Well known Android developer Koushik “Koush” Dutta has taken the wraps of the first beta for his new open source “ClockworkMod Superuser” application. This application is used to control the root-level permissions on “rooted” Android devices, giving the user the ability to individually allow and disallow applications which ask for root permissions.
Unfortunately, ChainsDD’s Superuser, while originally one of the tools that made rooted Android possible, has stagnated considerably. New Android features, such as the multi-user mode added in 4.2, are not supported in Superuser, and updates in general have been spotty at best (the last update to Superuser in the Play Store was July 2012).
Chainfire’s SuperSU on the other hand has developed very quickly, and has a number of excellent features. But there is a very big problem with SuperSU…it isn’t open source. It seems few people in the community are aware of this, but while SuperSU’s license allows it to be distributed in custom Android ROMs, the source is not available, and ROM maintainers are stuck with binary builds.
Entrusting your device’s security to a closed source application, especially when the majority of the operating system is open source software, is completely asinine. Koush had the following to say:
Superuser should be open source. It’s the gateway to root on your device. It must be open for independent security analysis. Obscurity (closed source) is not security.
- Multiuser support
- Leverages Android’s permission model
- Logging (and per app logging)
- Pretty UI
- PIN Protection
- Request Timeout
- Customize notifications
- x86 and ARM support.
- Handle concurrent su requests properly
- NDK clean
Finally, the whole goal of this project in the first place, the source code, is available now on GitHub. Noticeably absent from the GitHub repository is any information on licensing, so it looks like that might still be up in the air at this point.