This isn't illegal. Many Android manufacturers and carriers block the ability to root – what's arguably illegal is the act of circumventing these restrictions. Rooting or jailbreaking is a process where the user removes restrictions to overcome the limitations set by manufacturers on their OS. Though the process is legal, a user must know the complete process before attempting it.
Rooting
Let us start with the rooting of Android devices and its backstory. Android is an operating system based on Linux kernel. In Linux environments, the system administrator is a user called “root”. For security reasons the Android operating system does not allow the user to perform certain operations. In practice it means the user does not have administrator privileges. Rooting is the operation that allows the user to obtain system administrator privileges (become “root”). Therefore, to be able to perform operations on the smartphone, that are normally impossible. Here is what the user can do, once obtained the administrator privileges:
Uninstall any applications from the phone.
Update to later system versions or install a custom ROM
Jailbreaking
Let us move to jailbreaking – a practice reserved for iPhone owners. Apple built the iOS (that is the name of the system on board of iPhones) based on BSD – a UNIX-like operating system. Its philosophy is different from Android's one, as it allows the installation of only official applications via the App Store. This big difference compared to Android certainly makes it less vulnerable, as the apps on the App Store are verified and approved, before being made downloadable by users. As well as rooting, jailbreaking allows “privilege escalation”, but with a few technical and theoretical differences. iPhone has multiple “by design” restrictions, so for example, you can only use the default browser or email client. In practice, jailbreaking is commonly used to install applications from outside the App Store (what the Android users can do without restrictions). While Android rooting basically allows you to gain complete control of the operating system, jailbreaking can only remove some restrictions present in the software.
Security risks
However, there is something in common between these two techniques: the security risks they introduce to the devices.
“With great power comes great responsibility”, said Spiderman. The same is true for rooting. Total control without full knowledge of the operating system can damage the device. Moreover, any malicious application has no obstacles to access system files, phone data, leading to serious consequences. One of the first things Android malware performs on a device is an attempt to obtain root privileges. If the smartphone is successfully rooted, the malware can steal passwords, delete system files, and even modify the firmware, that cannot be fixed with a factory reset. Sandbox is an iOS protected environment, where applications run. It is the main iOS defense, as it restricts access to some data and system files as well as prevents the running apps from crashing. Minimizing the chance to install malicious apps, Apple guarantees greater security to its users. Jailbreaking disables it, making the operating system and the user data extremely vulnerable to malware and trojan attacks.
What you can do to stay protected?
There is just one recommendation for you as a conclusion. Please, do not root or jailbreak your device, unless you are sure of what you do. At the same time companies can do more to address such security risks. The easiest way is to block rooted and jailbroken devices from accessing the corporate network. The other way is to constantly monitor security events from the corporate network to timely detect any lateral movements in case of a cyber-attack.
FOLLOW US ON INSTAGRAM,FACEBOOK AND PINTEREST
DISCLAIMER
The information is provided by Tecquisition for general informational and educational purposes only and is not a substitute for professional legal advice. If you have any feedback, comments, requests for technical support or other inquiries, please mail us by tecqusition@gmail.com.
Comentarios