/>
X
Innovation

Security risk prompts CyanogenMod to cut off root

The popular CyanogenMod 9 custom ROM will no longer provide root access to a handset by default in order to try and offer better security.Jef Oliver, a member of the CyanogenMod team, said that the "furore" around Android Marketplace permission requests prompted the move to remove root access by default.
Written by Ben Woods, Contributor on

The popular CyanogenMod 9 custom ROM will no longer provide root access to a handset by default in order to try and offer better security.

Jef Oliver, a member of the CyanogenMod team, said that the "furore" around Android Marketplace permission requests prompted the move to remove root access by default.

"Among all the furore and concern about permissions requested by market apps and privacy, all Custom ROMs (CyanogenMod included) ship with one major security risk — root," Oliver wrote on Friday in a blog post under the name of 'jeagoss'.

Root provides unrestricted access to features and functions of the phone that would not normally be accessible by an app or user, and as such, root-level malware exists to target such potential security risks.

"Shipping root enabled by default to 1,000,000+ devices was a gaping hole. With these changes we believe we have reached a compromise that allows enthusiasts to keep using root if they so desire but also provide a good level of security to the majority of users," he added.

Users wanting root-level access can still configure a device to provide it. On a handset running the default CyanogenMod 9 build any action requiring root access will now have to be explicitly allowed by the user.

"This means that the user is fully aware that any application that uses root may perform actions that could compromise security, stability and data integrity," Oliver said.

He added that root access is unnecessary for most CyanogenMod users and that its uses do not warrant shipping the platform unsecured by default.

At the end of February, Brendan Eich, Mozilla's chief technical officer and the creator of JavaScript, told ZDNet UK that "Android seems to have more pitfalls and security problems [than iOS]" but that Apple's locked down approach was "a fairly blind way of catching intentional malware that's cleverly done".

The Mozilla Marketplace aims to walk the fine line between the permissiveness of the Android Market and the locked-down nature of the iOS store.

Editorial standards