a maze of shady .exe files linked from shady forums hosted on shady filedrop sites.
Hate to admit it, but this. Trying to find the right set of instructions to follow to get most phones rooted so you can install a custom bootloader and install CyanogenMOD is a big mess. Sort of like an IQ test of trust and persistence to determine whether you're worthy of running a custom ROM.
That said, I've trusted my phone's behavior more when it's running CyanogenMOD than when I was running the manufacturer's ROM.
Re: (Score:2)
Really? Go to XDA-Forums. Look up your device and start with the sticky that is inevitably there which tells you how to root, return to stock, and everything else you need.
As for exe files you could just use ODIN.
Re: (Score:3)
Really. Here's the "simple" 9-phase process with for the pretty common Nexus 5 :
http://forum.xda-developers.co... [xda-developers.com]
Yes, it's pretty cool to go through that for the first phone or two, but after the 5th or 6th time it kinda gets old to have to spend an hour or two keeping track of how TWRP is replacing the clockworkmod bootloader, which exploit to use to root, backing up using Titanium or Helium, etc. After a while it feels less like you're learning new stuff and more like you're jumping through hoops just t
Re: (Score:3)
Thats not a 9 step process for rooting a nexus 5. That is all the stickies collected into 9 groups. I mean one of the sections is called "Defects" and talks about things like light bleed.
To root a nexus 5 you don't need to do anything extravagant at all. Basically install the drivers, turn on the phone while holding down volume down, plug it into your usb and from a command prompt type "fastboot oem unlock"
Re: (Score:2)
Re: (Score:2)
Step 1) Doesn't want Google observing them.
Step 2) buys Android tablet, wholly controlled by Google.
At this point, the options are a bit sparse...Google, Apple, Microsoft, maybe Blackberry....I mean, about the only place you won't find that level of mess is an HP Touchpad running WebOS, because I can't see any of the infrastructure still being switched on. The fact of the matter is that, while not outright collusion, I'm unaware of a privacy focused company who has enough chops to release a tablet running their code.
If you were going to root it anyway why not buy an iPad and jailbreak it?
Different apps. I haven't been in Cydia recently, but I'd wager that the variety of apps t