Rooted Android device users can access core system files, reconfigure system settings and install apps they otherwise...
couldn't. But rooting opens a device up to security risks that can compromise sensitive data and jeopardize enterprise resources.
Android is a Linux derivative, which implies a certain level of system access and configurability, but Android devices typically ship with limited privileges. Users can install apps from Google Play and change some of the system settings, but they cannot access the core operating system or take too many steps that could alter its built-in protections -- at least not without some effort. Each app also runs in its own container with its own user ID, which keeps its operations and data isolated from other apps. This restricted state helps protect against malicious code and other threats.
Android also makes it possible for users to root their devices; that is, override the usual safeguards to install apps that can modify the operating system, access all other apps (and their data) and perform other operations that would normally be restricted. Rooted Android device users can also download any apps from anywhere they want, not just Google Play.
There are many good reasons why users would root their Android devices. For example, they can install advanced backup and security apps that require full system access, and they can uninstall the bloatware that ships on most devices. Rooting also lets users install updated OS versions -- a handy feature when the device manufacturer fails to provide those updates in a timely manner, as is often the case with Android.
The root of the problem
Despite all the cool tricks users can do with a rooted Android device, messing with the OS does have its consequences. If a user disables an important system app or deletes a critical system file, the device might no longer operate properly. One wrong move and a phone or tablet could be rendered totally useless. In some cases, rooting a device can invalidate the manufacturer's warranty.
Allowing apps to access the OS, other apps and system files can also have security ramifications. Hackers have been known to develop apps that look innocent enough but actually steal data and/or disable the device. Once malicious code has root access, it can do just about anything, from deleting critical files to retrieving account information to installing kernel modules or rootkits. Cybercriminals have been developing malware that specifically targets rooted Android devices -- and have been doing so for a while.
That's not to say a rooted Android device always translates to a compromised device. Most rooting processes include the installation of a program that prompts users to grant or deny root privileges to each newly installed app. A streetwise user will thoroughly vet an app before granting root privileges. That said, even the most experienced user must maintain constant vigilance to ensure that the wrong app isn't granted root access. It takes only one slip-up to compromise a device.
Rooted Android devices in the enterprise
A user who makes a wrong move with a rooted Android device can jeopardize enterprise data along with personal information. If a rooted device is used to access corporate resources, either by logging in directly to the secure network or connecting via a virtual private network, a hacker could obtain the credentials necessary to gain entry into directory services, email servers, data stores and other secure resources.
An app with root privileges can easily install backdoors to enable unauthorized device access and subsequent access to the secure corporate network. Given the rise of targeted attacks against businesses and the increased use of mobile devices to conduct business, rooted Android devices seem the perfect entry point into the corporate network.
From an IT perspective, a rooted device provides little to no security. That's why most mobile device management (MDM) products include a feature that let IT block rooted devices from connecting to the secure network or accessing corporate assets. But these products must be able to detect rooted devices before they can block them, and there are ways users can get around those detection mechanisms. Organizations that rely on MDM alone to detect rooted devices should be aware of these limitations.
Most IT administrators don't want their employees connecting rooted Android devices to their networks, even if some are advanced users who are extremely cautious. No matter how many advantages there might be in rooting a device, there's no getting around the fact that a rooted device is more vulnerable than one that is not.