garyopa
03-18-2012, 08:14 AM
...It now requires user configuration.
http://www.maxconsole.com/maxconsole/contents/RKLS0000004841/icon_xl.jpg
The Android based replacement firmware. Will no longer offer root access upon first install, but you can still enable superuser access from Dev options.
CyanogenMod, the replacement firmware based on the Android mobile operating system, will no longer offer root access upon first install, BUT, you can still enable superuser access (for ADB, apps or both) from the Developer Options menu. These changes are based on 'security concerns'.
The biggest change, in fact, is that CyanogenMod is making a significant departure from the majority of custom ROM developers, which offer root access to all users by default (and often without their knowledge). The move is an attempt by CyanogenMod leaders to make the platform more secure, and given the number of ROMs that are based on CyanogenMod (or glean its packages), we wouldn't be particularly surprised to see this feature become more commonplace amongst other custom Android ROMs.
What the official devs have to say? This is a little FAQ from them:
What do the patches do?
They disable root selectively and in a configurable way. Users will be able to configure their exposure to root as:
* Disabled
* Enabled for ADB only
* Enabled for Apps only
* Enabled for both
How does this change affect the usage of your device, and root apps you have installed?
On a default CyanogenMod installation, root usage will have to be explicitly enabled by the user. This means that the user is fully aware that any application that uses root may perform actions that could compromise security, stability and data integrity. Once enabled, the process mirrors that of the current process, apps that request root will be flagged by the SuperUser.apk and the user will have to grant selective access.
Why the change?
At CyanogenMod, security has always been one of our primary concerns, however, we were hesitant to make a change that might disrupt the current root ecosystem. With CyanogenMod 9 we have the opportunity to do things better, whether its the code in the OS, UI/UX, or security – we are taking this time to do things with a fresh approach.
Shipping root enabled by default to 1,000,000+ devices was a gaping hole. With these changes we believe we have reached a compromise that allows enthusiasts to keep using root if they so desire but also provide a good level of security to the majority of users.
What concerns remain?
Many of you reading this are savvy enough to note a remaining hole in this approach – recovery and unlocked bootloaders. The bootloaders are out of our hands, there is little to nothing we can do on that front.
Regarding recovery – with unlocked bootloaders, a malicious user could just flash a new recovery image (without any potential security we could apply) or just dump the data partition. This however, requires physical access to the device. As such, the security standards for this are highly reliant on you, the device owner. Data encryption is available in ICS to safeguard your data. (Warning for emmc only users – encrypted /data means recovery will be non-functional.)
The onus is on you to secure your device; take care of your possessions, and this risk is minimal. Always make sure you take devices out of your car before you go into the mall and remove them from pockets before washing laundry. Common sense is a basic security tool.
But Why?
We honestly believe there are limited uses for root on CyanogenMod, and none that warrant shipping the OS defaulted to unsecured.
Seems this could be a very smart move!
OFFICIAL SITE: http://www.cyanogenmod.com/blog/security-and-you
NEWS SOURCE: Cyanogenmod disables root access by default (via) EnGadget (http://www.engadget.com/2012/03/16/cyanogenmod-disables-root-access-by-default)
Our thanks to 'Gauss' for this news item!
http://www.maxconsole.com/maxconsole/contents/RKLS0000004841/icon_xl.jpg
The Android based replacement firmware. Will no longer offer root access upon first install, but you can still enable superuser access from Dev options.
CyanogenMod, the replacement firmware based on the Android mobile operating system, will no longer offer root access upon first install, BUT, you can still enable superuser access (for ADB, apps or both) from the Developer Options menu. These changes are based on 'security concerns'.
The biggest change, in fact, is that CyanogenMod is making a significant departure from the majority of custom ROM developers, which offer root access to all users by default (and often without their knowledge). The move is an attempt by CyanogenMod leaders to make the platform more secure, and given the number of ROMs that are based on CyanogenMod (or glean its packages), we wouldn't be particularly surprised to see this feature become more commonplace amongst other custom Android ROMs.
What the official devs have to say? This is a little FAQ from them:
What do the patches do?
They disable root selectively and in a configurable way. Users will be able to configure their exposure to root as:
* Disabled
* Enabled for ADB only
* Enabled for Apps only
* Enabled for both
How does this change affect the usage of your device, and root apps you have installed?
On a default CyanogenMod installation, root usage will have to be explicitly enabled by the user. This means that the user is fully aware that any application that uses root may perform actions that could compromise security, stability and data integrity. Once enabled, the process mirrors that of the current process, apps that request root will be flagged by the SuperUser.apk and the user will have to grant selective access.
Why the change?
At CyanogenMod, security has always been one of our primary concerns, however, we were hesitant to make a change that might disrupt the current root ecosystem. With CyanogenMod 9 we have the opportunity to do things better, whether its the code in the OS, UI/UX, or security – we are taking this time to do things with a fresh approach.
Shipping root enabled by default to 1,000,000+ devices was a gaping hole. With these changes we believe we have reached a compromise that allows enthusiasts to keep using root if they so desire but also provide a good level of security to the majority of users.
What concerns remain?
Many of you reading this are savvy enough to note a remaining hole in this approach – recovery and unlocked bootloaders. The bootloaders are out of our hands, there is little to nothing we can do on that front.
Regarding recovery – with unlocked bootloaders, a malicious user could just flash a new recovery image (without any potential security we could apply) or just dump the data partition. This however, requires physical access to the device. As such, the security standards for this are highly reliant on you, the device owner. Data encryption is available in ICS to safeguard your data. (Warning for emmc only users – encrypted /data means recovery will be non-functional.)
The onus is on you to secure your device; take care of your possessions, and this risk is minimal. Always make sure you take devices out of your car before you go into the mall and remove them from pockets before washing laundry. Common sense is a basic security tool.
But Why?
We honestly believe there are limited uses for root on CyanogenMod, and none that warrant shipping the OS defaulted to unsecured.
Seems this could be a very smart move!
OFFICIAL SITE: http://www.cyanogenmod.com/blog/security-and-you
NEWS SOURCE: Cyanogenmod disables root access by default (via) EnGadget (http://www.engadget.com/2012/03/16/cyanogenmod-disables-root-access-by-default)
Our thanks to 'Gauss' for this news item!