The root of the problem -- is there a need for elevated privileges on Android?
Playing with root-friendly apps was one of my favorite activities whilst being an Android user. There was something that I can't quite put my finger on -- be it the empowering feeling that I got or the endless possibilities that were available at my disposal -- that attracted me towards having elevated privileges on the green droid operating system.
I would run my Android smartphone with an overclocked processor (and, even GPU) -- which I enjoyed, as it made everything faster -- but, through root, also gained access to some other features, such as the ability to change color profiles, access system-level files and create and restore backups. These are all things that one can't do when running an untouched version of Android. Undeniably, as you can see, rooting has its perks.
Rooting Android also provided another bonus -- the allure of increased security. Let me give you the quick rundown. In short, enabling elevated privileges is done by exploiting a security hole and controlling it in order to gain the needed access. Therefore, by rooting, the operating system is basically affected by one less flaw (if you know what you are doing, of course). When a piece of malware requests high-level permissions, users receive a prompt from the root management app, allowing them to deny the action.
Truth be told, that has more to do with user awareness rather than raising a barrier against malware. But rooting also made way to installing advanced security software, like Avast's Mobile Security & Antivirus and Cerberus, which allows folks to remotely enable GPS-tracking on lost devices and use a firewall, among other features.
Needless to say, if you are a control freak (like me), then you probably enjoy root on Android as well. But, and there's always a "but", not all users who enable elevated privileges need all the benefits nor all the tasks that require root should actually receive it. With each new hardware and software iteration, rooting becomes less important. At one point in using Android, I gave up on this by going completely native and only running the usual, no-frills apps. More often than not, that is the safest method of keeping everything running as intended, because as with any third-party solution that doesn't come from the official team of developers or manufacturer, some (major) bugs do arise.
Steve Kondik, the founder of CyanogenMod (a popular custom Android distribution), believes that root should be abolished from future CM versions, and framework extensions and APIs should be used instead, in order to achieve similar results. Why? Well, because in Android 4.3, enabling elevated permissions "might severely compromise the security of the system". Kondik says that the developers "should start considering better options". The man, however, says that rooting still makes sense on devices running stock distributions, due to software limitations and the inability to perform "any sort of real changes or improving the architecture".
Kondik's post on Google+, which he calls "The Death of Root", raises important questions over the actual need for root. There are "good use cases" (the man provides security solutions and network tweaks as valid examples), but those are not representative for the entire root user base. Judging by the responses that followed the post, a significant part of Kondik's Google+ followers use elevated privileges solely to perform and restore backups, which at its core is a non-threatening task to the security and stability of the system. And, this could be built-into Android or CyanogenMod, further alleviating the need for root. Fact of the matter is, Koushik Dutta's (a CyanogenMod developer) Helium app (previously known as Carbon) already allows users to perform and restore backups, since its late-January release, without requesting root access.
I mentioned earlier that root can beef up the security of Android. That's true, but it also means that users have to constantly keep a close eye on which apps receive the granted permissions. This can potentially become a problem when said apps appear to have the user's best interests at heart, but sneak in a backdoor which can be accessed by hackers -- they appear to be non-threatening, disguising themselves as utilities, for instance. And, it can also be a problem for users who are not familiar with the type of elevated permissions that such apps have to receive in order to perform the touted tasks.
Like Kondik said, there are some cases in which users actually need root access (like to remove bloatware from a stock distribution). But, outside of this scenario, are the trade-offs worth it? Isn't root actually overused (or, better said, underused by enthusiasts) as the easy way out when it comes to carrying out mundane tasks, which could otherwise be performed in a safer and less intrusive manner? Today, the answer appears to be closer to a resounding "Yes" rather than a vocal "No".