Rooting (Android)

However, these are different concepts: Jailbreaking is the bypass of several types of Apple prohibitions for the end user, including modifying the operating system (enforced by a "locked bootloader"), installing non-officially approved (not available on the App Store) applications via sideloading, and granting the user elevated administration-level privileges (rooting).

Many vendors such as HTC, Sony, OnePlus, Asus, Xiaomi, and Google explicitly provide the ability to unlock devices, and even replace the operating system entirely.

Thus, it is primarily the third aspect of iOS jailbreaking (giving users administrative privileges) that most directly correlates to Android rooting.

[5] Rooting lets all user-installed applications run privileged commands typically unavailable to the devices in the stock configuration.

Rooting is required for more advanced and potentially dangerous operations including modifying or deleting system files, removing pre-installed applications, and low-level access to the hardware itself (rebooting, controlling status lights, or recalibrating touch inputs.)

In contrast to iOS jailbreaking, rooting is not needed to run applications distributed outside of the Google Play Store, sometimes called sideloading.

[29][30] The process of unlocking the bootloader might involve a factory reset, erasing all user data, third-party applications, and configuration.

However, hardware-backed SafetyNet versions may be triggered by systemless rooting, as well as in unrooted devices shipped without Google Mobile Services (GMS).

[40] Once an exploit is discovered, a custom recovery image that will skip the digital signature check of firmware updates can be flashed.

For example, the su binary (such as an open-source one paired with the Superuser[41] or SuperSU application[42]) can be copied to a location in the current process' PATH (e.g., /system/xbin/) and granted executable permissions with the chmod command.

Although Google quickly released a patch to fix this, a signed image of the old firmware leaked, which gave users the ability to downgrade and use the original exploit to gain root access.

[43] A security researcher, Grant Hernandez, demonstrated a use-after-free exploit in Binder, Android's IPC framework, to gain root privileges.

[45] Some manufacturers, including Xiaomi, OnePlus, and Motorola, provide official support for unlocking the bootloader, allowing for rooting without exploiting a vulnerability.

Manufacturers had expressed concern about improper functioning of devices running unofficial software[55] and related support costs.

Due to that, technical obstacles such as locked bootloaders and restricted access to root permissions have commonly been introduced in many devices.

For example, in late December 2011, Barnes & Noble and Amazon.com, Inc. began pushing automatic, over-the-air firmware updates, 1.4.1 to Nook Tablets and 6.2.1 to Kindle Fires, that removed one method to gain root access to the devices.

[56][57] However, as community-developed software began to grow popular in the late 2009 to early 2010,[58][59] and following a statement by the Copyright Office and Librarian of Congress (US) allowing the use of "jailbroken" mobile devices,[60][61] manufacturers and carriers have softened their position regarding CyanogenMod and other unofficial firmware distributions.

If custom firmware was flashed, the eFuse is set to 0x1, permanently voiding the warranty and disabling Knox-enabled features such as Samsung Pay.

The American implementation is the Digital Millennium Copyright Act (DMCA), which includes a process for establishing exemptions for non-copyright-infringing purposes such as rooting.

In November 2012, Canada amended its Copyright Act with new provisions prohibiting tampering with digital locks, with exceptions including software interoperability.

According to the European Directive 1999/44/EC, replacing the original operating system with another does not void the statutory warranty that covers the hardware of the device for two years unless the seller can prove that the modification caused the defect.

[78][79] New Zealand's copyright law allows the circumvention of technological protection measure (TPM) as long as the use is for legal, non-copyright-infringing purposes.

Under the Digital Millennium Copyright Act (DMCA) rooting was illegal in the United States except by exemption.

The rooting of smartphones continues to be legal "where circumvention is accomplished for the sole purpose of enabling interoperability of [lawfully obtained software] applications with computer programs on the telephone handset".

[88] Tim Wu, a professor at Columbia Law School, argued in 2007 that jailbreaking is "legal, ethical, and just plain fun".

Screenshot of Magisk on a Samsung Galaxy phone, an application to manage root access in Android