A number of Android ROMs conventionally provide root access to users by default. However, the developers have been raising concerns regarding the security issues that are prompted due to this. Now, CyanogenMod, one of the most popular custom ROM choice for many users, has disabled the option to have root access by default. Users can still gain such access through manual configuration.
Folks at the official CyanogenMod blog announced this while pointing to the security threat posed by such default access to the root. In their own words, ‘All Custom ROMs (CyanogenMod included) ship with one major security risk — root!.’
The developers of this ROM have now applied multiple patches to the ROM which have addressed this issue. Now, users have the choice to go for multiple configuration options regarding root access. These are ‘Disabled’ , ‘Enabled for ADB only’ , ‘Enabled for Apps only’ and ‘Enabled for both.’
As a result of this change, a user will have to explicitly enable the root access while being fully aware that the root may then perform such actions which can be a security risk to his machine and data. However, once the user enables this access, the ROMs functions normally like it does when the ROM comes with default root access.
Developers have long been wanting to apply the change but since most users are in a habit of getting ROMs with default root access, the action has been stalled for some time. Now that the change has been implemented, they hope that it will help improve the security and data integrity of the users. According to CyanogenMod developers, ‘Shipping root enabled by default to 1,000,000+ devices was a gaping hole. With these changes we believe we have reached a compromise that allows enthusiasts to keep using root if they so desire but also provide a good level of security to the majority of users.’