Android - What exactly is superuser.apk and su?

su (short for Switch User) is a binary executable. It's used by Android and other *nix based systems to allow a process to change the user account it is associated with. The reason it's important from a rooting standpoint is that su without any other parameters will switch to the root user, meaning that processes that require root permission for their functionality need to invoke su (since by default they are not being run by root).

Superuser is an Android application (.apk is an Android application package). It works as a sort of "gatekeeper" to the su binary. Applications which attempt to invoke su will be forced to route through Superuser, which will then prompt the user if it is an unknown or new application. The user then has the option of approving or denying the access to su and optionally having Superuser remember their decision so it can automatically apply it for subsequent calls by that app. By doing this, the only apps which are granted root permissions are ones that the user chooses.

The source of both applications is available on Github, and can be examined/audited by anyone who wishes to look at it (Superuser here, su here).

You can find further details - as well as changelogs - on Superuser's website.

Other related questions on Android Enthusiasts:

• How exactly does "root" user access/account works? Do all applications run as root on my phone after rooting?
• What are the security disadvantages of rooting an Android phone?
• How do I protect my phone from malicious apps once it is rooted?

The source code for Superuser is available on github, the main author of Superuser are Adam Shanks (ChainsDD) and Koushik Dutta (koush, also author of Clockwork Recovery).

Koushik Dutta explained in his blog how Superuser.apk works; note that the post is from the very earliest incarnation of the Superuser app, a lot of things have changed since then and some of what was written there are no longer correct for modern superuser/su implementation, but the basics should still be the same.

Both su and Superuser can certainly be replaced by alternatives, but it wouldn't really do much as the facility that su uses (i.e. exec() and setuid() system calls) is available to any executables, given that the executable had the proper permission bits (i.e. setuid bit is set to root). At the core, su is a very simple program, it just spawns a process as another user; the real security check is done by the kernel.

So, as long as you're getting the official, unmodified su and superuser app and they're installed properly with proper permission, you don't have anything to worry about, they're open source and safe, you can verify the source code yourself at github. However, it is certainly possible to get a trojaned superuser/su binary, so make sure that wherever you're getting your superuser/su binary is trustworthy (or compile su/superuser yourself if you're truly paranoid).