Android rooting is the process of allowing users of smartphones, tablets, and other devices running the Android mobile operating system to attain privileged control (known as "root access") within Android's sub-system.
Rooting is often performed with the goal of overcoming limitations that carriers and hardware manufacturers put on some devices, resulting in the ability to alter or replace system applications and settings, run specialized apps that require administrator-level permissions, or perform other operations that are otherwise inaccessible to a normal Android user. On Android, rooting can also facilitate the complete removal and replacement of the device's operating system, usually with a more recent release of its current operating system.
Root access is sometimes compared to jailbreaking devices running the Apple iOS operating system. However, these are different concepts. Jailbreaking describes the bypass of several types of Apple prohibitions for the end user: modifying the operating system (enforced by a "locked bootloader"), installing non-officially approved apps via sideloading, and granting the user elevated administration-level privileges. Only a minority of Android devices lock their bootloaders—and many vendors such as HTC, Sony, Asus and Google explicitly provide the ability to unlock devices, and even replace the operating system entirely. Similarly, the ability to sideload apps is typically permissible on Android devices without root permissions. Thus, it is primarily the third aspect of iOS jailbreaking relating to giving users superuser administrative privileges that most directly correlates to Android rooting.
Rooting lets all user-installed applications run privileged commands typically unavailable to the devices in the stock configuration. Rooting is required for more advanced and potentially dangerous operations including modifying or deleting system files, removing carrier- or manufacturer-installed applications, and low-level access to the hardware itself (rebooting, controlling status lights, or recalibrating touch inputs.) A typical rooting installation also installs the Superuser application, which supervises applications that are granted root or superuser rights. A secondary operation, unlocking the device's bootloader verification, is required to remove or replace the installed operating system.
In contrast to iOS jailbreaking, rooting is not needed to run applications distributed outside of the Google Play Store, sometimes called sideloading. The Android OS supports this feature natively in two ways: through the "Unknown sources" option in the Settings menu and through the Android Debug Bridge. However some carriers, like AT&T, prevent the installation of applications not on the Store in firmware, although several devices (including the Samsung Infuse 4G) are not subject to this rule, and AT&T has since lifted the restriction on several older devices. As of 2012[update] the Amazon Kindle Fire defaults to the Amazon Appstore instead of Google Play, though like most other Android devices, Kindle Fire allows sideloading of applications from unknown sources, and the "easy installer" application on the Amazon Appstore makes this easy. Other vendors of Android devices may look to other sources in the future. Access to alternate apps may require rooting but rooting is not always necessary.
Rooting an Android phone lets the owner modify or delete the system files, which in turn lets them perform various tweaks and use apps that require root access.
In the past, many manufacturers have tried to make "unrootable" phones with harsher protections (like the Droid X), but they are usually still rootable in some way. There may be no root exploit available for new or recently updated phones, but one is usually available within a few months.
The process of rooting varies widely by device, but usually includes exploiting one or more security bugs in the firmware of (i.e., in the version of the Android OS installed on) the device. Once an exploit is discovered, a custom recovery image can be flashed which will skip the digital signature check of firmware updates. Then a modified firmware update can be installed which typically includes the utilities needed to run apps as root. For example, the
su binary can be copied to a location in the current process' PATH (e.g.,
/system/xbin/) and granted executable permissions with the
chmod command. A supervisor application, like SuperUser or SuperSU, can then regulate and log elevated permission requests from other applications. Many guides, tutorials, and automatic processes exist for popular Android devices facilitating a fast and easy rooting process.
The process of rooting a device may be simple or complex, and it even may depend upon serendipity. For example, shortly after the release of the HTC Dream (HTC G1), it was discovered that anything typed using the keyboard was being interpreted as a command in a privileged (root) shell. Although Google quickly released a patch to fix this, a signed image of the old firmware leaked, which gave users the ability to downgrade and use the original exploit to gain root access. By contrast, the Google-branded Android phones, the Nexus One, Nexus S, Galaxy Nexus, Nexus 4 and Nexus 5, as well as their tablet counterparts, the Nexus 7 and Nexus 10, can be boot-loader unlocked by simply connecting the device to a computer while in boot-loader mode and running the Fastboot program with the command
fastboot oem unlock. After accepting a warning, the boot-loader is unlocked, so a new system image can be written directly to flash without the need for an exploit.
Another method involves the Unlock-Root program. The user must accept a warning, then a new image is written directly on the internal memory, without any exploit.
Until the early 2010s, the response of tablet and smartphone manufacturers and mobile carriers had typically been unsupportive of third-party firmware development. Manufacturers had expressed concern about improper functioning of devices running unofficial software and related support costs. Moreover, firmware such as CyanogenMod sometimes offers features for which carriers would otherwise charge a premium, such as tethering. As a result, technical obstacles such as locked bootloaders and restricted access to root permissions have commonly been introduced in many devices. For example, in late December 2011, Barnes & Noble and Amazon.com, Inc. began pushing automatic, over-the-air firmware updates, 1.4.1 to Nook Tablets and 6.2.1 to Kindle Fires, that removed users' ability to gain root access to the devices. The Nook Tablet 1.4.1 update also removed users' ability to sideload apps from sources other than the official Barnes & Noble app store (without modding).
However, as community-developed software began to grow popular in the late 2009 to early 2010, and following a statement by the Copyright Office and Librarian of Congress (US) allowing the use of "jailbroken" mobile devices, manufacturers and carriers have softened their position regarding CyanogenMod and other unofficial firmware distributions. Some manufacturers, including HTC, Samsung,Motorola and Sony Ericsson, even actively provide support and encourage development.
In 2011, the need to circumvent hardware restrictions to install unofficial firmware lessened as an increasing number of devices shipped with unlocked or unlockable bootloaders, similar to the Nexus series of phones. Device manufacturer HTC has announced that it would support aftermarket software developers by making the bootloaders of all new devices unlockable. However, carriers, such as Verizon Wireless and more recently AT&T, have continuously blocked OEMs, such as HTC and Motorola, from releasing retail devices with unlocked bootloaders, opting instead for "developer edition" devices which are only sold unsubsidized, off contract. Similar in practice to Nexus devices, but for a premium and with no contract discounts.
In 2014, Samsung released a security service called Knox, which is a tool that prevents all modifying of system and boot files, and any attempts set an eFuse to 0x1, permanently voiding the warranty.
Rooting a device involves circumventing its technological protection measures (in order to allow root access and running alternative software), so its legal status is affected by laws regarding circumvention of digital locks, such as laws protecting digital rights management (DRM) mechanisms. Many countries do not have such laws, and some countries have laws including exceptions for rooting.
International treaties have influenced the development of laws affecting rooting. The 1996 World Intellectual Property Organization (WIPO) Copyright Treaty requires nations party to the treaties to enact laws against DRM circumvention. The American implementation is the Digital Millennium Copyright Act (DMCA), which includes a process for establishing exemptions for non-copyright-infringing purposes such as rooting. The 2001 European Copyright Directive implemented the treaty in Europe, requiring member states of the European Union to implement legal protections for technological protection measures. The Copyright Directive includes exceptions to allow breaking those measures for non-copyright-infringing purposes, such as to run alternative software, but member states vary on the implementation of the directive.
In 2010, Electronic Frontiers Australia said that it is unclear whether rooting is legal in Australia, and that anti-circumvention laws may apply. These laws were strengthened by the Copyright Amendment Act 2006.
In November 2012, Canada amended its Copyright Act with new provisions prohibiting tampering with digital locks, with exceptions including software interoperability. Rooting a device to run alternative software is a form of circumventing digital locks for the purpose of software interoperability.
There had been several efforts from 2008-2011 to amend the Copyright Act (Bill C-60, Bill C-61, and Bill C-32) to prohibit tampering with digital locks, along with initial proposals for C-11 that were more restrictive, but those bills were set aside. In 2011, Michael Geist, a Canadian copyright scholar, cited iPhone jailbreaking as a non-copyright-related activity that overly-broad Copyright Act amendments could prohibit.
The Free Software Foundation Europe argues that it is legal to root or flash any device. According to the European Directive 1999/44/CE, replacing the original operating system with another does not void the statutory warranty that covers the hardware of the device for two years unless the seller can prove that the modification caused the defect.
India's copyright law permits circumventing DRM for non-copyright-infringing purposes. Indian Parliament introduced a bill including this DRM provision in 2010 and passed it in 2012 as Copyright (Amendment) Bill 2012. India is not a signatory to the WIPO Copyright Treaty that requires laws against DRM circumvention, but being listed on the US Special 301 Report "Priority Watch List" applied pressure to develop stricter copyright laws in line with the WIPO treaty.
Rooting might be legal in Singapore if done to provide interoperability and not circumvent copyright, but that has not been tested in court.
The law Copyright and Related Rights Regulations 2003 makes circumventing DRM protection measures legal for the purpose of interoperability but not copyright infringement. Rooting may be a form of circumvention covered by that law, but this has not been tested in court. Competition laws may also be relevant. See also "Europe" section above.
Under the Digital Millennium Copyright Act rooting is illegal in the United States except by exemption. The U.S. Copyright Office currently grants phones an exemption to this law "at least through 2015".
In 2010, in response to a request by the Electronic Frontier Foundation, the U.S. Copyright Office explicitly recognized an exemption to the DMCA to permit rooting. In their ruling, the Library of Congress affirmed on July 26, 2010 that rooting is exempt from DMCA rules with respect to circumventing digital locks. DMCA exemptions must be reviewed and renewed every three years or else they expire.
On October 28, 2012, the US Copyright Office updated their exemption policies. The rooting of smartphones continues to be legal "where circumvention is accomplished for the sole purpose of enabling interoperability of [lawfully obtained software] applications with computer programs on the telephone handset." However, the U.S. Copyright office refused to extend this exemption to tablets, arguing that the term "tablets" is broad and ill-defined, and an exemption to this class of devices could have unintended side effects. The Copyright Office also renewed the 2010 exemption for unofficially unlocking phones to use them on unapproved carriers, but restricted this exemption to phones purchased before January 26, 2013.
Tim Wu, a professor at Columbia Law School, argued in 2007 that jailbreaking is "legal, ethical, and just plain fun." Wu cited an explicit exemption issued by the Library of Congress in 2006 for personal unlocking, which notes that locks "are used by wireless carriers to limit the ability of subscribers to switch to other carriers, a business decision that has nothing whatsoever to do with the interests protected by copyright" and thus do not implicate the DMCA. Wu did not claim that this exemption applies to those who help others unlock a device or "traffic" in software to do so. In 2010 and 2012, the U.S. Copyright Office approved exemptions to the DMCA that allow users to root their devices legally. It is still possible to employ technical countermeasures to prevent rooting or prevent rooted phones from functioning. It is also unclear whether it is legal to traffic in the tools used to make rooting easy.
New Zealand's copyright law allows the use of technological protection measure (TPM) circumvention methods as long as the use is for legal, non-copyright-infringing purposes. This law was added to the Copyright Act 1994 as part of the Copyright (New Technologies) Amendment Act 2008.