Tim Bray at Android developers blog responded to an article in Engdaget “Nexus S has been rooted, let the madness commence!” proclaims Engadget. “This’s only possible because Android’s security is crap and it’s exploited easily to gain root priviledges [sic]” adds a commenter.
The Nexus S, like the Nexus One before it, is designed to allow enthusiasts to install custom operating systems. Allowing your own boot image on a pure Nexus S is as simple as running fastboot oem unlock. It should be no surprise that modifying the os can give you root access to your phone. Hopefully that’s just the beginning of the changes you might make.
Legitimately gaining root access to your device is a far cry from most rooting exploits. Traditional rooting attacks are typically performed by exploiting an unpatched security hole on the device. Rooting isn’t a feature of a device; rather, it’s the active exploitation of a known security hole.
Android has a strong security strategy, backed by a solid implementation. By default, all Android apps are sandboxed from each other, helping to ensure that a malicious or buggy app cann’t interfere with another. All apps are required to declare the permissions they use, ensuring the user is in control of the info they share. And yes, we aggressively fix known security holes, including those that can be used for rooting.