igor - Fotolia

Get started Bring yourself up to speed with our introductory content.

Rooted Android device risks include network access, data theft

Rooting an Android smartphone or tablet makes the device more vulnerable to malicious apps that could wreak havoc on a corporate network. MDM alone can't stop the threat.

Rooted Android device users can access core system files, reconfigure system settings and install apps they otherwise couldn't. But rooting opens a device up to security risks that can compromise sensitive data and jeopardize enterprise resources.

Android is a Linux derivative, which implies a certain level of system access and configurability, but Android devices typically ship with limited privileges. Users can install apps from Google Play and change some of the system settings, but they cannot access the core operating system or take too many steps that could alter its built-in protections -- at least not without some effort. Each app also runs in its own container with its own user ID, which keeps its operations and data isolated from other apps. This restricted state helps protect against malicious code and other threats.

Android also makes it possible for users to root their devices; that is, override the usual safeguards to install apps that can modify the operating system, access all other apps (and their data) and perform other operations that would normally be restricted. Rooted Android device users can also download any apps from anywhere they want, not just Google Play.

There are many good reasons why users would root their Android devices. For example, they can install advanced backup and security apps that require full system access, and they can uninstall the bloatware that ships on most devices. Rooting also lets users install updated OS versions -- a handy feature when the device manufacturer fails to provide those updates in a timely manner, as is often the case with Android.

The root of the problem

Messing with the OS does have its consequences.

Despite all the cool tricks users can do with a rooted Android device, messing with the OS does have its consequences. If a user disables an important system app or deletes a critical system file, the device might no longer operate properly. One wrong move and a phone or tablet could be rendered totally useless. In some cases, rooting a device can invalidate the manufacturer's warranty.

Allowing apps to access the OS, other apps and system files can also have security ramifications. Hackers have been known to develop apps that look innocent enough but actually steal data and/or disable the device. Once malicious code has root access, it can do just about anything, from deleting critical files to retrieving account information to installing kernel modules or rootkits. Cybercriminals have been developing malware that specifically targets rooted Android devices -- and have been doing so for a while.

That's not to say a rooted Android device always translates to a compromised device. Most rooting processes include the installation of a program that prompts users to grant or deny root privileges to each newly installed app. A streetwise user will thoroughly vet an app before granting root privileges. That said, even the most experienced user must maintain constant vigilance to ensure that the wrong app isn't granted root access. It takes only one slip-up to compromise a device.

Rooted Android devices in the enterprise

A user who makes a wrong move with a rooted Android device can jeopardize enterprise data along with personal information. If a rooted device is used to access corporate resources, either by logging in directly to the secure network or connecting via a virtual private network, a hacker could obtain the credentials necessary to gain entry into directory services, email servers, data stores and other secure resources.

An app with root privileges can easily install backdoors to enable unauthorized device access and subsequent access to the secure corporate network. Given the rise of targeted attacks against businesses and the increased use of mobile devices to conduct business, rooted Android devices seem the perfect entry point into the corporate network.

From an IT perspective, a rooted device provides little to no security. That's why most mobile device management (MDM) products include a feature that let IT block rooted devices from connecting to the secure network or accessing corporate assets. But these products must be able to detect rooted devices before they can block them, and there are ways users can get around those detection mechanisms. Organizations that rely on MDM alone to detect rooted devices should be aware of these limitations.

Most IT administrators don't want their employees connecting rooted Android devices to their networks, even if some are advanced users who are extremely cautious. No matter how many advantages there might be in rooting a device, there's no getting around the fact that a rooted device is more vulnerable than one that is not.

This was last published in September 2014

Dig Deeper on Google Android operating system and devices



Find more PRO+ content and other member only offers, here.

Join the conversation


Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Are the benefits of rooted Android devices worth the risks?
It really depends on your corporate mobile device management policy and strategy. A rooted device can have the corporate image installed along with the company's preferred root management, backup, and malware detection apps. There are circumstances where the company may not want to rely on the default security offered by HTC, Google, Samsung, Apple, Microsoft, etc. For example, a rooted device can be configured to block the installation of any apps not on a whitelist, or to block network access by type (LAN/WiFI/4G/BT/VPN) or by app. So rooting a device allows for total control and it then means the company must seriously own the configuration of these devices - the deployment must be planned, designed, and managed (managed means detecting changes to the SOE) so it's not for the faint of heart.
The above has been said in the context of company rooted devices, from the perspective of user rooted devices, I wouldn't allow them on my network unless the user relinquishes control of their device and allows the approved  corporate rooted image to be installed on their device.
Exactly how do you root a device?  I'm afraid I might have rooted my device unknowingly.  Is it possible to unknowingly root your android device?
The procedure varies from device to device, but it's not the sort of thing you can do unknowingly or unwittingly, or by installing an app when the phone is in normal mode of operation (hitting the power on button and letting it boot) . Rooting is usually a complicated process that requires booting into a special mode and running patches or entering a specific code that you have to download from the manufacturer (or from phone hacking forums).
If you have a concern about what you have installed on your phone - do a factory reset. However, be aware it will delete all your data (call history, sms history, and possibly all your photos and videos). search " ***yourphonemodel*** factory reset" for instructions and consequences. eg "iphone 4s factory reset"
If you want to find out if your phone is already rooted search " ***yourphonemodel*** root access". the resulting pages will usually tell you how to check and/or how to go about it. Don't root your phone unless you are prepared to spend considerable time learning about the phone's operating system at a technical level, and more importantly the consequences and risks of doing it.