Kernel module cogsYou may have read some places that there’s a possible change coming to the next version of Android which makes the system partition unwritable on stock ROMs. There will then be comments galore that this is the end of root since you can’t write to the system partition and it’s time to jump off the Android ship. Here’s what’s real, as far as I can tell:

Reports of upstream changes

While it’s not guaranteed that the changes people are seeing upstream with development will commit to Android, it’s a very good possibility and probably should happen. I’ll tell you why later.

/system writes to be disabled

On a stock rooted system you will be unable to write to the system folder.

This prevents you from:

  • Modifying the hosts file  for advertising removal: /system/etc hosts
  • Changing your build.prop (allows you to emulate another phone, get things in Google Play you’re not supposed to, access developer settings on the phone, etc, and probably a host of other things – /system build.prop
  • Installing busybox in its normal location /system xbin
  • Several other root applications use the /system and this could impact them

This is actually a very good thing security-wise

OK, here’s the thing. Android is designed to be secure. The ability to write to the /system partition is a major problem with security. Several exploits use this to gain root access. This patches those holes and prevents your phone from being able to be easily hijacked by a third party.

Let’s put this out there – security is Google and Android’s main concern. What’s good for Android is good for us as a root/Android community. No, I’m not being sarcastic.

If Google leaves holes that can be exploited, the 99% of users who do not root are at risk. This has to be addressed and fixed in the core of the operating system, and that’s what they’re doing.

If you think this seriously affects a rooted user, it doesn’t

The change that may be coming down the line limits stock rooted phones to not be able to write to /system. This means if you unlock your phone, install superuser, no matter what at this point you’re not going to be able to write to /system.

If you unlock your phone, install superuser, and flash a custom kernel with /system write enabled. you’ll be able to write to /system.

If you unlock your phone, flash a custom ROM, you’ll be able to write to /system.

Pretty much nothing changes, except you probably need to install a non-stock kernel.

Understand rooting means you’re throwing away security

When you root a phone and grant access to a root application, you disable security measures that are for the most part put in place to protect your phone, data, and you. Sure I’ll accept the spinoff argument that some of it is to force you to purchase services (tethering restrictions), but for the most part Android security works by placing a series of restrictions on an application so it can’t do things that could harm the system.

When you root and give an application superuser access, you’re allowing that thing to run willy-nilly through your phone doing whatever it pleases.

The potential upcoming changes only impact stock ROMs. Stock is designed for security. You can chuck one component of stock and you’re back where we are now with root.

A change to system write procedures does not end root on your phone

While some exploits to unlock phones involve writing to the /system partition, most do not. If your phone or device requires you to go through a third party only to unlock and gain root access, you actually might have a problem, but your problem is with the manufacturer of the device, not Google.

The solution is pretty simple here – don’t buy a device that can’t be unlocked. This change makes it harder to find an exploit to root an unrootable. It also makes it harder for someone to find your phone in a bar, root it, and steal all your information that’s stored on the phone.

A workaround for stock rooted devices is already available

OK, if for some reason you don’t feel like you can flash a custom kernel, or if there’s no custom recovery available for your device, not being able to write to system while running in Android mode is not the end of the world.

Ads can be blocked via an adblock proxies, Google Play can be accessed as a different device via modified APK, tethering can be done for $1.99 without root as it stands, etc.

The only thing that might be a problem is the Xposed framework if you don’t have a custom recovery available for your device. If you do, nothing much should change.

You can still write to system in recovery mode

Anything that requires a write to /system can be flashed. The potential changes only kick in when you’re in Android (running mode).

Assuming your phone has no recovery mode, you could still flash an insecure kernel in Android mode.

Google’s not making this harder for you

Google and the people who are working on what becomes Android are making your phone more secure. This is not a money grab, this is not some thing they have against the root community. It’s security, plain and simple.

When you root, if you want to write to system flash an insecure kernel or ROM, you’re set. You don’t have to write to system to enjoy most root applications.

There might be an argument here that by making the OS more secure it forces you to go through the manufacturer to unlock and root the phone, but akin to saying that by making cars less likely to kill you in an accident that they’re giving big hospital more income by keeping you alive.

A quick example of the differences on the HTC One M8 series would look like this:

Before the change: unlock bootloader at HTCDev, flash custom recovery, make nandroid backup, enjoy.

After the change: unlock bootloader at HTCDev, flash custom recovery, make nandroid backup, flash insecure kernel, enjoy.

For the HTC One M8 crowd we already have to do this as HTC’s had /system writes disabled for a while now. No difference for us. You either get S-OFF, install an insecure kernel, or flash a new ROM.

It’s a good thing, really!

So, it should be noted that if you’re able to unlock your phone to install root software (recovery, Superuser), this has next to no negative impact on you.

If your device manufacturer does not allow you to unlock, you need to choose another device manufacturer. It’s that simple. Why give money to a manufacturer who won’t let you do what you want to with your device?

Or maybe I’m wrong

This could be the end of root on Android as we know it, but I rather doubt it. It seems like an impossibly easily surmountable bump the improves security significantly

If I’m wrong, drop a note and let me know what I’m wrong about though. I just don’t see a security improvement (that you can easily disable) as a bad thing and the only arguments I’ve seen that this is the end of the world don’t seem to have any merit.