Shared publicly  - 
It's good to see the blogs picking up our story about easing back on the root capabilities by default in CM9. I have no plans to take root away from anyone, but I (and the CM team in general) think that for most things, it shouldn't be needed. If there are awesome things that you want to be able to do that currently require root, lets find ways of enhancing the system to create APIs for them. Firewall capability is a good example here- there's no API for managing rules. Obviously we have to tread very carefully to make sure that we aren't opening up security holes.

Adding root capability to a stock ROM is useful because you are obviously limited in the fact that you can't really modify the framework in a straightforward way. This isn't so with CM, we can change anything we need to.

What are some reasons that you need root access on CM? My guess is that firewalls and adblockers are at the top of the list.
Daniel Serodio's profile photoNicholas Knowles's profile photoИван Чмых's profile photoMarcin Jaworski's profile photo
It's all about choices; the more, the better.
+Lino Barreca Titanium is a good one. So is SetCPU, but we added our own CPU settings that don't require root permission (we chmod the sysfs nodes so the system user can write to them).
I think that as long as I can turn the root access back on easily, like the check box for installing 3rd party apps, I don't care what you limit. My preference would be for a more granular control built in, sure, but it will be hard to predict what people will need so turning off all root access is a bad thing.
don't need adblock, but I do need root explorer to replace my hosts file ;)
I need root for SSH tunneling. I use the app "SSHTunnel" which requires root for setting proxy for entire system or individual apps.
Titanium Backup, Adblock, OC, UV...
Ho Liu
Market unlocker and to reshuffle apps (although I could do that out at recovery)
Uninstalling stock apps - Adblocking - Over/Underclocking - Task Manager App - Camera Sound Off - Rom Manager App - Titanium Backup - Moving All Apps to SD - Market Unlocker (if you don't live in Europe or USA you know what I mean) - etc etc etc
Rom manager, Titanium Backup and root explorer is my current root apps. :-)
Cache Cleaner NG
ES File Explorer
When will we see permission management again in CM9?
Replacing the stock launcher and dropping widgets
Adfree, Titanium Backup, Light Flow (GNex), busybox .... a few others. Oh and Root Explorer most definitely
Titanium Backup is probably the biggest one for me personally... if that could be used without root, I could see going unrooted
Titanium and Avast. Not the Firewall but the anti-Theft root integration.
As long i ca reactivate Root like described in a previous cm Post everyting is fine To me.
Titanium Backup is definitely the biggest, also recently LBE Privacy.
Changing modifying or removing certain system apps or apks
+Levi Wilcox the hosts file is a real security issue, if a malicious app can say point or to a IP address of his choice, then you have a big problem.

If CM can have its own way to manipulate the hosts and we can manually add to the list domains we want to block, but only direct them to the loopback address and not any other IP address, that would probably be the most secure way to block ads IMO.
Titanium Backup is the only app I really would like to be able to use with CM that requires root.
GetRIL, ES Explorer, Nova Launcher, If there where all functions natively sure I don't need root.
Changing DPI on my Galaxy Nexus, Adfree, ROM Manager, Titanium Backup.
titanium is really the only thing i ever use root for. i dont mess with my cpu settings any more.
Light control, for the LED notifications. Most of the apps I've seen require root in order to do cool / funky things with the LED notifications. That's about the only reason I've rooted my Galaxy Nexus...
Titanium Backup, ROM Manager/Mobile Odin/CWM Manager, AdBlock, SetCPU/Tegrak Overclock are mainly the things I need root to use.
I hope su or sudo from the bash shell will still be enabled.
You're right, the adblocker is the main reason why even the tablet of my parents needs root! Number 2 on my List is Titanium Backup ;)
Titanium backup, and modifying bootanimations, plus adblocker (though I've been trying out leaving adblocker off my tablet and phone this last week and I'm starting to think I could live with ads if it supports developers I like)
+Steve Kondik It's snazzy features like this that keep us wanting, nay, needing CyanogenMod! Thanks a lot, and pass my gratitude on to the CM team, as well! You guys deserve it. Really looking forward to having CM9 on my Shooter.

As far as apps go, adfree for me. I fully intended to use titanium, even bought the pro version to support the dev, but always forget to back anything up before I flash. :D
Like +Vitor Gatti Removing default shipped apps like email, carhome and many more. If i don't use it, its gotta go.
My Backup Pro, TiBu, Better Battery Stats, Root Explorer, Slide Explorer
I think this is definitely a good thing. Maybe you could make a way to easily turn root on and then move apps like titanium backup to the system partition so that root could then be turned back off even for the people that use one or two root apps on a regular basis.
Deodex or odex, its all gravey for me.
Pretty much root explorer, titanium backup, and ad free for me. Other then that I think I could go without root in the rom. I can always flash undervolted kernels in recovery and as you mentioned, CM has a way of managing the CPU already.
Avast AntiTheft! ClockSync. MarketEnabler. And of course AdBlock and DroidWall.
Titanium backup is a huge reason for me.
Titanium backup, Adfree, Samba filesharing are the three root-only apps I can't live without.
As others, Titanium heads the list after any initial clean up of carrier nonsense.
Reasons to use root? TitaniumBackup, LightFlow (if CM9 ditches the notification profiles as was mentioned on the mailing list), Root Explorer, Screencast, Cerberus screenshots, ROM Manager, and configuring the GPS NTP settings. Oh, and QuickSSHd, too.
I need root for Market Access.
ROM Manager, Clockworkmod Recovery, and Titanium Backup all bear a mention for me.
yea i have a blog but no one ever reads it
I need root for Titanium Backup and Bluetooth tether.
Ray Dar
I use root when developing. I adb pull and push test databases, configuration files, and other data.
Titanium, RootExplorer, ClockSync, SetCPU
Font changer theme battery color changer YOU NEED A APPSTORE
All I use root for are DroidWall, Rom Manager and Titanium Backup, plus adb root access to replace /etc/hosts, which seems to be a common selection.
my vote, to keep root as this option hidden somewhere in menu.... :) honestly - how many programs need continously root ?
Backup/Restore is a big one for me. I have a phone, and two tablets, that I all use at various times through out the week depending on circumstances. One tablet has 3G (Xoom), Galaxy Tab IO edition is WiFi only but thinner and lighter. Anyway, I sync games between the 3 devices using Titanium Backup and Dropbox integration. This way, when I'm playing X on my phone, and want to continue it on my tablet laying in bed, I can do so, and don't have to start all over again. When I make progress, I backup again to Dropbox, and restore it on my phone so I can keep progressing instead of having to play 2 or 3 separate games since most games don't save their game data to the cloud (yet?). This is primarily what I use root for.
I really want root to be able to do 2 things: 1) to be able to backup my applications in case I screw something up and I need to go back and repair it; and 2) to be able to change things in the system that I don't like, for example, removing the annoying loud camera sound or something like that.
Rom Manager is the only thing I need root for.
ClockSync, ORBOT (Tor), Titanium Backup, firewall, Root file explorer. Also the terminal every now and then
Titanium, change dpi. I want to have the possibility to gain root on my devices, but i'm fine if it is more difficult.
If you make any cool APIs (like the firewall one for example) are you gonna submit it to AOSP? Is Cyanogenmod about improving Android in general, or just creating a better Android?
Titanium and sometimes market enabler! :)
Current apps in Superuser: AutoKiller, Better Terminal Emulator, CacheMate, Call Master, Dual Mount SD, ROM Manager, Roam Control, Root Explorer, Titanium Backup
titanium backup, marketenabler
Titanium, Root Explorer, tweaks and hacks. Honestly, if you'd like to make devices more secure, just require a password before anything is given root access (like any Linux distro does).
Hey +Steve Kondik can you add settings for kernel tweaks such as the ns tools app has also more control of the CPU governor for things like lulzactive hot plug lazy, and the like so that apps like set CPU are no longer needed at all.
Titanium backup is one of the best uses of root. Call master is another good one.
Titanium/Busybox. Used to be to get tether apps on my G1, but need to root has been reduced. With a non-root Titanium, think I'd be ok. CM9 making this optional, hidden away makes a huge amount of sense. Far more control. To default to non-root enabled is the sensible decision. At this point, Google really should be offering this as a choice too somehow.
Titanium, SetCPU, Rom Manager, Volume+, and Root Explorer are all I use root for. Would be nice to have those functions without the security holes.
More apps without the necessity of root would be fantastic - kind of staying in the sandbox, but making the sand reach toward a few more things. I mainly use root for ES File Explorer, Titanium Backup, and SetCPU. Short of that, it's pretty scarce. The more things we can do in the sandbox, the fewer things we need to do outside of it.
There are many apps that require root/su access in order to function and give the advanced user access to linux files residing in /system for example. One of the best examples, Titanium Backup. It would not function if phone didnt have root access. Also AdFree which updates hosts file to block out crap I would rather not see. I think asking the devs that make these apps to write them so root is not needed would be too much trouble for them to code it that way.
+Steve Kondik oyu guessed right: adblocker and a firewall are absolutely the most important usecases for the root-access
Titanium backup and ClockSync are the biggies for me
SQLite, File Expert, tons others have said. Still think it's a good idea to be able to turn it off though.
My current apps requiring root: BetterBatteryStats, DiskUsage, MarkenEnabler, Orbot, ROM Manager, Root Explorer, Samba Filesharing, Titanium Backup

I think it's not really necessary to disable root by default since Superuser will ask you every time something want to use it so i don't really see this as any kind of security hole.
Sure it also makes sense to disable it by default just to make sure but if you do so, there should be always an easy way (like in the developer settings) to make it rooted.
Titanium backup, oc and uv
And his awesome control app
Quickboot for power control with a broken HW button on my N1
Titanium Backup and LBE are probably the two biggest, also there are some enhanced features in some products like +Cerberus .

Ad blocking is meh

I do agree with others that as long as SU lets us control which apps get root access it's not really a benefit to disable root by default in CM (though it if were a stock ROM in a phone that was being sold to ordinary consumers I could totally see it)
Titanium backup... so great for restoring/changing roms and even phones... my main reason for root
Titanum, the NotEnoughSpace app and DiskUsage access to /data/data. The latter two would be much less important if the Incredible had more space allocated there.
Rooting should be a simple tick box in CM9. It is off by default.

Oh, and I use root for removing applications manually, WidgetLocker, Screenshots and AdFree.
I only use root access for ROM Manager and franco.Kernel Updater. That's it.
If it's a simple "yes" or "no" checkbox for root or not, I'd say/think it'd be a good idea to implement that (if kept persistent though cm9 nighlies/updates. I'm sure a good number of people have some flavor or branch off of CyanogenMod on their phones due to a nerdier friend (I can think of a few of my friends off the bat in my case), who may not need root access for what they'll do. They shouldn't necessarily have root access, as they could definitely screw things up. As a "checkable" feature, I say "why not". I personally would definitely have that checked, but I sure know a few people who'd have cm7/cm9 on their phone/tab and will probably never need root.
adblocking, screenshots, tethering. also, just on general principle. its my damn phone, i should be able to do what i want with it.
Titanium Backup, SetCPU, ClockSync, adbWireless, ...
As I see it CM is giving out options, so if you need to use titanium i see no reason why you can't go to the settings and say root access needed or something like that.
Firewall to keep pesky apps from using data, removing the bloatware that hogs memory constantly runs in background and if I like certain specs on a phone but hate the skin I can remove the skin and unleash the full potential!
Faceniff + wifikill +droidsheep + and more...
Enable gps remotely for tracking!
Adblock, screenshot, overclock
Emulating hardware buttons, e.g. switching off the display with a desktop shortcut
Agreed, I don't think root is really 'needed' as a default option, having the user have to manually seek out and enable it is a good step. For root usage, firewalls and ad blockers are up there, also Titanium Backup for easier ROM changes. Apart from that, overclocking and undervolting would be the next things.
7:34 AM
I use adblocking apps and manage system apps ilke Cerberus. Other than that I don't really need root.
AC Loh
Titanium backup, market access, root explorer, adfree, rom manager,...
Packet capture, e.g. Wireshark to see how your apps are spying on you...
Titanium, ROM Manager...
Personally I like having root access at the command line (connectBot usually for me).. otherwise I try to avoid it in 3rd party apps.. titanium being the biggest exception .. file managers sometimes a runner up .. but usually I use the command line.. not sure if I like removing root by default on adb while developing.. but otherwise don't really use adb on a day to day phone frequently that I'm not in active rom development with.. and the exceptions to that rule I'm happy to reboot to recovery to update system manually.. As forbSetCPU: The last version of SetCPU I used used root to give global permissions to the cpufreq files.. I've decided to avoid setCPU since..
I dont need root, but in some cases its handy. A toggle like system would be cool :)
Nook USB Tweaks, ROM Manager, Permissions, etc... I'd be affected (without much affection ;-) if CM removed root access.
Cryptonite requires root to mount EncFS volumes with FUSE. /dev/fuse should really be rw for normal users, as is the case in most Linux distros.
Really the only thing i use/need root for is Root Explorer. Other than that CM has a lot of root uses built in.
There has got to be a way to backup app data without needing root. If this were possible then relegating root only to adb would be a great move for security purposes.
As long as it can be enabled for some apps.. Anyway titanium backup for me
I would be more secure if I had possibility to have an account system like Linux, admin vs user, default login user, and eventually a real su behaviour password protected....
titanium backup. that alone is worth rooting
Titanium, AdBlock, and a file explorer (ES in my case) are my major root apps. I use Light Flow but that probably won't be needed with CM9. On my old Nexus One and I imagine a lot of users' devices I needed a true a2sd solution that would require root.

I don't think any of those four use cases could ever be addressed within CM to eliminate the need for root.
System App remover is a must for root on my device, especially with builds based on CM (errrhem miui) I'm not a fan of all the preinstalled apps sometimes. Or if running a rooted stock, I like to be able to remove the bloatware that carriers and OEMS bog my devices down with.
Openvpn is really the only thing on cm9 that I need root for, unless you guys are bringing it back natively?
Although I do use other root apps, TiBu and Wi-Fi Tether are my biggest/most frequent causes of root access. Ad blocking is the other significant usage, although sometimes this comes pre-set in a ROM and thus not always requiring root access since there's no app changing things.
For me: AppExtractor (pick some bits from stock rom backup after switching to cm7, so a one-time thing). Nothing in everyday usage.

I don't see the point in making root configurable for apps. It's managed through SuperUser anyway, right? So its not like random apps can gain root without me agreeing ...

I welcome making this switchable for adb. I was a bit surprised to see adb gives me a root prompt. I had expected to get a non-root prompt, then be able to use su to get root permissions if needed.
+Laurent Ono-Sendai I agree with you. We need a UNIX style user profile system so we can sudo when we need to temporarily switch users to do something but otherwise have a secure system every other time.
+Ankit Aggarwal : isn't it called: Superuser app ? It asks you each time you launch app that require root, very similar to sudo
Batch uninstall/install apps without the system prompt for each one (speeds up the uninstall/install process perceptually [at least]) but if you were able to create an API for that, it could open up non-Google App Markets (Like fdriod ...) to have similar integration (press one button and it installs the app(s) in the background with the progress bar in the notification). It could be a separate dialogue box like the Device Administrators have to go through.
jo sad
Clearing files from /datadata. And a couple features in juice defender. TIBU of course. I wouldn't mind having to flash a root zip in CWM to obtain root.
Titanium backup and ROM Manager
As long as it's an easily attainable option for those that want it. I'm fine with the changes. It'll probably save some of us a few "hey I did something to my phone, can you fix it."
Titanium Backup, and it gives me more control from my Debian chroot.
I disagree with your direction and the entire "less rights" movement. Disappointed to see you lead CM in this direction.
Root is useful to grab some logs I can't without it. Dumpsys appears to require root to get surfaceflinger logs.
Root explorer, busybox, titanium backup, terminal emulator,
my superuser has: adfree, clocksync, connectbot, LBE, MyBackup Pro, and SwitchMe
DroidWall (for blocking games and apps, to not eat up my data if I don't need to to be online), ROM Manager, Terminal Emulator (for serveral things, I guess they are in /system/xbin/), Total Commander (uses it to read directory lists, uses Java functions instead)
Paul W.
Adfree, MyBackup Pro, ROM Manager, Root Browser, SD Maid, WiFiKill and WidgetLocker are the apps that have ROOT on my phone.
Currently I don't have CM on all my devices, but rather stock ROMs until CM9 comes out with at least a mostly stable Beta for my specific devices. I do have an Xperia x10 running CM7.1 though, and I love CM. I just hope future versions of CM DO NOT STOP SHIPPING WITH Root, even if they do take steps to make having Root more secure, like having it off by default.

Apps that MUST have Root and reside on ALL of my devices: Titanium Backup, Permissions Denied (Non-CM ROMS only), ROM Manager, AdAway, Autokiller Memory Optimizer (Minfree Manager), Autorun Manager (To kill CPU and Battery Hogs like Skype), Wifi Key Recovery, Orbot, SetCPU, Root Explorer

Apps that BENEFIT FROM Root and reside on ALL of my devices: JuiceDefender Ultimate Beta, Tasker, Lookout

Apps that MUST have Root and reside on my Tablet Only: TouchScreenTune (Allows me to adjust touch screen sensitivity so stylus works better) Voodoo Screen Tuning R&D (allows non-factory changes to display color settings), Secure Settings (Tasker Plugin, allows better overall Root functionality within Tasker), SwitchMe (Allows multiple user profiles, useful for troubleshooting bugs on specific Apps), DroidWall

Apps that BENEFIT FROM Root and reside on my Tablet Only: WidgetLocker, CaseSensor, Terminal Emulator, GScript Lite, Elixir

And those are just the utilities that I use. Typically that's the only reason I'd need Root. It makes sense to disable Root via ADB though, and limit it to apps only. Superuser.apk does an excellent job of notifying the user unless you've modified it's configuration, and if there are exploits in play which take advantage of it, then it's not a CyanogenMod problem, it's a problem within Superuser.apk and/or the android SU binary which needs to be addressed.

Naturally the reasons to root, in my opinion, are far greater. I do however applaud the CM team for giving this as an option...not everybody NEEDS Root by default...and this move makes Cyanogenmod all the better...because it allows the User to decide to take the risk inherently involved by a Rooted Device. Not saying this fixes ALL the problems but it does make security minded users more can root and unroot as needed if you can live without constant Root.

Obviously I don't see the point in having an Unrooted Android device. It feels wrong to me. I enjoy the freedom, thank you very much, and take full responsibility for the risks inherent with Root and it's constant availability.
In the end I'd like to see a permission for Root Access built into the Android Kernel. Something like "Can Request Root Access" and where only apps with this explicit permission can interact with Superuser.apk and gain root access and engage the user with a superuser prompt. This mode would be default alongside options like "Root Off". "Root On (For apps with Request Permission only)" "Root On (All apps can request)"

I don't mind that the devs of CM want to implement popular capabilities that require Root...if they can encourage developers to take advantage of that, it's fine. Just don't expect everyone to be willing to reinvent the wheel.
(Currently waiting for final cm9 release, currently on Gnex 4.0.4)
Samba filesharing app. I would like Samba filesharing built into CM, I use this all the time because the mtp on Gnex is really finicky while Samba always works and Samba is the easiest way I've found to share with my wifes macbook.
Titanium backup. CM should really have built in backup as robust.

advanced root options for Avast security. For this reason, I would agree, per app root access built in would be great.
Adfree, Titanium Backup, Root Explorer, ROM Manager, Tasker, AppExtractor, Clock Sync!

1. Titanium Backup
2. CPU controller apps.
3. Anti-theft apps with hard reset proof modules.
4. Ad Blockers.
5. Market Enabler.
6. GPS Aids
7. Root Explorer.

Enough reasons right there. But, why are you even considering removing root? Isn't that one of the core advantages of CM? Or are we headed towards to goof-friendly ROMs?
People panic way to much over this. Considering the fact that you are running CM and all it took to get there, rooting-it is simple comparing to that.
And they are not removing root, they just make it optional.
I didn't see it listed, but most screen shot tools require root (at least the ones I use).

Would be great if we could get a Titanium Backup, Root Explorer, Ad Block, Screen Shot, and whatever everyone else needs without root so we could use Google Wallet and rent Google Movies.
Remote screen display (from framebuffer) using ffmpeg? We have had screen capture for a while, but it would be nice to have screen recording (like ScreenCast app does) and streaming. The newer iOS devices can stream like this. Unbelievably useful in education.
+Alex Winkler in Android 4.0 (CM9) you can make screenshots by pressing volume down + power for 2 sec.

And i use:
- Avast (anti theft)
- adblock
- novaLauncher (the widget preview thing)
- Spirit FM (a real fm radio for CM9 on my sgs i9000)
If I could install CM9 without needing root im more certain to use it! Potentially less messing about, as rooting opens up more issues with warranty etc. For me CM is about being able to use stock Android with necessary functional editions, and not having to put up with OEM crap so that it looks different. I don't think there is anything I use that specifically needs Root...
The are only two applications I'm using now that require root access: ROMManager and ClockSync. ROMManager for HTC Desire is outdated now (no new official CM updates anyway, even 7.2.0-RC1 is not available) so it is not a priority anymore. But ClockSync is a great application to synchronize device's clock to NTP server. It would be great to have an API to set the clock (up to a milisecond) or have NTP sync built-in.
Add a comment...