updated 3/6/2012 6:24:35 PM ET 2012-03-06T23:24:35

Hacking your Android smartphone or tablet doesn't have to be left to the criminals who want to steal your money or personal data. Any user can do it, and sometimes the device's security will even be better as a result.

So should you hack your Android device? As with many things, the answer is: It depends.

"Rooting" a phone (known as "jailbreaking" if you're using an Apple device ) basically means giving yourself administrative privileges, becoming a "superuser" who controls the root directory. That allows more control to the system. But just because any user can root a phone doesn't mean every user should.

The pros...

First, let's look at the benefits. Android devices have a tough row to hoe with security. The system is open, which means the information about how it works is available to anyone. Unlike as with Apple's iOS mobile platform, there are few restrictions on what a third-party Android app can be programmed to do, although the Android Market recently added its " Bouncer " service to get rid of obvious malware.

Security patches are constantly being issued for the latest versions of the Android operating system. The latest major version, Android 4.0 or "Ice Cream Sandwich," offers firewall support, for example. But getting Ice Cream Sandwich on your smartphone or tablet depends on whether your cellular carrier or device manufacturer has got around to it yet.

[ 8 Android Trojans You Need to Watch Out For ]

On top of that, there's the sheer variety of Android devices, each with its own tweaks to the OS. Because of that, the version of Android that runs on an HTC Inspire, for example, is a bit different than what runs on an HTC Thunderbolt. Cellular carriers then toss in their own tweaks and add-on software as far as the manufacturer modifications will let them.

"Carriers have to build to the lowest common denominator" of possible manufacturer modifications, said Don DeBolt, director of threat research at Total Defense in Islandia, N.Y.

If a carrier doesn't push out every Android system or security update to every user in its network, it may be because, unlike with iPhones or BlackBerrys, there can be big differences in the hardware between users.

An alternate universe

So if you want the latest and safest version of Android, you won't always get it from a carrier or handset maker. Variations on Ice Cream Sandwich will soon be available from the developers of CyanogenMod or MIUI, two free alternative builds or "ROMs" for Android-based phones. The websites for both offer step-by-step instructions for rooting your handset or tablet.

CyanogenMod and MIUI (pronounced "Me You I"), both currently based on Android's Gingerbread 2.3 kernel, have user interfaces somewhat different from stock Android, and some users say they offer better stability and security as well. For example, MIUI adds a built-in firewall while CyanogenMod offers the ability to fine-tune permissions given to apps (such as the ability to send and receive text messages).

"That comes in handy when dealing with malware," said Jimmy Shah, mobile security researcher at Santa Clara, Calif.-based McAfee. "Normally, a user would need to accept all permissions to run a program, allowing the malware free access to your device and the ability to cost you money or steal private information."

Aside from external threats, there's often the problem of unwanted carrier- or manufacturer-installed Android software. Sometimes it's just an annoyance, but it can be more insidious.

The hidden application Carrier IQ, which came installed on some Android phones, logged information about users' text messages and keystrokes. According to the developer, that was only to diagnose problems on a network. But later it emerged that some of that information did end up on the CarrierIQ company's servers. Rooting the phone lets you get rid of such software.

Lastly, there's "device masking," or pretending that your device is a different model than the one you're really using. CyanogenMod offers this feature.

Jason Hall, who writes the Tech Review… In Review blog noted that an Amazon Kindle Fire can run any Android app, but will only install apps purchased through Amazon. Masking it as a Samsung phone allows a user to get apps directly from the Android Market.

… and the cons

So with all those benefits to privacy, security and expandability, why not root your Android device?

Well, rooting does take a bit of technical skill. Unless you know what you're doing, you run the risk of "bricking" the phone. As the name suggests, that renders the phone into an expensive paperweight. This isn't a complete disaster – one can usually "factory reset" the phone, with some work. But odds are you'll void the warranty.

Then there's the question of who to get the software from. CyanogenMod is well-regarded, as is MIUI. Both, for instance, have websites that show how to contact support or have support forums.

It's less clear whether you should trust other websites, many of which offer a ways to root your device but don't seem to have any way to contact them. There are many developer forums and online communities, but for the average person, searching them can be daunting.

"The bottom line is, who do you trust?" DeBolt said.

It's also important to understand that rooting the phone doesn't alter the fact that hackers and scammers are always trying to get around security protections, even if you have features such as adjustable app permissions. You may still need to install mobile anti-virus software, whether it's free or paid for.

"There will always be the risk that more complicated malware can bypass such controls by using new or unknown vulnerabilities to gain root access, whether or not you modify your phone OS," Shah said.

© 2012 SecurityNewsDaily. All rights reserved


Discussion comments


Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments