Android Root and its Providers:A Double-Edged Sword

Android root is the voluntary and legitimate process of gaining the highest privilege and full control over a user’s Android device. To facilitate the popular demand, a unique Android root ecosystem has formed where a variety of root providers begin to offer root as a service. Even though legitimate, many convenient one-click root methods operate by exploiting vulnerabilities in the Android system.

Android root providers focusing on

 1) if their exploits are adequately protected.

2) the relationship between their proprietary exploits and publicly available ones.

Root and jailbreak are the process of obtaining full privilege on Android and iOS devices respectively. They allow users to bypass restrictions set by carriers, operating systems, and hardware manufactures. With full control over the device, a user can uninstall bloatware, enjoy the additional functionalities by specialized apps that require root privileges, or run paid apps for free.

There are two types of root methods: 1) soft root. 2) hard root. The former refers to the case where root is obtained directly by running a piece of software (i.e., root exploits).

The latter refers to the case where su binary is flashed externally via an update package or ROM. Depending on the device model and OS version, different root methods may be applicable.

TowelRoot (CVE- 2014-3153) exploits the futex syscall bugs to gain root access and it is considered to affect all kernel versions before 3.14.5

General Root Architectur

You may find more exploits on