Tuesday, November 8, 2011

Rooting your Android phone: Balancing risk with freedom

I have no interest in rooting my Android phone. It works fine. But, that may change. Apparently, AT&T is messing around with the ability toside-load applications.

Android Central has a slew of posts about this. It seems AT&T removed the setting to "Allow installation of non-Market applications" from many of the Android phones they offer. My Samsung Infuse happens to be one of the exceptions.

Why? I don't know. I am curious if this is the case with other carriers. Does your Android phone have the setting (Settings/Applications) encircled in red?

If not, you're unable to take advantage of offers like this one from Amazon.

Well, that's not entirely true. You could root your Android phone to allow side-loading.

Is rooting a good idea?

As I said earlier, I don't have a dog in this fight. But, I know plenty that do. And they're asking me, "Is rooting my phone a good idea…or not?" My response, "I'll get back with you."

Our opinions

That's code for, I need to consult my Android Investigative partner and fellow TechRepublic writer, William Francis. I've been around long enough to know it's harder to point a finger at twopeople if something goes wrong. Here's what we came up with.

Kassner: A good starting point might be to define "rooting an Android phone". As an ex-iPhone user, I considered it jailbreaking. Is there a difference?

Francis: Rooting and jailbreaking are phone-specific terminology for the same thing — getting access to the underlying operating system on the phone.

Kassner: What do you see as the advantages of rooting Android phones?

Francis: In my opinion, the biggest reason to root an Android phone is to install a custom Read Only Memory (ROM). If you ask 20 different Android users with rooted devices why they did it, you're going to get 20 different answers.

Some of those reasons are legitimate and advantageous, such as removing carrier-added software which the user doesn't want sitting there eating up space, or worse, CPU and battery resources. Other reasons may fall into more gray areas, like circumventing carrier restrictions on Wi-Fi hotspots, or turn-by-turn navigation.

Finally, you'll run into people — gadget nuts —  who root their phones for the hell of it. I have a friend who went through the process of rooting and installing a custom ROM on his phone so he could change the image his phone displays when booting up.

Kassner: You knew this was coming: What are the disadvantages of rooting Android phones?

Francis: Of course, with power comes responsibility; once you have super-user status — goal of rooting — there is nothing preventing you from deleting or altering a setting that bricks the phone.

For example, did you know that the dialer portion of your Android phone is an application? Once you've rooted the phone, you can delete it just like any other application. I know; first hand, I'm embarrassed to say. By the time I realized what I had done, I had a "smart" phone that couldn't make phone calls. Luckily, I was able to restore the original ROM.

Kassner: Answers are all over the map when I ask if rooting voids the phone's warranty. The most interesting answer was. "It only matters if you return the phone in a rooted condition." William, I need you to set me straight. What's the deal with warranties?

Francis: To my knowledge, it is completely up to the carrier and or manufacturer (depending on where you got your phone and if you have insurance on it). Most carrier-warranty policies have a vague clause concerning the loading of "unauthorized" software which gives them wiggle room on the subject.

It's best to get your specific phone carrier to answer that question in writing.

Kassner: A coworker sent me the following quote, but not the source:

"Verizon and other major carriers are working to develop ways to track rooted phones and phones running custom kernels. Once a phone is identified, new firmware currently being developed will disable the phone."

Have you heard anything about this?

Francis: I have heard this type of rumor before, but I don't put much stock in it. Here's why. Two popular reasons for rooting a device are to disable carrier-pushed Over-The-Air (OTA) updates and load your own firmware.

First, if you disable the carrier's link to send firmware updates, it is unlikely the carrier can re-enable the link remotely. Without the link, the carrier has no way to send an update.

Second, as long as you aren't using your phone to violate your contract with the carrier — I can't imagine why the carrier would bother. You are paying to send and receive voice and data over their network. Turning off the phone of a paying customer just seems like bad business.

Kassner: You mention that the updating process is disabled when the phone is rooted. I read that people are purposely rooting their phones, just so they can get the latest version of firmware and updates. I'm confused.

Francis: The confusion comes because the term "rooted" is often used to refer to a device that has been jailbroken and modded — another term for installing a custom ROM. To be precise, the term "rooting" only refers to giving yourself root privileges (super user), to the operating system.

As for updates being disabled, if you only root your phone, the phone will still receive OTA updates. But in a "catch 22″, when you get an OTA, it will revoke your super-user privileges - forcing you to re-root after the update.

Custom ROMs are a different beast entirely. Android is an open-source project, meaning there are people actively engaged in development of the operating system outside of what Google is doing. Some of the features and improvements the developers come up with are pretty sweet. But, most of these features will never be incorporated into the operating system.

So development companies — like CynogenMod –  offer new and or experimental features by compiling alternate versions of Android. Updating to one of these custom ROMs will likely prevent you from getting future OTA updates from your carrier, especially if the update is a newer kernel build.

Kassner: One thing still confuses me. How can companies like Cynogenmod offer the newest version of Android faster than the phone manufacturer or the carrier?

Francis: Good question. Remember, once Google releases a new version of Android and open sources it, you — as a user — still have to wait for the phone manufacturer and carrier to make their modifications, test them on the devices, and then finally send the update to you.

Everyone gets their hands on the code at roughly the same time. But without financial motivation: Why should a manufacturer spend time tweaking a newer version of Android for a phone purchased a year ago?

Also, more times than not, you can get the newest version of Android sooner via the custom ROM route. This is why I and most other developers root phones — to load a custom ROM and preview a new version of Android.

Kassner: It appears that AT&T is now preventing side-loading of apps or loading from online app stores like Amazon Apps. Why do you think that is? Isn't that policy going to force more people to root their phones?

Francis: In my mind, carriers preventing someone from side-loading apps is just downright dirty. There are very few legitimate reasons for doing this.

On the other hand, I can think of many reasons why a carrier might engage in this — all motivated by greed. Remember, the carrier has last contact with the operating system before it goes to your phone. It doesn't take much imagination to realize the power that gives them.

Kassner: Let's say I am brave enough to root my phone. Before I do, is there anything I should save or do, in order to get back to a pre-rooted phone if need be? Maybe I should first ask if that's even possible.

Francis: Absolutely. You just need to remember the procedure for backing up, rooting, and installing custom ROM's is different for every phone.

CynogenMod has a comprehensive guide for each phone it supports. It's important to read it and follow the steps carefully. Otherwise, it is possible to brick your phone.

In two-plus years of rooting and loading custom ROMs, I've done it once. I had to go to my local phone store (Sprint) and hope for the best. The woman at the store was very nice, replacing the rooted phone without any hassle.

Kassner: In our article, "Mobile malware: A clear and present danger", Adrienne Porter Felt proposed the following:

"Currently, smartphone manufacturers and network providers are indirectly (and accidentally) aiding malware authors by selling "locked" phones. There's strong demand among certain segments of the market for unlocked phones, so expert users are motivated to find exploits.

We think manufacturers and network providers should sell phones that can be easily unlocked by their owners — without using exploits. This would remove the incentive for tech-savvy individuals to find and publish exploits."

At the time, I didn't have a chance to ask what you thought about Adrienne's idea, I would like to now, though.

Francis: It's certainly an interesting idea. I, myself, would certainly consider a phone that granted me superuser rights out of the box, ideal. At the same time, I'm not sure I want my mom having a phone that will allow her to delete critical system files, particularly the dialer app.

Final thoughts

There you have it, our take on rooting Android phones AnDevCon

Sent from my iPad Ť€©ћ№©¶@τ

No comments:

Post a Comment