Credit: geohot/LifeHacker
To root or not to root, that is the question ...
Several years ago, I had the first Android phone released, the HTC G1, which I rooted within days of purchase. At that time, it seemed the best course, as the stock G1 had a number of unnecessary restrictions, including no pinch to zoom & no WiFi hotspot.
Now I have a Samsung Galaxy S4, unrooted. Why no root? For me, the benefits are no longer there. Among other things, pinch to zoom & WiFi hotspot are both standard.
Some of the restrictions in stock devices are security measures. However, this can be fall down if a vendor is slow in releasing a security update.
Towelroot is a special case with respect to security, because it makes use of a vulnerability in many Android devices. The same vulnerability may be exploited by a piece of malware. Paradoxically, the best way to protect yourself against this exploit right now, is to exploit it yourself by rooting using Towelroot.
Executive summary:
http://lifehacker.com/towelroot-roots-android-kitkat-devices-in-one-tap-no-p-1592226618
Excellent coverage of the issues:
http://nakedsecurity.sophos.com/2014/06/26/towelroot-app-makes-android-rooting-easy/
Official XDA thread:
http://forum.xda-developers.com/showthread.php?t=2783157
Geohot's Towelroot site:
https://towelroot.com/
How does Samsung feel about it?
https://www.samsungknox.com/en/blog/samsung%E2%80%99s-official-response-%E2%80%9Ctowelroot%E2%80%9D / Samsung Galaxy phones S5 Towelroot iOS Apple ecosystem strictures iOS jailbreak jailbreaking Apple imposed prison sentence Android Androids vendor imposed system lockdown root rooting granting root access superuser administrator privileges approved unapproved open source operating system OS open ecosystem devices Google Nexus 7 devices popular researchers testers developers security reasons root access by default physical access phone unlock bootloader replace vendor supplied operating system Android Debug Bridge ADB via USB install software grant root access risks of rooting risk unlocked device install firmware bug bugs buggy recovery recovered recover bricking brick device mobile complete and utter vendor firmware reset factory reset Nexus 7 device vendor open source Android core layer of proprietary software limits access device good security reasons well implemented anti-root lockdown anti root infect virus malware software reading your contact list listening in on phone calls using the webcam intercepting SMS text posting to social media sites dialling dialing premium rate phone numbers malware extensive digital harm reputation bank balance why root because it's there non-security-related lockdowns restrictions on network access imposed by the vendor Wi-Fi access point WiFi hot spot hotspot access backup back-up back up otherwise inaccessible files APKs application packages software bought paid for installed remove unwanted apps bloatware) vendor own commercial reasons apply security updates vendor tardy providing security lockdowns often pitched vendor-imposed controls less secure prevent apply applying security fixes fix numerous benefits of rooting system administrators workplace policy company owned devices should not be rooted BYOD bring your own device prevent users connecting rooted devices business network rooted device well informed user safer faster more useful vulnerable hackers malware data security risks Towelroot no-reboot-required exploit Sophos Anti-Virus detects Andr/TowRoot-A Elevation of Privilege EoP exploit physical access to the device reboot Towelroot covert convenient quick security hole used covertly EoP purposes attacker GeoHot George Hotz author Towelroot vulnerability exists in Android kernels dated before 03 June 2014 Android 4.4.2 or earlier vendor Android update protect yourself exploits /
