June 26, 2019

What are the security risks of rooting your smartphone?

Joel Snyder

Companies allowing employees to bring their own device (BYOD) for work purposes are toeing a fine line: providing workers with ability to use the smartphone or tablet they’re most comfortable with, but also subjecting the enterprise’s data to potential security risks.

One issue keeping digital security and IT managers awake at night is smartphone rooting.

What is smartphone rooting?

Rooting phones, no matter what the operating system, usually means discovering a bug of some sort that lets you bypass internal protections and gain complete control over the operating system — to become the “root” user, who has all privileges and all access. Rooting is sometimes called “jailbreaking,” as it allows the user to break out of constraints of the operating system.

In the Android ecosystem, since the platform is based upon Linux permissions and file-system ownership, rooting means gaining “superuser” access. Rooting is generally carried out using Android SDK tools to unlock the bootloader and then flash a custom image to the device. Some third-party applications may offer to root your device for you, but users should be particularly cautious of these as they have the potential to introduce malware or other security loopholes.

Not everyone rooting a phone breaks in by finding a bug. Android phones sold for development purposes, for example, may allow rooting to help in the testing and debugging process.

It’s also important to note that rooting is different from unlocking a phone. In the U.S. especially, phones are often sold with a subsidy provided by a telecom carrier. To help enforce the contract terms, phones may be configured by the carrier so that they can only be used on certain networks. Disabling these controls is called “unlocking” the phone, but this does not involve gaining superuser permissions.


Why do people root their phones?

People root smartphones for many different reasons. They may want to install a specific application, change certain settings, or just because they don’t like being told what they can and can’t do with their phone.

In the early years of Android smartphones, rooting was popular among tech enthusiasts as a way to strip back user interface customizations made by manufacturers to the Android platform. In other instances, the motivation has been to remove preloaded applications.


How can you tell if a phone is rooted?

Users who are uncertain if their phone has been rooted have several ways to check.

The presence of a Kinguser or Superuser application on the device is an obvious sign that the device has been rooted. These applications are typically installed as part of the rooting process to allow access to superuser privileges. Users can also download a root checker app or a terminal client to determine if superuser access is configured.

With Samsung’s Android devices featuring Samsung Knox, the user can simply go into Settings and tap “About Phone” to review the software versions on their device. Any irregularities in the software will be noted.


Is rooting your smartphone a security risk?

Rooting disables some of the built-in security features of the operating system, and those security features are part of what keeps the operating system safe, and your data secure from exposure or corruption. Since today’s smartphones operate in an environment filled with threats from attackers, buggy or malicious applications, as well as occasional accidental missteps by trusted users, anything that reduces the internal controls in the Android operating system represents a higher risk.

Quantifying that increased level of risk is hard because it depends on how the phone was rooted and what happens next. If a user roots their smartphone and doesn’t do anything outside of normal day-to-day usage, it becomes hard to point and say “this is a big security problem.” But if a rooted phone stops checking for software updates and security patches (or cannot install them because the kernel is no longer signed properly), then even a phone used in a very normal way slowly turns into a ticking time bomb running old software and applications.

On the other hand, IT managers know that many users root their phones and then engage in unsafe behaviors, such as installing pirated applications or malware — even unintentionally. In that case, the security risk rises quickly.

A rooted smartphone — especially one that doesn’t get updated — creates a security problem that gets worse over time. Similarly, some of the important security features of smartphones, such as Samsung’s Trusted Execution Environment (TEE), can be disabled when a smartphone is rooted. This means that applications dependent on the security of TEE for encryption key storage or home/work partitions, for example, either stop functioning entirely or are no longer secure. And that’s why most IT managers strongly discourage rooting phones.


Should rooted smartphones be used for work?

Rooting a smartphone changes the fundamental security posture of the device, and this generally makes the device unsuitable for work use, exposing enterprise data and applications to new threats.

Many acceptable use policies (AUPs) explicitly state that rooted devices are not allowed to access corporate networks, applications and data. As discussed in more detail below, IT admins may also use rooting or jailbreak detection capabilities within their Mobile Device Management (MDM) solution to red-flag any compromised devices enrolled. Even if these policies and protections are not in place, users who are aware their device is rooted should think twice before using that phone for business purposes.


What should IT managers do? 

First, make it hard for people to root phones. Pick a business-focused phone that has hardware protections that make booting of untrusted code somewhere between difficult and impossible. For example, Samsung’s phones with the built-in Knox platform and TEE use a combination of hardware and firmware to keep untrusted operating systems from loading by verifying a digital signature on each part of the operating system as it’s loaded into memory. If the software is not digitally signed by someone in Samsung’s chain of trust, then the phone won’t load the software at all. The digital signature guarantees, with cryptographic assurance, that the operating system software being loaded has not been modified. That eliminates one favorite technique for rooting phones.

Samsung Knox also has rollback protection as part of the trusted boot process. Another favorite rooting technique is to load an older version of the Android operating system with an old bug that makes it easy to root the phone. With Knox-integrated phones, though, once a new version of the operating system has been loaded, it can set a minimum version number in the TEE, and the smartphone can detect if the operating system meets the minimum requirement.

Depending on where the device is in the boot process, it will either refuse to load older, buggier versions of the operating system, or in some cases, it will boot up but clear out the secure area in the TEE which has decryption keys in it, effectively wiping the phone’s data storage. Rollback protection is a one-way street — no amount of factory resetting the phone will clear this information out, so once a phone has been patched and the rollback protection updated, it can’t be unpatched by someone trying to root it.

Finally, after making it harder to root phones, IT managers should actively detect rooted devices, typically using their MDM, Enterprise Mobility Management (EMM) or Unified Endpoint Management UEM) console. This service helps by providing reporting on device software versions, and any back-tracking of a smartphone to an earlier version should stand out — and cause the MDM/EMM to log a security event. Upon detection of rooting, the admin can choose to have MDM automatically lock the user out of the device, wipe all enterprise data or restrict access.

More advanced phones can also report back to the MDM/EMM on periodic real-time checks on the integrity of the operating system. For example, in Samsung phones with Knox, IT managers can take advantage of Realtime Kernel Protection (RKP) and Periodic Kernel Measurement (PKM) to detect and block kernel tampering at run time.

IT managers can’t convince people not to root their smartphones. But they can make it harder for those devices to be used in the enterprise, and they can better detect policy violations. All it takes is the right hardware, the right software and a keen eye.

Learn more about the Samsung Knox platform by reading our free white paper.

Read the KPE white paper

[Icon] close

Get started with Samsung Knox

[Icon] suitcase
Are you a reseller, solution provider, or service provider?

Become a Knox Partner and grow your business today.

[Icon] info

Select a Knox product to start with:

All-in-one Bundle
Knox Suite
Rebranding and Customization
Knox Configure
Fraud and Theft Protection
Knox Guard
Device Protection Plan
Samsung Care+ for Business
Other products & services

Get started with

[Image] Knox Suite

All-in-one solution bundle for enterprise mobility.

  • Get a free 90-day trial for up to 30 devices.
  • A complete set of tools to secure, deploy, manage, and analyze your corporate devices.
  • Try powerful features bundled with Knox Suite.

Knox Suite includes:

Knox Mobile Enrollment Free
Knox Manage
Knox Asset Intelligence
Knox Platform for Enterprise Free
Knox Remote Support
Knox Capture
Knox Authentication Manager

Get started with

[Image] Knox Configure Logo

Rebrand and customize your Samsung devices.

  • Get a free 90-day trial for up to 30 devices.
  • Remotely configure Samsung devices in bulk and tailor them to specific needs, right out of the box.
  • Set up your devices for a one-time deployment, or update them as much as you want.

Get started with

[Icon] Knox Guard Logo

Fraud and theft protection for Samsung devices.

  • Get a free 90-day trial for up to 30 devices.
  • Reduce financial risks and protect assets by remotely controlling Samsung devices.
  • Try all the features of Knox Guard, including SIM control and device locking.

Get started with

[Image] Samsung Care Plus For Business Logo

Device protection plans for your Samsung devices.

  • Limit business interruptions with quick device repairs and replacements. Contact the Samsung sales team to get started.
  • See all your device coverage and claim information in one place.
  • Already purchased Samsung Care+ for Business? Create an account and activate your plan on the Samsung Care+ for Business console.

Other products & services

[Image] Others logo

Modern solutions to address your unique needs.