11 replies to this topic

[perdroidus]

    My Motorola XT926 with 4.4.2 (haven't been OTA pushed to 4.4.4 yet) is unlocked and rooted thanks to guidance on this forum.  I used Towelroot, Moto-pocalypse and then SuperSU to try to control app root access. 

    My question is: since a bunch of articles recently are warning about the "Towelroot exploit" and both my Avast and Lookout antivirus modules yell that Towelroot is a Trojan/malware, should I freeze or uninstall Towelroot?  If I do will that unroot me? ( I doubt it, just looking for confirmation.) 

    Also, will removing Towelroot from my device solve the exploit problem?  I sort of doubt that, too, since the issue seems to be root access not the program itself that helped provide same.  Is this correct of not?

     I'm guessing that it's ok to delete Towelroot (although if an OTA comes along may that become a problem?) and to be extra careful about what to let SuperSU give access to.

    I'd appreciate some expert input on the Towelroot-malware warning issue.   Many thanks...

[livinginkaos]

Once you are unlocked, you don't need towel root.

Sent from my S-Offed One M8

[ibolski]

BTW, there is no 4.4.4 update. The latest soak is still on 4.4.2, but it does include 4.4.4 security patches.

[SamuriHL]

Please Login or Register to see this Hidden Content

[SamuriHL]

To answer your question, though, you should remove towel root.  As long as SuperSU replaced the su binary, you're fine.  But yes, you should be careful what you grant root to.

[RikRong]

Towelroot is an exploit, as such, you AV software will probably flag it.  There's nothing malicous with root [exploits], but they will allow you to do a lot of bad things to your phone, if you're not careful.

[SamuriHL]

Towelroot is an exploit, as such, you AV software will probably flag it.  There's nothing malicous with root [exploits], but they will allow you to do a lot of bad things to your phone, if you're not careful.

 

I need to correct you here as this is extremely wrong.  Towel root....you installed an app on your phone, ran it, and pressed a magical button that installed unmanaged root on your phone.  Other than installing, loading, and pressing the button on the app, there was no other interaction by you. Now let's decide I'm a malware author.  I decompile towel root, pull out the guts of it, stick it in an app called "Free Understated Collateral Knowledge".apk.  I tell you this app will search vast knowledge bases to find intelligent answers to your most undying questions.  You sideload my app.  And you run it.  And you find out....it points you to google.com. So you uninstall my app.  However, what you didn't know is that I installed an unmanaged root exploit using towel root's root mechanism (hey, I skipped the whole press the button to make it work thing....how nice of me) and then used unmanaged root to blast a ton of malware onto your device.  You're welcome!  

 

Think that's impossible?  It's not.  Not even close.  Root exploits are the same exploits malware authors use to infect your phone.  To say there's nothing malicious is naive because it's all a matter of perspective and who's exploiting it.  It's a security hole, plain and simple.  Yes, it gives you root in a nice easy to use press the button app.  But, it can also open you up to nasty crap just as easily....if not more easily.

[perdroidus]

Thanks!

[mamawm]

Well, maybe I should uninstall towelroot off this g2. Thanks Sam for that explaination.

[SamuriHL]

I just want to be clear...towel root itself is not the problem.  it is not a malicious app.  It's designed for rooting your phone in a controlled manner.  I.E. you have to DO something to root your phone with towel root.  My warning is about the vulnerability that towel root uses to gain root access.  That same vulnerability can be exploited maliciously to install malware on your device.  I recommended removing towel root to the OP poster because they are running a version of Android that is no longer vulnerable to towel root's exploit.  IOW, there's no reason to keep it on their phone.  In fact, once you root with towel root, there's no reason to keep it on period.  You've already achieved root.

[RikRong]

Yeah, maybe I didn't phrase that correctly, but see exactly what you are saying. It was the same reason I had troubles downloading the tools to root the Droid I picked up to mess around with last year. My PCs AV kept flagging the exploits and stopping my DL. Sorry if I misled anyone.😃 Sent from my HTC6525LVW using Tapatalk

[SamuriHL]

Please Login or Register to see this Hidden Content

 

See my point?