Rooting and Security

[Mustang7303]

Not too long ago there was an article or two about apps being pulled from the market place because they were found to be malicious by rooting phones and snatching personal information. This has alway been a concern of mine about "open source" platforms, despite all of the advantages it has.

Somewhere in time there was also talk of changing the "root" or "admin" password of a device, I think it was related to iPhone(s) though, and how it was a good idea to change the password from the default to foil attempts at compromising personal data.

Is there a default password used for rooting, and would changing it offer any help against malicious code if it can be changed at all?

 

[menschmaschine5]

Although an admin password is used in most Linux distros, it's not in Android. Basically, it's a password that you have to enter anytime you do something that can make a change to the system (installing apps, changing system preferences, etc). Android doesn't use an admin password, but it does lock down most system preferences unless you root the phone.

 

[leehblanc]

Although an admin password is used in most Linux distros, it's not in Android. Basically, it's a password that you have to enter anytime you do something that can make a change to the system (installing apps, changing system preferences, etc). Android doesn't use an admin password, but it does lock down most system preferences unless you root the phone.

Even once rooted, the "Superuser" app handles all permissions for root access. It will pop up when a program asks to run as "Superuser" and you have the choice to allow it or deny it.

 

[DroidXcon]

Even once rooted, the "Superuser" app handles all permissions for root access. It will pop up when a program asks to run as "Superuser" and you have the choice to allow it or deny it.

+1 on this but you are still open to attack there are way around the superuser app...thunderbolt comes with android 2.2 i blieve so security is higher and malware is less likely to attack.

but the best defense is to be mindful of the apps you use, when using the market make sure to check the rating and read the comments. If you sideload app check the source of the app and if it looks like something that you dont need well then just dont use it. You are your own best defense.

 

[leehblanc]

+1 on this but you are still open to attack there are way around the superuser app...thunderbolt comes with android 2.2 i blieve so security is higher and malware is less likely to attack.

but the best defense is to be mindful of the apps you use, when using the market make sure to check the rating and read the comments. If you sideload app check the source of the app and if it looks like something that you dont need well then just dont use it. You are your own best defense.

Thanks for pointing this out. I was thinking more along the lines of mainstream trusted apps (Titanium, etc), but less "ethical" programmers CAN take advantage.

 

[anon(220176)]

With the iPhone, the problem is not only on apps, but SSH can be installed on iPhone apps and people did not know how to TURN OFF this service. So hackers will just scan the Wifi network, SSH to the victim's iPhone and do whatever they want. There was an article a while back when this happened.

So for Android, once I gain root access, what is the root/admin/su password to prevent something like the above?