Maintaining Root via Custom Android Kernel Across Over-The-Air Upgrade

  • Huang Zucheng
  • Liu Lu
  • Li Yuanzhang
  • Zhang Yu
  • Zhang QikunEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11334)


People can obtain the highest privileges and control devices by Android root. However, an Android phone has been rooted, it is difficult for the user to update the Android system. Aiming at these problems, this paper proposes a maintaining root via custom Android kernel across Over-The-Air (OTA) upgrade. By customizing the kernel in boot and recovery, the boot will be replaced with rooted boot after updating automatically, so that system not only can be updated successfully but also maintain root. Experiments show that there is no abnormal between rooted mobile with a customized kernel and normal mobile during a minor system update.


Custom kernel Root privilege System update 



This work was supported by The Fundamental Research Funds for Beijing Universities of Civil Engineering and Architecture (Response by ZhangYu), and also Excellent Teachers Development Foundation of BUCEA (Response by ZhangYu), and also National Key R&D Program of China (No. 2016YFC060090).


  1. 1.
    Gasparis, I., Qian, Z., Song, C., Krishnamurthy, S.V.: Detecting android root exploits by learning from root providers. In: 26th USENIX Security Symposium (USENIX Security 17), pp. 1129–1144. USENIX Association (2017)Google Scholar
  2. 2.
    Kapoor, R., Agarwal, S.: Sustaining superior performance in business ecosystems: evidence from application software developers in the iOS and android smartphone ecosystems. Organ. Sci. 28(3), 531–551 (2017)CrossRefGoogle Scholar
  3. 3.
    Jo, H.J., Choi, W., Na, S.Y., Woo, S., Lee, D.H.: Vulnerabilities of android OS-based telematics system. Wirel. Pers. Commun. 92(4), 1511–1530 (2017)CrossRefGoogle Scholar
  4. 4.
  5. 5.
  6. 6.
    Salehi, M., Daryabar, F., Tadayon, M.H.: Welcome to binder: a kernel level attack model for the binder in android operating system. In: 2016 8th International Symposium on Telecommunications (IST), pp. 156–161. IEEE (2016)Google Scholar
  7. 7.
    Guri, M., Poliak, Y., Shapira, B., Elovici, Y.: JoKER: trusted detection of kernel rootkits in android devices via JTAG interface. In: 2015 IEEE Trustcom/BigDataSE/ISPA, vol. 1, pp. 65–73. IEEE (2015)Google Scholar
  8. 8.
    Zhu, R., Tan, Y.-A., Zhang, Q., Li, Y., Zheng, J.: Determining image base of firmware for ARM devices by matching literal pools. Digit. Invest. 16, 19–28 (2016)CrossRefGoogle Scholar
  9. 9.
    Ju, M., Kim, H., Kang, M., Kim, S.: Efficient memory reclaiming for mitigating sluggish response in mobile devices. In: 2015 IEEE 5th International Conference on Consumer Electronics-Berlin (ICCE-Berlin), pp. 232–236. IEEE (2015)Google Scholar
  10. 10.
    Chen, W., Xu, L., Li, G., Xiang, Y.: A lightweight virtualization solution for android devices. IEEE Trans. Comput. 64(10), 2741–2751 (2015)MathSciNetCrossRefGoogle Scholar
  11. 11.
    Zhang, X., Tan, Y.-A., Zhang, C., Xue, Y., Li, Y., Zheng, J.: A code protection scheme by process memory relocation for android devices. Multimedia Tools Appl. 77(9), 11137–11157 (2018)CrossRefGoogle Scholar
  12. 12.
    Xue, Y., Zhang, X., Yu, X., Zhang, Y., Tan, Y.-A., Li, Y.: Isolating host environment by booting android from OTG devices. Chin. J. Electron. 27(3), 617–624 (2018)CrossRefGoogle Scholar
  13. 13.
    Samsung Odin. Accessed 30 May 2018
  14. 14.
    Tan, Y.-A., et al.: A root privilege management scheme with revocable authorization for android devices. J. Netw. Comput. Appl. 107(4), 69–82 (2018)CrossRefGoogle Scholar
  15. 15.
    TWRP. Accessed 30 May 2018
  16. 16.
    Corral, L., Georgiev, A.B., Janes, A., Kofler, S.: Energy-aware performance evaluation of android custom kernels. In: 2015 IEEE/ACM 4th International Workshop on Green and Sustainable Software (GREENS), pp. 1–7. IEEE (2015)Google Scholar
  17. 17.
    Zhu, R., Zhang, B., Mao, J., Zhang, Q., Tan, Y.-A.: A methodology for determining the image base of ARM-based industrial control system firmware. Int. J. Crit. Infrastruct. Prot. 16(3), 26–35 (2017)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Huang Zucheng
    • 1
  • Liu Lu
    • 1
  • Li Yuanzhang
    • 1
  • Zhang Yu
    • 2
    • 3
  • Zhang Qikun
    • 4
    Email author
  1. 1.School of Computer Science and TechnologyBeijing Institute of TechnologyBeijingChina
  2. 2.School of Electrical and Information Engineering and Beijing Key Laboratory of Intelligent Processing for Building Big DataBeijing University of Civil Engineering and ArchitectureBeijingChina
  3. 3.State Key Laboratory in China for GeoMechanics and Deep Underground Engineering (Beijing)China University of Mining and TechnologyBeijingChina
  4. 4.Department of Computer and Communication EngineeringZhengzhou University of Light IndustryZhengzhouChina

Personalised recommendations