2

The Android Debug Bridge (ADB) itself has root access (after executing the adb root command). Can that be used to give the same privileges to apps on the device? Is there a file somewhere in the system that keeps track of which user (app) has root access and can it be modified? If it helps I've already put the app in the system folder so it's regarded as a system app now.

Stormtrooper
  • 33
  • 1
  • 3

1 Answers1

3

Nope. Though you could use e.g. pm grant and grant it SUPERUSER, but that would have no effect if the app hadn't declared that in its manifest. And if it had, it wouldn't be necessary to grant it manually.

An app must actively request superuser privileges in order to gain it – and even then it only works with a superuser app in place (acting as "gate keeper") that then pops up a message for the user to confirm.

Izzy
  • 91,166
  • 73
  • 343
  • 943
  • Ah, I had hoped it could be done without a superuser app. Too bad but thanks for your time. – Stormtrooper Nov 14 '18 at 11:32
  • 1
    If it could be done without a superuser app, it would be too bad – for security :) – Izzy Nov 14 '18 at 12:38
  • True but after the ADB is allowed you can already compromise security in many ways. I've tried making my app a system one on two different devices. On one making the app a system one automatically gave it root privileges but in the seconds case it does not... Better security I guess. – Stormtrooper Nov 14 '18 at 12:45
  • Does that mean that granting SUPERUSER with pm grant effectively does nothing? – Raimund Krämer Nov 14 '18 at 15:48
  • Granting anything an app has not in its manifest does nothing AFAIK, @RaimundKrämer. – Izzy Nov 14 '18 at 15:56
  • Since you said that it is granted anyway if it is in the manifest, does that make the command obsolete? – Raimund Krämer Nov 14 '18 at 16:09
  • In the old days of TowelRoot, an app could be granted root access without a superuser app acting as middleman, so that part isn't necessarily true. – Grimoire Nov 14 '18 at 16:21
  • If a user-app declared a permission reserved for system-apps (classic example: READ_LOGS), the command would have effect. And I doubt the part of Towelroot (though theoretical one could introduce a superuser app that simply grants everything without user interaction, I wouldn't want that on any of my devices for security reasons). But please, no more discussion here. Drop into our chat room instead :) – Izzy Nov 14 '18 at 16:24