The Fairphone community is asking questions about the rootablity of the Fairphone 2. I will try to explain some of the considerations we have to make when allowing to root your phone or not. But first I need to explain a little more what we are talking about.
Android security model
For this discussion it is important to understand how application (apps) are installed, started and are prohibited from doing harmful things.
Applications in Android are cryptographically signed by their author before they are put in the application store (app store). When a user decides to install an application he will typically accept the permissions that the application requests, and if so, a privileged Android component will install the application package (APK) on the user’s phone. By doing so, the application installer will write the granted permissions in a location on the phone where the application itself is not allowed to write. This is intended to prevent an application from modifying its own permissions.
In short, there are different applications on a running phone and the security model allow you to be able to put some trust in running an application: An application that does not have the permission to read contacts cannot read your contacts. The digital signature also allows the developer to prove to the system that he is the original author and this grants him the permissions to update its own application. This is simply a mechanism that the Android developers created to prevent different applications to impersonate each other and to force applications to declare the permissions that they need.
Another design choice of Android is to assume that the system partition can only be modified by performing a system update (it puts more trust and privileges in applications installed there). The other partition, the data partition, will contain apps and data for applications downloaded via the app store. This data partition is writable but different applications are prohibited from accessing one another’s data.
The danger with this security model is that it assumes the above. e.g. content can not be modified without the correct permissions and the system folder is read only. Applications like Superuser are specially designed to work around this model and they do this in such a way that application isolation is lost.
Root access breaks the Android security model and hence should only be used with care. There are good reasons for wanting root access, but in general the current Android security model is not designed to allow this type of freedom to users and/or applications. It is a bit like driving without a security belt or going mountain climbing without a safety line, it gives you more flexibility but is not a very wise thing to do. Secondly, companies like Google and application developers of security sensitive applications (e.g. banking apps) require a non-rooted device.
The Android security model is designed to separate applications from each other and this is a good thing, specially when running banking apps next to less trustworthy apps on the same device.
In general, it is difficult to balance the needs of the average user who benefits from Android’s built-in security mechanisms and the user who wants more freedom. Companies like Google and application developers expect their code to run on a trustworthy device and will only provide their services on such devices.
Fairphone has made the conscious choice not to offer an option to root the device on its Google-services enabled software.
That being said, we are working on a user-installable Google-free version of Android called Fairphone Open Source OS where we give more freedom to users. For this version we will make it easier for users to enable root access and install applications like SuperUser but will not include Google services. We welcome discussion on how to best offer SuperUser access in the open source version available at Fairphone Open — FAIRPHONE open source documentation.
We are working to have this open source user-installable version ready soon, but we are not announcing a timeline for launch yet.