Rooting is often performed with the goal of overcoming limitations that carriers and hardware manufacturers put on some devices, resulting in the ability to alter or replace system applications and settings, run specialized apps that require administrator-level permissions, or perform other operations that are otherwise inaccessible to a normal Android user. Rooting is analogous to jailbreaking devices running the Apple iOS operating system or the Sony PlayStation 3. On Android, rooting can also facilitate the complete removal and replacement of the device's operating system.
As Android was derived from the Linux kernel, rooting an Android device is similar in practice to accessing administrative permissions on Linux or any other Unix-like operating system such as FreeBSD or OS X.
DescriptionRooting enables user-installed applications to run privileged commands that are typically unavailable to devices in the stock configuration. Rooting is required for more advanced and potentially dangerous operations including modifying or deleting system files, removing carrier- or manufacturer-installed applications, and low-level access to the hardware itself (rebooting, controlling status lights, or recalibrating touch inputs.) A typical rooting installation also installs the Superuser application, which supervises applications that are granted root rights.
A secondary operation, unlocking the device's bootloader verification, is required to remove or replace the installed Operating System.
In contrast to iOS jailbreaking, rooting is not needed to run applications distributed outside of the Google Play Store (sometimes referred to as "sideloading") — the Android OS supports this feature natively through an option in the Settings menu. However some carriers, like AT&T, prevent the installation of applications not on the Store in firmware, although several devices (including the Samsung Infuse 4G) are not subject to this rule.
As of 2012 the Amazon Kindle Fire is locked to the Amazon app store instead of Google Play, and other vendors of Android devices may lock to other sources in the future. Access to alternate apps may require rooting but rooting is not always necessary. As an example, for the Kindle fire it is possible to load the "easy installer" app from the Amazon app store and then use it to "sideload" apps from any source.
One of the potential downsides to rooting is some phone makers consider it to be "modifying" the phone, which may void the warranty. However, if the phone is un-rooted before the user tries to use his or her warranty, there is no easy way for the warranty provider to know that the phone was previously rooted. The term "bricking" is used to describe a device which has had its software modified improperly to the point where it is no longer functioning.
ProcessThe process of rooting varies widely by device, but usually includes exploiting a security weakness in the firmware of the device, and then copying the su binary to a location in the current process's PATH (e.g.
/system/xbin/su) and granting it executable permissions with the chmod command. A supervisor application like SuperUser or SuperSU can regulate and log elevated permission requests from other applications. Many guides, tutorials, and automatic processes exist for popular Android devices facilitating a fast and easy rooting process.
For example, shortly after the T-Mobile G1 was released it was quickly discovered that anything typed using the keyboard was being interpreted as a command in a privileged (root) shell. Although Google quickly released a patch to fix this, a signed image of the old firmware leaked, which gave users the ability to downgrade and use the original exploit to gain root access. Once an exploit is discovered, a custom recovery image that skips the digital signature check of a firmware update package can be flashed. In turn, using the custom recovery, a modified firmware update can be installed that typically includes the utilities (for example the Superuser app) needed to run apps as root.
The Google-branded Android devices, the Nexus One, Nexus S and the Galaxy Nexus, can be boot-loader unlocked by simply connecting the device to a computer while in boot-loader mode and running the Fastboot program with the command "fastboot oem unlock". After accepting a warning the boot-loader will be unlocked so that a new system image can be written directly to flash without the need for an exploit.
Recently, Motorola, LG Electronics and HTC Corporation have added security features to their devices at the hardware level in an attempt to prevent retail Android devices from being rooted. For instance, the Motorola Droid X has a security boot-loader that will put the phone in "recovery mode" if unsigned firmware is loaded onto the device, and the Samsung Galaxy S II will display a yellow triangle indicator if the device firmware has been modified.
Industry reactionUntil recently, the response of tablet and smartphone manufacturers and mobile carriers has typically been unsupportive of third-party firmware development. Manufacturers had expressed concern about improper functioning of devices running unofficial software and related support costs. Moreover, firmware such as CyanogenMod sometimes offers features for which carriers would otherwise charge a premium (e.g., tethering). As a result, technical obstacles such as locked bootloaders and restricted access to root permissions have commonly been introduced in many devices. For example, in late December 2011, Barnes and Noble and Amazon.com, Inc. began pushing automatic, over-the-air firmware updates, 1.4.1 to Nook Tablets and 6.2.1 to Kindle Fires, that removed users' ability to gain root access to the devices. The Nook Tablet 1.4.1 update also removed users' ability to sideload apps from sources other than the official Barnes and Noble app store (without modding).
However, as community-developed software has grown popular, and following a statement by the Librarian of Congress (US) that permits the use of "jailbreaking" mobile devices, manufacturers and carriers have softened their position regarding CyanogenMod and other unofficial firmware distributions, with some, including HTC, Samsung, Motorola and Sony Ericsson, even actively providing support and encouraging development.
In 2011, the need to circumvent hardware restrictions to install unofficial firmware lessened as an increasing number of devices shipped with unlocked or unlockable bootloaders, similar to the Nexus series of phones. Device manufacturer HTC has announced that it would support aftermarket software developers by making the bootloaders of all new devices unlockable.