The recent fiasco surrounding Google Wallet being exploited through root has forced a lot of Android users and developers to take a look at security on their phones. CyanogenMod has released a PSA of sorts explaining some of their recent patches to CM9 and tells us why root was the main focus.
… All Custom ROMs (CyanogenMod included) ship with one major security risk — root!
This is the basis of the Google Wallet scandal. When on a rooted phone, applications are at risk of having data accessed and this is why Google has taken the stance of saying Google Wallet is unsupported when on a rooted phone. Cyanogen’s new patches disable root in a selective way which allows for a bit more security on your phone.
The patches change root as followed:
- Enabled for ADB only
- Enabled for Apps only
- Enabled for both
The CyanogenMod team didn’t want to go so far as to change the root ecosystem as it is now but still offer a way to keep it in check on user’s phones. The changes allow the user to decide what gets root and when, whether it be through ADB or allowing Apps to have access.
CM admits “shipping root enabled by default to 1,000,000+ devices was a gaping hole” but they are trying to stem the tide with this change. One note though is that CM cannot do anything for unlocked bootloaders and recovery, those still remain issues that cannot be tackled, “there is little to nothing we can do on that front.” CM says that common sense is the most basic security tool.