In association with heise online

19 March 2012, 12:27

CyanogenMod 9 to ship without default root access

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Android Root Request
Zoom The current implementation of an application requesting root access in an older pre-alpha build of CyanogenMod 9
The CyanogenMod developers have decided that they will release the next version of their custom Android ROM without root access by default. CyanogenMod 9 will however give users a configuration setting that lets them enable it.

CyanogenMod is the most popular open source firmware for Android handsets. It can be installed on a wide variety of phones and tablets, a process that usually requires the user to unlock the device's boot loader in order to flash the custom ROM image onto the device. The upcoming version 9 of CyanogenMod is the first version to be based on Android 4.x, code-named "Ice Cream Sandwich".

According to the CyanogenMod team, the change comes as they are considering the potential security problems that their ROM has traditionally exposed users to. As the team's blog post puts it: "Shipping root enabled by default to 1,000,000+ devices was a gaping hole." While applications currently prompt user for root access, this is still arguably a problem as many users tend to ignore such warnings or might get tricked by a malicious application masquerading as a harmless one.

The changes to the ROM will give users the control to decide where root access should be available. There will be four settings in CM9: root access can be completely disabled, it can be enabled only for development access via USB, it can be enabled for applications only and finally, root access can be enabled for USB access and applications. The new settings interface will be similar to the "enable third party applications" option that users should already be familiar with from the stock Android experience.

The new policy is already in effect in the first public CyanogenMod 9 alpha builds and the settings interface is included as well.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit