Over the last year, nearly every time a security flaw or vulnerability in Android has been brought up, there’s been a unifying theme. Almost every time, these exploits and vulnerabilities exist because the device in question has enabled root access. In the past, Android modders would quickly root a device in order to gain access to features not enabled by the manufacturer, to flash a custom rom, or even just to remove bloatware. Over time, many of the features that have been forcibly bolted on to Android through root access have been incorporated into the OS, making the need for root less and less frequent.So, with security vulnerabilities seemingly on the rise and the need for root access seemingly on the decline, what need is there to have root access on your device active at all times? The CyanogenMod developer team asked themselves that very same question.According to a post on the CyanogenMod blog, the next update to CyanogenMod will include controls to disable and enable root access for a device. Additionally, the update will come pre-set to having root access disabled, and allow you to enable it in various stages in the settings. Currently, you will be able to activate root access for just ADB commands from your computer, for apps that require root, or for both. The goal here is to help limit the number of potential vulnerabilities walking around with an insecure OS may cause, but the blog warns that this is not a solution for all kinds of vulnerabilities. Simply put, there are still parts of Android that modders and hackers have little to no control over, such as bootloaders. There is no silver bullet, but this will significantly decrease many of the complaints found with an unsecured OS today.Personally, I see this as a huge step forward for CyanogenMod. As a user since the G1, I can safely say that in the last year I have only ever needed root access to install CyanogenMod on a device, and then it is only ever used again to take screenshots. Since the release of Android 4.0, I haven’t had a need for root access to my device at all. In fact, I have found that having root access hinders some actions, such as the ability to use Google Movies.The only practical use for root access on CyanogenMod that I can think of for most people is for users who don’t feel the need to pay for a wireless hotspot plan, so they activate the feature themselves. Root access is just not as necessary as it has been in the past.By having root access disabled by default, I also feel much more comfortable in offering CyanogenMod as an alternative version of Android to those who are less technical. The biggest benefits to CyanogenMod in the past for me have always been the ability to get the most recent version of Android months before the carriers and manufacturers feel the need to issue an OTA update, and the ability to remove OEM skins like TouchWiz or SenseUI. By allowing me to offer a more secure alternative to others, I will most certainly be doing so in the future. Considering that the CyanogenMod team is already serving over a million users, I can only see this change affecting them for the better.
By adminPosted on