On LPX13D, SELinux, and root
Posted on 2014-10-19, 125 comments, 1560 +1's, imported from Google+/Chainfire

NOTICE: This content was originally posted to Google+, then imported here. Some formatting may be lost, links may be dead, and images may be missing.

As promised, here are some more details about the current situation.

Why it breaks

Google has really put some effort into better securing Android, and we've seen a lot of SELinux related commits to the AOSP tree over the past months. There is some disconnect between the AOSP tree and actual L preview builds, some things from AOSP are not in the L preview build, and vice versa. Ultimately, it's a pretty good bet these things will mostly align, though.

On most devices and firmwares, SuperSU's daemon is started by the install-recovery.sh service script that runs at system boot time, as user root with the init context. This is what the daemon needs to function.

Recently, they've started requiring all started services to run in their own SELinux context, instead of init. Developers and security guys following AOSP have known this was coming; AOSP builds have been logging complaints about this specific service not having its own context for a while now.

Now this script runs as root, but as the install_recovery context, which breaks SuperSU's operation, as it is a very restrictive context.

In the last AOSP build I have tried (a few weeks old), there were a fair number of other holes that we could use to launch the daemon. At first glance(!), it seems those have all been closed. An impressive feat by the guys working on this, if it proves true.

How to fix it

To fix root, all that really had to be done was ensure the daemon's startup script is run at boot as the root user with the init context.

There are multiple ways to do this, but unfortunately for now it seems that it does require a modified kernel package (changing the ramdisk).

In the modified kernel packages I've posted for the Nexus 5 and Nexus 7, the daemon's startup is fixed by commenting out the line in init.rc that forces the install-recovery.sh script to run as the install_recovery context, so now it runs as init again, and all is well.


As stated above, it seems for now that modifications to the kernel package are required to have root, we cannot attain it with only modifications to the system partition.

Combine that with a locked bootloader (and optionally dm-verity) and a device becomes nigh unrootable - exactly as intended by the security guys.

Exploit-based roots are already harder to do thanks to SELinux, and now because of the kernel requirements for persistent root, these exploits will need to be run at every boot. Exploits that make the system unstable (as many do) are thus out as well.

Of course, this is all dependent on OEMs implementing everything exactly right. If a certain OEM doesn't protect one of their services correctly, then we can leverage that to launch the daemon without kernel modifications. While I'm fairly certain this will be the case for a bunch of devices and firmwares, especially the earlier L firmwares, this is not something you should expect or base decisions on. It is now thus more important than ever to buy unlocked devices if you want root.

It might also mean that every firmware update will require re-rooting, and OTA survival mode will be broken. For many (but far from all) devices we can probably automate patching the kernel package right in the SuperSU installer ZIP. We can try to keep it relatively easy, but updating stock firmwares while maintaining root is probably not going to work as easy and fast as it did until now.

Apps need updates

Unsurprisingly, with a new major Android release, apps will need updates. None more so than apps that go beyond the Android API, as root apps do, but even some non-root apps will be affected by the security changes.

As one example, someone posted in the SuperSU thread of a kernel flashing app that didn't work. From the logcat you could see that it was looking for partitions in /dev/block from its normal non-root user and non-init context. That used to be possible, but now it is restricted: normal apps no longer have read access there. 

The solution for that app is actually quite simple: list the /dev/block contents using root instead. But simple solution or not, the app will still need to be updated.

By far most root apps should be updateable for L without too much issue. There are indeed exceptions that will need some special care, but those are rare.

Permissive vs enforcing

The kernel packages I posted for the Nexus 5 and 7 LPX13D  firmware keep SELinux mostly set to enforcing. I say mostly, because SuperSU actually switches a small part of the system to permissive, so apps calling su can do most things without much interference. The details on this are lengthy (yes, your apps will be able to modify policies as well if needed, which should be rare), and I will document these for other developers after L retail release, assuming it will all still work at that time.

Alternatively, you can set the whole system to permissive or otherwise disable SELinux. There are other kernel packages released that indeed do this. The advantage here is that it instantly fixes some apps' issues, as the SELinux based restrictions have all gone the way of the dodo. The disadvantage here is that you've just shut down a major part of the security system of the device.

Some would argue that a device with an unlocked bootloader, root, encrypted modem firmwares of which nobody really knows what they're doing, etc, is inherently insecure, and thus disabling SELinux doesn't make much difference.

I personally disagree with this. While I do agree that these things weaken security down from the ideal level, I would still not disable more security features than I absolutely need to. Just because you cannot eliminate all attack vectors, is no reason to just completely give up on defending against them.

It is of course your own choice if you want to run a permissive system or not. I will strive to keep everything working in enforcing mode though, and I hope other root app developers will do the same - as stated earlier in the post, I believe this is still possible.

(everything in this post is subject to change for retail L release, obviously)

Duc Nguyen commented on 2014-10-19 at 12:03:

I agree

Lars Stokholm commented on 2014-10-19 at 12:04:

Thanks for taking the time to explain things too.

KK Wu commented on 2014-10-19 at 12:09:

thanks for your great work

Paul Newcombe commented on 2014-10-19 at 12:16:

Thanks for the explanation and for all of your hard work...

I'm always amazed how dedicated and indeed devoted you are to your work!


Alessandro Ibi commented on 2014-10-19 at 12:17:

Very user friendly argumentations: only those who know can teach. Respect!

Bernhard Mähr commented on 2014-10-19 at 12:18:

Very good description!

Boms Lauban commented on 2014-10-19 at 12:18:

Thank you chainfire

Daniel Cook commented on 2014-10-19 at 12:19:

Glad to see Google enabling SELinux.

Anmol Malhotra commented on 2014-10-19 at 12:19:

Great work

Yogev Haham commented on 2014-10-19 at 12:24:


Sumanta Adhikari commented on 2014-10-19 at 12:30:

I have used official Rom for 2 month and custom Rom for more than 3 years.

Louis Tennent commented on 2014-10-19 at 12:34:

All hail the God of root!

Enrique Olmedillo Cedeño commented on 2014-10-19 at 12:38:

So. If i understood, maybe Custom ROMS are an easier way to be with root privileges?. I apologize If i said something crazy

Philipp Christodoulou commented on 2014-10-19 at 12:40:

Thank you for the detailed and good explanation. Your great work is and always has been one of the Reasons why Android is the best System around!

Franco Gong commented on 2014-10-19 at 12:58:

Great,thank your job

DroidMote commented on 2014-10-19 at 13:00:

On Google Play applications that require root permissions are lawful. Google earns from many years 30% on every sale even from these developers. The end-user as the owner of the phone, has the right to decide for her security. It's time that Google provides an official method and always valid to get root permissions as in other OS. In my opinion, this should be required by law, otherwise it means that the manufacturer of the device has more permission of the owner and this involves high insecurity for privacy and personal data. I am confident that if, in many, we start lawsuits, the root access also with a secure hardware button can be achieved because privacy is a universally recognized right. And a so beautiful app like SuperSu can help us to manage this root permissions.

Do not grant root permissions, it should also be at odds with a lot of anti-monopoly laws, it would be impossible without root uninstall many applications and services that we did not choose and that with force will be installed on our terminals.

But the Countries where they are ? Maybe they do not care that you are practicing this monopolistic system which is one of the greatest abuses of the history of computing.

Bryan Li commented on 2014-10-19 at 13:07:

This guy rock!

Brian Fosse commented on 2014-10-19 at 13:08:

Thank you

Josiah Dones commented on 2014-10-19 at 13:11:

Now what can you do if your phone did a system update while you were rooted but after the update it freezes on the boot

JB• Just KEWL commented on 2014-10-19 at 13:27:

thank you.. no more flickering on boot startup on my nexus 7

Jorrit Jongma commented on 2014-10-19 at 13:37:

+DroidMote Server / Client keep in mind that Google isn't restricting anything here. All of their own Nexus devices can be officially unlocked, and their firmware completely replaced by whatever you want. It is the OEMs, virtually always on order of the carriers, that lock devices. By far most high-end non-carrier devices are unlockable and thus rootable.

Consider that even if Google built in their own root facility for (retail!) firmwares, then the carriers would just have the OEMs take it out...

Business users also actually want the added security, there will never be a law anywhere that requires root access for these devices. Also because you have choice: you can buy an unlockable phone, switch carriers, etc. There is no locked device monopoly, unlocked devices are available in any country that I know of.

Now, if your favorite carrier offers the model that you want in the area that you want it for the price you find agreeable, that is a different question. Then again, the carrier has no obligation to give you what you want, and in a capitalist society, they shouldn't.

Shawn Clark commented on 2014-10-19 at 13:44:

Thanks +Chainfire for explaining the situations. You are the man

Farzad Fallah commented on 2014-10-19 at 13:46:

You are a genius man, thanks for all of your efforts.

DroidMote commented on 2014-10-19 at 13:58:

+Jorrit Jongma I know what you say, but an hardware button like in Chrome OS can help both users. Users that want full security, and users that think that having root permissions you are more secure. like me. I think differently from you, does not grant root permissions and create a large number of binary blobs on a open source OS, is a deliberate strategy to create a monopoly system.

Thanks for your very hard work.

No one has forgotten the history of internet explorer and a lot of money that Microsoft had to pay for having imposed its own software in a forced way.

It's time to change and all together we can.

François Simond commented on 2014-10-19 at 14:18:

Thank you for taking the time +Chainfire that was a good read.

AKSHARA T G commented on 2014-10-19 at 14:20:


Wow!! That's a very detailed explanation.. Thanks ☺

Amartya Baidya commented on 2014-10-19 at 14:21:

Thank you +Chainfire for explaining this so well....

What does this entail for Xposed if it ever manages to run on the ART runtime?

+Sayan Goswami, +Luqmaan Dien Mathee get a load of this ....

Luqmaan Mathee commented on 2014-10-19 at 14:22:

+amartya baidya checked it out man. This makes happy to see security being tightened in Android.

Amartya Baidya commented on 2014-10-19 at 14:24:

+Luqmaan Dien Mathee makes me a little worried that custom ROMs to maintain root over each build will permanently disable SE Linux and make the whole system permissive. ...I'm not sure that is the right way to go

K Bell commented on 2014-10-19 at 14:40:

I think Chainfire was the first word I heard after learning what root was 3 years ago on my first Droid.. Can't say thanks enough for all the dedication & hard work you've given over the years! ?

Joel Sb commented on 2014-10-19 at 14:42:

Thank you +Chainfire. You are a genius man!

Geoff commented on 2014-10-19 at 14:42:


Craig D commented on 2014-10-19 at 14:49:

Thanks Chainfire for all the hard work you put into the Android Community and for all the CF Autoroots, Super SU et al.

scary alien commented on 2014-10-19 at 14:57:

Thank you, +Chainfire, not just for this excellent post but also for the excellent information you also provide in your http://su.chainfire.eu/ page (particularly section 5)--invaluable stuff! :)

Matteo Panella commented on 2014-10-19 at 14:58:

+amartya baidya: it isn't, and those advocating disabling SELinux or forcing it into permissive mode should stay the hell away from shipping system software to 3rd parties.

I'd like to see ROM makers and su devs agree on a standard set of SELinux contexts for root-enabled apps (and related manifest permissions), but the general consensus seems to lean on the usual unconfined su daemon (or worse, as you pointed out).

That would leave upstream and OEM firmware users (me included) out of the game, but things aren't looking good for them anyway with dm-verity still floating around.

Luqmaan Mathee commented on 2014-10-19 at 14:58:

+amartya baidya true that sucks. Well I've been permissive all this time? but I think in future I'll stay enforcing. Security will be something I look forward to.

Andrew Layton commented on 2014-10-19 at 15:19:

Great work as always. Thanks for all that you do. ☺

Aaron Fried commented on 2014-10-19 at 15:22:

Thank you for all the great information!

Ichigo Uzumaki commented on 2014-10-19 at 15:46:

Thanx for the expalnation… keep up the good work you do.

Klaus Lichtenwalder commented on 2014-10-19 at 17:34:

I'm no expert for SELinux on Android, so please bear with me. Would it be possible to extend the policy with transition rules from install_recovery type to init (or what would be needed). If it is possible to change domains to permissive, it looks like modifying the policy is possible?

Pawel Kraszewski commented on 2014-10-19 at 17:35:

Thank you for in-depth exlanation. No cookie for me...

Anish Gupta commented on 2014-10-19 at 17:42:

The whole reason why Android is better than iOS is because we can root aka jailbreak the device and gain complete control over it. And I suppose, if locking everything was a way to go then OEM's could give an option either in the boot loader or recovery to allow users to choose to gain root access or something. Normal users won't be able to get their and advanced users would also be happy. Everyone goes home happy!

Jason Pasch commented on 2014-10-19 at 17:42:

Thank you +Chainfire for the detailed information,the quality and dedication of your work is be beyond compare.

Florián Collazo commented on 2014-10-19 at 17:56:

Gracias por hacernos la vida más fácil.Gente como usted es la que hace avanzar al ser humano

Jorrit Jongma commented on 2014-10-19 at 18:26:

+DroidMote Server / Client If you could turn off the security with a hardware button or from a bootloader that would negate the entire corporate data control idea. Either way, the corporations that control this apparently don't want it that way, so again, vote with your wallet.

Jorrit Jongma commented on 2014-10-19 at 18:27:

+Klaus Lichtenwalder Chicken/egg problem. You can modify the policies to allow install_recovery to transition to init, but you need to be init before you can modify the policies. Unless you put the modified policy in the kernel ramdisk, which then still requires you to reflash the kernel.

Klaus Lichtenwalder commented on 2014-10-19 at 18:39:

+Jorrit Jongma I see... Of course, yes. But then Chainfire speaks about SuperSU setting some domains to permissive, or changing policy from apps. This would also not possible in install_recovery_t? Otherwise it would defy security? There is no modifying policy without flashing an updated kernel/initramfs?

Klaus Lichtenwalder commented on 2014-10-19 at 18:41:

Btw, any good pointers re implementation of SELinux on Android (policy, implementation, setup)? I couldn't find any

Ryan Dupuis commented on 2014-10-19 at 18:42:

Thanks +Chainfire for the detailed reply, I was holding off on root after reading your earlier comments and awaiting this more detailed response. Glad to see enforcing route.

Jorrit Jongma commented on 2014-10-19 at 18:45:

+Klaus Lichtenwalder again, to do any of these things, su has to run as init to start with. You cannot change the policies from install_recovery context. An app that calls a properly working su running as init, then can execute calls as init as well, so it can modify policies if it wants.

There are other facilities to load a modified policy, by putting these policies on the data partition. Those generally have to be signed by a trusted key that we don't have though, and the methods this works vary by OEM.

PS. I am Chainfire, this is my personal account.

And Shi commented on 2014-10-19 at 19:10:


Klaus Lichtenwalder commented on 2014-10-19 at 19:14:

+Jorrit Jongma oh. sorry for not checking earlier... I see, so other apps can use su for changing the policy, but su obviously not ;) at least not for the purpose of getting the necessary permissions... Thanks for the explanation!

James Mason commented on 2014-10-19 at 19:41:

Sounds like of you want root, it's going to be Nexus or GTFO.

Which is fine. If root is a feature we want, we vote with our wallets to buy devices with unlocked bootloaders.

Marco Nuccio commented on 2014-10-19 at 20:03:

Chainfire it's BigG, thanks for hars work :)

Daniele Febei commented on 2014-10-19 at 20:34:

that's why I can't flash your kernel and have root access...? I tried several times but then, when I check kernel info, it's always the google one and no root access...

SheemOn Private commented on 2014-10-19 at 21:00:

Thanx for your fantastic work.

Paul Hedderly commented on 2014-10-19 at 22:04:

p Phzd

Angel Vega commented on 2014-10-20 at 04:27:

Duck selinux

Paul D-B commented on 2014-10-20 at 05:13:


Ernesto Vispo commented on 2014-10-20 at 06:46:

Siete i N.1

Glenn Chundrlek commented on 2014-10-20 at 10:53:

I agree with your assessment.

The only reason I root my phone is so that I can run an ip-tables based firewall and an ad blocker that modifies the hosts file.

I'd prefer to have as much security as possible.

Steve F commented on 2014-10-20 at 10:54:

interesting read, thanks for the info and especially thanks for your work.

Chris Levine commented on 2014-10-20 at 14:41:

Will there be a fix for the nexus 4 here is the rom I'm using


It says its a preview bit I have to seen any problems

Alex Espinosa commented on 2014-10-20 at 16:16:

Has anyone been able to remove aosp browser, calendar, messaging, and music? I do have root and tried to delete these apps using root browser which usually does the trick but with no luck this time. Every time I go to the apps section in settings, it appears that these apps are no longer installed but the icons remain in the app drawer. Any ideas how to remove these apps completely?

Chris Levine commented on 2014-10-20 at 16:19:

I just disabled them in the settings

andre silver commented on 2014-10-21 at 01:25:

Uuuuuuuuu u

andre silver commented on 2014-10-21 at 01:31:
滑天下之大稽 commented on 2014-10-21 at 03:42:

thx for all of your works man!

Francisco Manuel Farro Mejia commented on 2014-10-21 at 09:51:

Dude, thanks now i can use my phone as its best :D

Levi Woodard commented on 2014-10-21 at 17:29:

I half expected kit kat to do this to root. Thanks for a very informative post +Chainfire . hopefully something good will come from OEMs regarding this.

Roger Seeberger commented on 2014-10-21 at 17:31:

thanks for aour work and the infos

Алексей Рукин commented on 2014-10-21 at 18:02:

>>Since all mobile devices based on Android still have an 'Aeroplane mode' then it is the user that has the most permissions, you can always sever any network link. 

Most devices (not only Android) do not switch off wireless connections in "airplane mode", they make them only inaccessible for apps. This behavior has been noticed even on Symbian 7 based devices. Some phones do not switch off the radio module even if users "switch off" them completely. 

Simon Cahill commented on 2014-10-21 at 18:05:

I love how so many people here are writing 'Thanks' and

a) have no idea what half of his post means


b) aren't even developers (of any sort)

Abdul-Latif Ahmed commented on 2014-10-21 at 18:22:

In simple terms, what is chainfire saying?

Michel M commented on 2014-10-21 at 19:18:

Very interesting post, thanks

Michel M commented on 2014-10-21 at 19:32:

Locking down the os improves security. Locking out the owner but grant all access to manufactures decreases security. To me it looks like they are securing the ground I paid for. Google might follow another policy on their devices but they are part of the game (remember the changes on sd cards).

Jon Delano commented on 2014-10-21 at 20:03:

l'd hope that the Nexus line will keep their boot loader unlocked, if so, then bye bye Samsung hello (which ever manufacturer is building the nexus)

Pavel D. commented on 2014-10-21 at 21:06:

+Chainfire I hope you'll not give up though :) Thanks for all you've done so far!

Steve Coleman commented on 2014-10-21 at 21:55:

The Mfg's will likely always be working with local govt to be sure that certain payloads can be pushed wirelessly via the cellular network. It would be best to understand that update interface since its likely not going away anytime soon.  A personal IMSI catcher may be the next big  thing to own? Also, the cell side of the device generally has a CPU that is independant of the OS and can therefor be put to use in subverting/sideloading the primary OS in its initial load/boot sequence. food for thought...

Tim Lawrence commented on 2014-10-22 at 02:49:

You're a brilliant man and I am glad you are still taking the time to not only discover how these releases change our access to the filesystems, but even take the time to explain to the community what we stand to face.  We appreciate you and what you do here and may you forever be happy doing it.

Ricky Razor Ramon commented on 2014-10-22 at 04:17:

Rooting and ROMs are what makes Android, I just rooted my Note 4 using your CF-auto on xda +Chainfire. I appreciate your work and hope you'll be able to continue it through the Lollipop updates.

big carl dennis commented on 2014-10-22 at 04:25:

....in other words.....nexus phones are going to sell like hot cakes

Christian Orjeda commented on 2014-10-22 at 04:29:

Thank you for your writing +Chainfire. I found xda and your tools when I tried to delete bloatware on my android phone. I hope in the future it will be

possible to get root in android, if not I don't know what to do, looking for an alternative (sailfish, ubuntu)?

Olek Kos commented on 2014-10-22 at 04:39:

You just made it on the XDA News page :)

eLeCtRaSh TV commented on 2014-10-22 at 08:42:

On one hand i am happy to see this changes (I was root user, but since JB and KK i dont use it so much, so this is good news for user like me)

Iñigo Lacoume commented on 2014-10-22 at 12:12:

Thanks for your amazing work.

Srujan commented on 2014-10-22 at 12:57:

This happened for me in my Sony tablet S,

m3ta1he4d commented on 2014-10-22 at 17:49:

Unrootable. Its gonna be the undoing of Android. ?

Gaius Trollius commented on 2014-10-22 at 18:21:

This is going to be a huge problem for all of us that use or experiment with android phones. I hope manufacturers won't do the same as Google, or at least we'll have such great developers to help us get the most out of our devices.

Christian Orjeda commented on 2014-10-22 at 18:29:

Yes hoping this and in case it will not happen, hopefully there is another os for the phones (with root) at this time.

Am 22. Oktober 2014 20:21:56 MESZ, schrieb "Google+ (Dante Nemo)" <*@*>:

Shawn Yu commented on 2014-10-23 at 00:28:

OK I do understand Google trying to lock the root access, cause if the root access is easy to be obtained, many users might get their services rooted without realizing what root really is. At this point some apps can cheat users saying something like "to better serve you I need the root access and I (don't) promise not to do bad things" and do evil things instead of serving you as described. Then people blame the system developer, which is definitely Google, for what they've lost.

So the hardship of getting the root access is somehow also kind of a filter of users. But anyway as long as rooting is still possible (which is theoretically possible forever), I'm going to get my device rooted.

Thank you +Chainfire, for the light of freedom on my device that you've brought.

Christian Orjeda commented on 2014-10-23 at 04:02:

I believe that android should have a root option, can be with disclaimer like : are you sure what are doing? We aren't responsible for consequences of root operations!

But I don't want a computer, which only let me be user not administrator and a phone is a computer. Without root I can't remove bloatware, administrate permissions, at least the phone isn't mine.

Am 23. Oktober 2014 02:28:59 MESZ, schrieb "Google+ (于笑晨)" <*@*>:

Damo Conti commented on 2014-10-23 at 04:52:

Beautiful explanation

Shawn Yu commented on 2014-10-23 at 05:57:

+christian orjeda Yes I do agree the point that a phone is in fact a computer, and I would be happy to set MY phone having a root opinion so I can make my device much more powerful, but not everyone thinks in that way.

Basically up to now, only few people have root access on their phones and once all android devices have that option then EVERYONE has root access while they can give it to ANYTHING, and that causes severe problems. While there aren't many of the users have rooted devices, writing those cheating softwares don't get much profit, when the root opinion gives them a much more possibility to take control of ignorant users devices.One man's meat is another man's poison.

So maybe specialized ROMs for developers (and geeks like me) claiming what you've said might be a better solution, apps can't force you to flash another ROM while they might force users to click the root switch.

Christian Orjeda commented on 2014-10-23 at 07:50:

Having root as an option and with a warning would be OK. Like on a Linux system there you have to be root or su for doing more critical things. But not a system only giving you the rights of a very limited user, even not able deleting bloatware in many cases.

Am 23. Oktober 2014 07:58:00 MESZ, schrieb "Google+ (于笑晨)" <*@*>:

Shawn Yu commented on 2014-10-23 at 10:47:

+christian orjeda But Linux itself doesn't have so many users but android does, so many users don't understand how powerful root access is. Just like those licenses, none of those guys read out care about the warning.

Christian Orjeda commented on 2014-10-23 at 13:17:

I don't want a system on a computer (phone) which don't give me the chance deleting things I don't want or motor having the possibility to quit some supercilious apps some permissions. If one put a clear warning before entering root mode one who is able to read should be also able to decide what he is doing. You can hide the rot access a little bit too, so one who want it will find and others not.

Am 23. Oktober 2014 12:47:46 MESZ, schrieb "Google+ (于笑晨)" <*@*>:

Damo Conti commented on 2014-10-23 at 14:04:

They should give you an option on 1st boot. Ie when you start it up for 1st time it asked if you want root or other extra access. It should require admin mode or sonething like that to allow root after 1st boot.

Does anyone know how lollipop handles sd cards

Eric Brewer commented on 2014-10-23 at 18:57:

Thanks for the information Sir.

Christian Orjeda commented on 2014-10-23 at 19:48:

OK you have to choose Google slavery or little bit more freedom.

Am 23. Oktober 2014 19:26:27 MESZ, schrieb "Google+ (Emile Tenia)" <*@*>:

Lifted Andreas commented on 2014-10-23 at 20:13:

excellent info! i guess in the development world nothing is impossible, manufacturer world is totally different tho

Michael Stilson commented on 2014-10-24 at 03:14:

Great description! Thanks!

yogeneyogene commented on 2014-10-24 at 10:10:

+chainfire rules!(as usual)

Alexander List commented on 2014-10-24 at 10:14:

Echt super

Zahid Alaauddin commented on 2014-10-24 at 14:41:

My question is still the same. Does this mean that its the end of Rooting and all the Custom Android development? It seems that Google is trying to increase their Nexus and Android One sales! Looks like we need to make a petition to Google to stop being evil and be developer friendly.

Lifted Andreas commented on 2014-10-24 at 19:37:

+Zahid Alaaudin Well, they havent restricted their bootloaders yet so

Алексей Рукин commented on 2014-10-25 at 19:34:

>> It seems that Google is trying to increase their Nexus and Android One sales!

After this change Android will quickly split into two (or more) different systems. One will be Android One and Nexus, the other(s) will be the OEM's version(s). And only first one will remain truly ANDROID.

Augusto López commented on 2014-10-25 at 20:47:

Hola. Yo quiero saber como rootear mi note 3 soy nuevo en esto he estado leyendo terminologías pero bueno no es tan fácil. Y knox q pasa con el es bueno pero mmmmm no se por lo q he leído restringe más q proteger. Al fin y al cabo es nuestro terminal y podemos hacer lo que sea con el.

Quiero saber si ene la caso de rootear lo se podrá seguir ocupando la multiventana y más cos as q trae este fantástico equipo. Lo que deseo es quitar tanta cosa q trae pre instalada de telcel México sin el riesgo de que quede inservible. Invertí en el una hiena cantidad.


Zahid Alaauddin commented on 2014-10-26 at 06:50:

+Andrei AndreaS Guitchev Not yet but OEM's(Maybe Samsung and some other non developer friendly companies) will see this as a golden opportunity to shut down root for good. I'm not really worried since I'm having a Bootloader Unlocked Moto G running CM11 and waiting for L.

CHRIS JUDY commented on 2014-10-26 at 15:12:

Thanks Chainfire for the great article. How I wish I had a sliver of your knowledge.

SuperBROKEN81 commented on 2014-10-27 at 18:53:

This is why you should switch to a carrier who sells phones with an unlocked bootloader. T-Mobile

Zahid Alaauddin commented on 2014-10-27 at 18:55:

+SuperBROKEN81 But their plans are stupid. Plus pretty sure that they will lock the Bootloader if L has such protection coming

SuperBROKEN81 commented on 2014-10-27 at 19:15:

+Zahid Alaaudin t-mobile is known for unlocked bootloader. I doubt they would start locking them.

Then again when L hits I'll use mobile odin pro to flash and not upgrade the bootloader. 

Of couse if they end up locking bootloaders future phones would be a problem. 

Also t-mobile plans are good. Much better then Verizon. Cheaper, same service, with unlimited data.

Angel Vega commented on 2014-10-29 at 23:37:

Isn't it ironic how Google keeps android lollipop with massive SELinux features and at the same time they ask even what the names of your children are. Or I just don't know what security is.

Martin Lehmann commented on 2014-10-30 at 15:04:

+Chainfire You said "..it does require a modified kernel package (changing the ramdisk)" -> May this cause problems with file-observing on /system/priv-apps/? On my device (N7), changes to APKs inside that folder are no more detected until the device reboots. And I wonder if this might be related to the new root-method?

Jude Palermo commented on 2014-11-03 at 03:18:

And what you say, means no root for the note 4, in the future..... I'm still in shock and not happy at all. I live for the root. Love root. Sucks bad, they are coming out with a developer version of the note 4 which will be rootable. Very yes. 700 bucks. To shell out even after we all bought the note 4 already. Sad times, why do they not want us to be able to root? I thought this was the awesome deal with Android. Jailbreaks with Apple, happen all the time. all the time. I still have faith because of that. Anyone?

Adriano Firmino commented on 2014-11-11 at 10:35:

Adios Root....Bye Root... Adeus Root....

Farshad Shahoseinzadeh commented on 2014-11-12 at 22:42:


Ray Friesland commented on 2014-11-17 at 16:19:

Thanks Chain!

Ed Beall commented on 2014-11-17 at 22:58:

+An Orrible Monster I disagree a carrier app that is uninstallable that has permissions not even related to apk functionality that cannot be revoked without root accses is a definint personal data security breach

KAKI GAME commented on 2014-11-20 at 21:32:

Help me..super su error

ISENG CHANEL ID commented on 2014-11-25 at 17:44:

So very good and thanks for easy root in gadget... You must have predikat for your amazing briand

jesus gonzalez commented on 2014-12-20 at 20:09:

mass fino

Trevor Olsen commented on 2015-01-06 at 06:43:

Thanks mate.

Pasqualino Maganuco commented on 2015-10-09 at 18:54:
This post is over a month old, commenting has been disabled.