I have been talking about the benefits of gaining root access to a smartphone for over 10 years now. There’s a lot to be gained by rooting an Android device but there can potentially be some risks as well. I would like to go over things you will want to investigate further before diving into the Android development scene.
I have written over a thousand different tutorials here on Android Explained. Many of these involve, require, or directly teach you about gaining root access to your smartphone. Learning how to root a smartphone can be worrisome when you first learning. But over time you begin learning how things work.
The risks of rooting an Android device are usually what keeps people from even learning about it.
Research Before Rooting
And that, in my opinion, can be easily overblown in some situations. Here today I will be detailing some legitimate and critical roadblocks that some people may have to deal with. However, I want you to understand that only a few of these risks are universal across all smartphone OEMs.
Just as a brief example, many people will tell you that gaining root access to any Android device will void your warranty. That is flat out wrong as a blanket statement as there are many companies (including Google) that do not void the warranty. So please be wary of blanket statements like that.
The example is also wrong on a different level since some countries outlaw companies from voiding the warranty.
So, no matter what I end up listing here today, know that it may not be applicable to you and/or your device. I know it takes time, but do some research for your specific device, OEM, and even country to know your rights. I will list specific companies that I know enforce certain practices but I can’t possibly list every scenario.
Risks of Rooting an Android Smartphone or Tablet
Again, country law overrides almost all company practices, but even that can’t be used as a blanket statement. Here in the United States, we have laws that prevent companies from voiding a warranty for doing things like gaining root access, pulling off those ‘void if removed’ stickers, etc.
However, the companies know they can police themselves due to the judicial system we have in place. It would take someone hours of their lives and thousands of dollars to force a company to follow these warranty laws. The only time we see action here is when a Class Action lawsuit surfaces from some widespread issue.
So, let’s go ahead and talk about the possibility of root access voiding your warranty.
Root Can Void Your Warranty
This is one of those vague things because it will depend on so many factors. Firstly, your country may or may not allow a company to implement a policy which voids the product’s warranty simply because you gained root access. The level of enforcement of this law will depend on your country.
If there’s a situation where the country lets the company create the rules, then know that not all smartphone OEMs will do so. Again, I can’t list all the companies here, but there are many including Google, OnePlus, Sony and others that will honor the warranty even if you root the device.
So please do your research because Samsung will try to say you have voided the warranty when you trip KNOX.
And this happens anytime you gain root access the normal way. I say normal way because there have been some exploits in the past that let you root a Samsung device without tripping KNOX. These methods are faaaaaaaar and few between, but it has been shown to be possible in the past.
So please do your research to learn if the OEM that manufacturers your smartphone cares about root or not.
Root Prevents the Installation of OTA Updates
This as a blanket statement is true. . .but there are ways to work around it. So, it is definitely true that if you have installed Magisk, SuperSU, or any other root solution then you cannot install an OTA update through traditional means. By traditional means, I am talking about through the built-in system updater.
Granted, some custom ROMs let you use the built-in updater without any issue. Most OEM ROMs are not built in a way that takes root access into consideration. OnePlus will try to accommodate for this by downloading and installing the full firmware ROM but even it has issues for some people.
So, if you root then know the risk of not being able to install OTA updates like you normally would.
Instead, you have to find a workaround that works for your specific device. Sometimes this involves downloading the full ROM, installing it on top of your current setup (which wipes out root, TWRP, etc.) and having to go through the process of gaining root access, installing TWRP, etc. all over again.
For other people, it could involve undoing these root changes you’ve made, installing the OTA update like normal, and then installing Magisk again right before rebooting (one of the many benefits of the A/B partition slot system). Then there are some who simply do not care about OTA updates and ignore them when possible.
I’m glad we have these workarounds but they are different depending on the circumstance.
Root Stops Some Apps from Working
This is definitely true because of a feature Google built into Android that it refers to as SafetyNet. Now, I have talked about the issues that can result from failing a SafetyNet check. This includes, but is not limited to, using an unknown number of applications (banking apps, games like Pokemon Go, etc.).
Some of these apps (talking banking apps here) do this in an attempt to prevent security-related issues from happening. It is in the best interest of a bank to know that a 3rd-party app can’t keylog the user and get their banking details. Whether or not they should do this is another topic of debate.
Then we have some games (talking about Pokemon Go here) that do this to prevent people from cheating.
See, games like Pokemon Go don’t depend on skill and instead depend on people going out and playing the game. The game uses the device’s GPS coordinates to know your location and will then use that information to tell you if there is a Pokemon to be caught nearby.
The thing is, it is very easy to fake your GPS coordinates when you have root access to the device. There were/are some overlay mods that would put a directional pad on the Pokemon Go map so they could move their device’s location as if they were playing an actual video game on a virtual map of the globe.
So, of course, it’s in the Pokemon Go developer’s best interest to try and prevent this from happening.
As a user, you should be aware that some of your apps may or may not work when you have gained root access to the smartphone or tablet. It is a risk of rooting and you will want to do some research on your most-used apps/games to know if you have anything to be worried about.
Magisk does go out of its way to offer some ways of passing SafetyNet checks. This is a big cat and mouse game though, and the advantage could change multiple times throughout the year. Still, it’s a risk and it’s something you should know about ahead of time.
Samsung Apps and Services that Stop Working
Most smartphone OEMs will not actively prevent apps and services from working due to you having root access (or even failing SafetyNet checks). However, that isn’t the case for all companies. For example, Sony doesn’t actually penalize you for rooting your smartphone or tablet, but it will erase its camera algorithms (reducing image quality) if you choose to unlock its bootloader (which most people only do because they want to root the phone).
Samsung, on the other hand, takes steps to stop apps/services from working because it can’t guarantee the security of the smartphone anymore.
This is likely the same reason why Sony wipes out its camera algorithms. The average person doesn’t care, though. The average person won’t go hunting for Sony’s camera algorithms. The average person will know the risks involved in rooting the phone and that it could introduce vulnerabilities to certain security apps.
For example, most people want to continue using mobile payment services even if their phone is rooted.
Samsung seems as if it would rather err on the side of caution and not allow these types of vulnerabilities to impact its security features. So, if you install 3rd-party code (such as TWRP, Magisk, Xposed, etc.) on a Samsung smartphone or tablet then it will trip the company’s e-fuse service (which it calls KNOX).
The company uses KNOX to secure some of its apps, so if it has been tripped then you lose the ability to use the following apps. . .
- Samsung Health
- Samsung Pass
- Samsung Pay
- Secure Folder
- Secret Mode (in Samsung’s Internet Browser)
Root Introduces Security Risks
Some of the root methods available are open source and this minimizes the risk of security-related incidents. However, SuperSU used to be the go-to root solution and its code has been closed source. Meaning, over the years there could have been exploits found within SuperSU.
I make this point because modern-day root methods have always had a companion app that gives the user the ability to grant root access to deny root access. Therefore, if you gained root access to your smartphone then you should get a prompt each time an app asks for root access.
You can grant root access on an app by app basis though, so most people rarely see the prompt.
With a closed source solution such as SuperSU, an exploit of the software could allow a malicious application to bypass the root access prompt. Now, an open-source solution, like phh’s superuser, can have the same exploit but the chances are minimalized since the code is freely available for people to look at.
So, we can minimize these security risks by using an open-source solution. We can also minimize these risks by only downloading apps and games from trusted sources. I know. Premium apps and games can be expensive and it can be tempting to download a cracked one off some sketchy website.
Even if the source isn’t sketchy, there are a lot of risks involved when installing from unofficial sources.
Just don’t go down this route unless you have to. Some sources, like APK Mirror, are safe as they have checks in place to prevent code from being injected into the apps it offers. Still, even that is another risk to take since it introduces yet another layer which can potentially be exploited.
You can also minimize these risks by not granting root access to every application that asks for it. A mobile game has virtually zero reasons to have root access. So if you see this prompt appear then just deny it. The root may still ask for root access but as long as you keep denying it then it can’t do much harm.
Instead, only grant root access to apps you know actually need it.
I could list a few more examples but I think this is a great start. If you have any questions about a specific device or scenario then please feel free to ask. There are still some common risks that people say but those are actually more myth than fact. So I think it will be best to save those for a Myths of Root article.