Help Busybox safe to install?

[Android Question]

Do rooted apps have access to all permissions without needing a prompt from the user in Marshmallow?
Or are they still bound to the android permissions security and will need to be granted access at runtime?

Is busybox considered a safe app to install? I need to run some utilties manually now and then.

 

[Hadron]

Busybox is perfectly safe (as long as you get it from a legitimate source, as with any software).

There aren't really "rooted apps", it's the OS that is rooted. There are apps that require root privileges to do their job, but that's all. And if you have a normal root install then what happens is that they behave like any other app until they ask for something that needs root, at which point a "gatekeeper" (e.g. SuperSU) will ask whether you are willing to give it those extra privileges.

 

[barrack]

Busybox is perfectly safe (as long as you get it from a legitimate source, as with any software).

There aren't really "rooted apps", it's the OS that is rooted. There are apps that require root privileges to do their job, but that's all. And if you have a normal root install then what happens is that they behave like any other app until they ask for something that needs root, at which point a "gatekeeper" (e.g. SuperSU) will ask whether you are willing to give it those extra privileges.

Thanks, I just noticed there there are several compilations of busybox. The opensource one looks to be the most reputable and malware free. Several need network permissions and serve up ads in the comments.

 

[scary alien]

Probably one of the most well-known and used busybox installers is the one from "Stericson" which I've used on many occasions:

https://play.google.com/store/apps/details?id=stericson.busybox​

This app is only used to install and update busybox and is not something that would necessarily need to be done often (i.e., using this app) since the busybox itself is a utility and NOT an Android app.

So, once you install it, any ads you're seeing are not at all related to the use of busybox (unless you're using the install app again--and the network access would indeed be needed to serve up any ads it might show).

----

The interplay and how "rooted" apps work is a little subtle, as @Hadron alluded to...

Here's how I would describe it:

- a "rooted" app simply makes calls (invokes) the "su" (super user) binary

- the su binary is basically a high-privilege shell (or it launches a shell with high privileges)

- the su binary invocation and launching is controlled by the SuperSU (or similar) app

- you must grant permission from/via the SuperSU app to allow said invocation of the su binary for the calling entity

- once granted, the su binary is invoked with the original command line provided to it (presumably to do something a normal, user shell is prohibited from doing)

- the app then assumes or interrogates/verifies that the request su invocation succeeds (or not) and behaves accordingly​

So, as you can see, the app itself that calls the su binary is not really rooted nor is it given any special privileges or "standing" in terms of system permissions, other than what is granted to it from the invocation of the su binary via the SuperSU app.

Clear as mud?

 

[iowabowtech]

One of the better informational threads on this topic I've seen in some time. Also, I'd add a +1 for the stericson installer.

 

[barrack]

.........

Here's how I would describe it:

- a "rooted" app simply makes calls (invokes) the "su" (super user) binary
- the su binary is basically a high-privilege shell (or it launches a shell with high privileges)
- the su binary invocation and launching is controlled by the SuperSU (or similar) app
- you must grant permission from/via the SuperSU app to allow said invocation of the su binary for the calling entity
- once granted, the su binary is invoked with the original command line provided to it (presumably to do something a normal, user shell is prohibited from doing)
- the app then assumes or interrogates/verifies that the request su invocation succeeds (or not) and behaves accordingly​

So, as you can see, the app itself that calls the su binary is not really rooted nor is it given any special privileges or "standing" in terms of system permissions, other than what is granted to it from the invocation of the su binary via the SuperSU app.
Clear as mud?

Thanks, its abit clearer. I'm alot more familiar with how unix permissions work.
So do android apps that have the root permission still need to request permissions (eg to access contacts, write to the sdcard etc) or are all permissions implicitly granted since they already have the su binary invoked?

 

[scary alien]

So do android apps that have the root permission still need to request permissions (eg to access contacts, write to the sdcard etc) or are all permissions implicitly granted since they already have the su binary invoked?

Yes, the app itself and the Java / Android APIs that it calls are still subject to the same framework and restrictions as any other app.

Again, there's absolutely nothing special about a rooted app as far as the Android application runtime environment sees or knows or is aware of--the "root" part is the app's invocation of the su binary (along with a command payload) to do something "root-y".

It's kind of like you're a customer at a bank: when you want your money, you (the app) request it from the teller (su binary) who gets it from their drawer or the vault because they've been given special permission/access to those areas, but you have not been. If the teller is new and hasn't yet been authorized (granted permission) by the bank president (i.e., the SuperSU app), they also do not have access to the cash areas.