Plot twist: could a rooted device be actually safer than a non-rooted one?

Question

For almost 10 years, I have been using Linux based operating systems, so I know very well how giving root access to applications may be a security issue.

However, from my searches regarding Android, I have found the following information, relevant to this question:

If you root the device yourself, you generally install SuperSU too, which will ask you whether it should allow root access to applications when requested.

There are malware which can root a device from inside, and will use su without you ever knowing. I remember the first time I rooted a device, and it was an APK which would exploit security vulnerabilities.

So, by taking into consideration the two presented points, in the case that a malware is successful in rooting my device, and I don't have SuperSU installed, wouldn't my system be more vulnerable, since now any application can request root access without my knowledge?

— Teresa e Junior | Sources

Answer

You misunderstand the logic of su binary.

Android doesn't have an su command like other Linux distros do. The su binaries we use on Android are added to the /system (for pre-6.0 versions) and they are customized to work with the GUI application (such as SuperSU)

So when you run an application that wants to run as root, it sends out a call to su binary. Binary checks the list generated by the GUI app to see if you have a preset choice for the application such as allow, deny or prompt. If you don't have a preset choice for that specific app then it checks your default choice and acts accordingly.

There isn't one universally accepted su binary. Any developer that develops apps like SuperSU or Superuser (GUI apps) crafts their own su binary in a way that it'll work with the GUI app.

So if a malware flashes its own su binary, it will be customized in a way that it won't ask or notify you in any way whether you are rooted before that or not.

You can check my other answers from here, here and here for extra information about root systematics of Android.

— SarpSTA | Sources

Q & A

Why apps are launching slowly?

Lockdown pro suddenly stopped working. Is there anyway to un/reinstall?

Android Connected to Multiple WiFi

Restore "loud volume, long periods" notification in Lollipop

Find out over the network if Android device is active

Unable to bluetooth pair Galaxy S5 with BG-BluBox

Issue with flashing gapps in CM13 for OnePlusOne (bacon)

Factory reset for every Cyanogenmod Update?

Pros and cons of rooting using apps ("Soft Root") compared to other methods ("Hard Root")

Is there any bank account details sharing android app available?

How can I make a controller work on my android tablet using an OTG cable?

Anyone know where memos are stored on a Samsung Galaxy S6?

Is there any SSH OS support in Android?

Bought a new battery, do I need to calibrate it?

If I flash stock and unroot via Nexus Root Toolkit... will this turn off usb debugging?

Marshmallow Time Drift bug

Custom notification for whatsapp group

How to get rid of search bar on home screen in 6.0

Fire Tablet FreeTime sometimes takes a long time to start an app

If a paid app stops working, can I get my money back?

Topics

2D Engines 3D Engines 9-Patch Action Bars Activities ADB Advertisements Analytics Animations ANR AOP API APK APT Architecture Audio Autocomplete Background Processing Backward Compatibility Badges Bar Codes Benchmarking Bitmaps Bluetooth Blur Effects Bread Crumbs BRMS Browser Extensions Build Systems Bundles Buttons Caching Camera Canvas Cards Carousels Changelog Checkboxes Cloud Storages Color Analysis Color Pickers Colors Comet/Push Compass Sensors Conferences Content Providers Continuous Integration Crash Reports Credit Cards Credits CSV Curl/Flip Data Binding Data Generators Data Structures Database Database Browsers Date & Debugging Decompilers Deep Links Dependency Injections Design Design Patterns Dex Dialogs Distributed Computing Distribution Platforms Download Managers Drawables Emoji Emulators EPUB Equalizers & Event Buses Exception Handling Face Recognition Feedback & File System File/Directory Fingerprint Floating Action Fonts Forms Fragments FRP FSM Functional Programming Gamepads Games Geocaching Gestures GIF Glow Pad Gradle Plugins Graphics Grid Views Highlighting HTML HTTP Mocking Icons IDE IDE Plugins Image Croppers Image Loaders Image Pickers Image Processing Image Views Instrumentation Intents Job Schedulers JSON Keyboard Kotlin Layouts Library Demos List View List Views Localization Location Lock Patterns Logcat Logging Mails Maps Markdown Mathematics Maven Plugins MBaaS Media Menus Messaging MIME Mobile Web Native Image Navigation NDK Networking NFC NoSQL Number Pickers OAuth Object Mocking OCR Engines OpenGL ORM Other Pickers Parallax List Parcelables Particle Systems Password Inputs PDF Permissions Physics Engines Platforms Plugin Frameworks Preferences Progress Indicators ProGuard Properties Protocol Buffer Pull To Purchases Push/Pull QR Codes Quick Return Radio Buttons Range Bars Ratings Recycler Views Resources REST Ripple Effects RSS Screenshots Scripting Scroll Views SDK Search Inputs Security Sensors Services Showcase Views Signatures Sliding Panels Snackbars SOAP Social Networks Spannable Spinners Splash Screens SSH Static Analysis Status Bars Styling SVG System Tags Task Managers TDD & Template Engines Testing Testing Tools Text Formatting Text Views Text Watchers Text-to Toasts Toolkits For Tools Tooltips Trainings TV Twitter Updaters USB User Stories Utils Validation Video View Adapters View Pagers Views Watch Face Wearable Data Wearables Weather Web Tools Web Views WebRTC WebSockets Wheel Widgets Wi-Fi Widgets Windows Wizards XML XMPP YAML ZIP Codes