There has been some confusion about what happened recently regarding modifying smartphones.
First, let’s distinguish between some terms that are often at the “root” of the confusion:
- Jailbreak: essentially this is the act of obtaining superuser (root) access on your device so you can modify the system, from removing unwanted applications (bloatware) to applying a completely different, often newer, operating system or ROM.
- Unlock: the act of modifying the device such that it can be taken to a different carrier. For example, taking a phone bought from AT&T and activating it on Verizon. Superuser (root) is typically required to unlock a device.
- Root: technically refers to obtaining administrative rights, often called superuser or root, to the device. Though, colloquially this term is also sometimes used to describe jailbreaking and/or unlocking a device. One can obtain root and continue to use the stock system, but with enhanced privileges.
- ROM: literally Read Only Memory. In context, however, ROMs refers to the system software package in the devices’ Read Only Memory from which the device boots. All you’re doing is replacing the software in the devices’ ROM, but the software package is referred to as a ROM, itself. Yeah, that’s not confusing at all.
- AOSP: literally Android Open Source Project. AOSP is used to describe custom built systems or ROMs. These are bleeding edge, but can be buggy.
In the U.S. the law which dictates whether any of the above is legal is the Digital Millennium Copyright Act (DCMA). Technically, all of the above is illegal…with the twist: The Librarian of Congress has the ability to set exemptions to the DMCA. These exemptions must be renewed every 3 years, and take effect 90 says after notice of new exemptions.
In 2006 and 2010, unlocking of smartphones was an exemption, meaning you could take a device purchased from one carrier and unlock it such that the phone could be added to a different carriers network. Not so in 2013.
In 2010, jailbreaking a smartphone, which is altering the software from the manufacturers specifications, was also an exemption. Jailbreaking did make the list of exemptions for 2013. The language allows circumvention of:
“computer programs that enable wireless telephone handsets to execute lawfully obtained software applications, where circumvention is accomplished for the sole purpose of enabling interoperability of such applications with computer programs on the telephone handset.”
So you are “mod”ing the smartphone, but not switching carriers, when you jailbreak a smartphone.
Note: this exemption for jailbreaking DOES NOT APPLY TO TABLETS. So it is illegal in the United States to jailbreak your Kindle or Nook, or other tablet. Sorry tablet owners.
If there is one truth regarding the technology of smartphones and tablets today, it is that carriers market and subsidize these devices as feeding troughs for their respective media services. Simply put, buying an iPhone is a feeding trough for the Apple Store and iTunes. Buying a Kindle is a feeding trough for Amazon. Buying a Nook is a feeding trough for Barnes and Noble. Buying an Android device, however, is only partially a feeding trough for Google, but also a feeding trough for the carriers which market the Android devices, such as AT&T, Sprint, Verizon and T-Mobile.
The tighter the restrictions on the operating system, the more the devices are subsidized and cost less to the consumer. The looser the restrictions, generally, the more expensive the device.
Another reason U.S. carriers and manufacturers are so strict is because of anti-piracy laws like the Digital Millennium Copyright Act (DMCA). Because of this law, if the RIAA or MPAA finds that a manufacturer is selling a device which can easily pirate media, they can sue the manufacturer of that product. Also, the carriers often have contracts with recording companies, sometimes exclusive, for certain brands of media; and the carriers attempt to protect that investment, by keeping the devices locked down. So the carriers also support the DMCA, because doing so keeps you feeding from their trough. It doesn’t just make sense, it makes dollars and cents.
XDA-Developers actually published a video discussing myriad more reasons for rooting and jailbreaking your phone.
Why you NEED root
Earlier this week, the cyber security firm Mandiant release a report for a multi-year investigation into alleged Chinese Army backed organization they named Unit 61398, who Mandiant claims is responsible for sophisticated computer attacks against government and corporate websites. The Chinese government denies all of this. Regardless who is responsible, many attacks come by proxy from compromised systems which would otherwise be benign. Whether it comes from government backed entities, hacker groups, or coders with malicious intent, the goal is to get into your system, steal your information, and then use your device to infect other systems or perform attacks. Any system can be compromised, and smartphones are no exception. Just how far can a determined group go? Enjoy this clip from the Colbert Report describing what Anonymous did to Aaron Barr:
But you have anti-virus software on your phone. Excellent. Everyone with a smartphone should. But if you don’t have root, then your antivirus program is limited to the same access you have, while the intruder is able to use known exploits to gain root access. Now your antivirus program is powerless, and your smartphone can be used like any other computer to either steal your personal information, or perform attacks on other systems.
The catch is, many of these vulnerabilities get fixed. But your carrier has virtually no incentive to push these updates to you. Carriers are under pressure to deliver more for less, and don’t really have the infrastructure to deliver regular updates to existing customers, and support those customer’s for whom the updates were problematic. And so, most customers with stock devices often go lengthy periods before getting any updates, if they get any updates at all. Simply put, there are many out of date Android phones in use with security holes that have been fixed, but nothing is going to be done about it.
We live in a world where smartphone and tablet sales are outpacing laptops, and these devices are increasingly the target of attacks. There is nothing worse than being the victim to an attack when the fix and the protection was available for months. Jailbreaking your smartphone and using a more updated ROM is going to protect you. Then, by installing superuser, you get to control exactly what gets root access, instead of malicious programs simply taking it.
Scenario: Let’s say I’m a malicious intruder. I may not be malicious towards you in particular, but you have a stock and locked phone about a year old or so. And you came to my website. Yay me. I can use the exploit to gain root access and put in my back door. I also tell your phone to send a packet to a server I have somewhere, and it logs the IP address and type of connection used, be it 3G, 4GLTE, or Wireless. Eventually, you go home and your device connects to the internet through your wireless router. The packet gets sent and I get an alert you’re on a
network now. Yay me. I use the backdoor I created and tell the phone to scan all computers on the network – YOUR HOME NETWORK. Oh – a couple of windows machines. Cool. I’ll bet they have Acrobat Reader and/or Java on them. Or perhaps another of these 0-day exploits will work on them. Now I’m in your entire home network. I now have 3 systems from which I can launch a DDOS attack on some corporate server somewhere else. Or maybe I’ll just use them to break into some other servers. Man, it’s a good thing for me that you didn’t have control of root on your smartphone. Now I can do whatever I want. And when I stop to think of the sheer number of unrooted, unpatched devices out there in the world — welcome back to the wild west.
A few weeks later, the FBI comes busting down your door. Ha. What are they gonna do…hire Aaron Barr? (see the Colbert Report link above.)
Is your Android phone at risk? Try out www.xray.io From this site you can download and install the XRay app, which will test your Android for several known vulnerabilities. Note: The Google Play store warns against installing this app specifically because it exercises known exploits. You can’t get it from play. You’ll have to download the APK file, and then install it from your file browser.
How hard is it to root a smartphone?
Well, now that depends on the manufacturer, the model, and the carrier. Some phones, like my Samsung Galaxy S III, took about an hour of reading, and only 15 minutes to actually perform the rooting procedure. This same phone then took only another 30 minutes to load the ISO.
On the other hand, I also owned a tricky HTC EVO 3D with the updated hboot, and it took the rooting community the better part of 6 months to find a method of rooting the device which didn’t involve pulling the battery in the middle of a software recovery procedure .
That said – it really does depend. Fortunately, there are two excellent resources from which you can quickly find out just how easy or hard it will be to root your particular device.
The first is the premiere forum for all things smartphone: the XDA Developers Forum.
Their main website is here: http://www.xda-developers.com and the forum is here: http://forum.xda-developers.com
From the forum page, search for your device, and you will find forum listings with far more information that you probably wanted. Often, there will be multiple methods of rooting, and lists of different AOSP ROMs.
The second resource is the home of one of the most popular ROMs for almost any device: Cyanogen Mod
The main website for Cyanogen Mod is here: http://www.cyanogenmod.org
On this site, when you select your device, you are taken to a page with provides simple instructions for obtaining root access AND installing the Cyanogen Mod for your device.
Is Cyanogen Mod the best ROM? Well, I’m sure the community at XDA Developers would argue that point. But what they would be able to agree on is that Cyanogen Mod is one of the more frequently updated ROMs, sometimes 6 months to a year more up to date than stock (depending on your device); and it is typically better than stock.
Now I would like to add these warnings and disclaimers to installing a ROM.
- More often than not, rooting your device alone will void your manufacturers warranty.
- If your device does experience hardware issues, you’ll have to recover the device back to stock before your carrier will look at it. (both XDA Developers and Cyanogen Mod provide instructions on how to do this.)
- Not following the instructions properly CAN brick your phone – though usually there are ways to recover.
- While the rooting and ROMing procedures are often easy, if you are not comfortable with the procedure, it is probably best to have a more tech-savvy friend do it for you.
- Make sure you perform a backup prior to attempting to root and ROM your device.
- If you choose to do this, you get to accept personal responsibility for the consequences.
And finally, I would like to add some of the benefits you stand to gain by jailbreaking:
- Enhanced security
- Up to date software
- reduction in bloatware
- bleeding edge features – AOSP
- Improved system performance
- Improved battery life
- Bragging rights
- Set your system free
- Freedom to feed from the media trough of your choice
- You get to join a community of millions of users (XDA)
Read through some of the XDA forums for your particular device. You’ll get an idea of the issues others have had with your phone under different conditions. See if jailbreaking your smartphone is right for you. For your safety, your privacy and your enjoyment, I recommend you do.