Google Security Engineer Blogs About “Rooting”

Nick Kralveich, an Android Security Team engineer, has posted up (via Tim Bray, Android Developer Advocate) his thoughts and concerns about the current state of security on the Android platform. As the amount of Android handsets on the market increases, many users have been rootingtheir devices in order to install customizations, cooked ROMs and unlock third party software and repositories. Nick says that while Google does provide an easy modification to allowing personal boot images by unlocking the bootloader via simple commands (fastboot_oem_unlock), that it is not an indication of lax security. Google developers do aggressively fix known security holes, including those that can be used for rootingand Adobe has given credit to how Android uses a sandbox for application segregation. Google is also known for sending security of relevant patches back upstream to a project, yet many simply don’t know that rooting is an active exploitation of a known security holesays Nick. He says it is possible to design unlocking techniques that protect the integrity of the mobile network, the rights of the content providers, and the rights of the application developers, while at the same time giving users choice. Users should demand no less.and he is absolutely right.

Android straddles the fine line of providing users with a polished device with a booming application ecosystem and a highly customizable interface with open source software. With each iteration and release of Android, these lines are being blurred and Android is quickly climbing to the top.