Android - Why do we need a rooted phone to capture screenshots on older versions of Android?

The answer is rather simple, it's a permissions issue.

Android uses what is called a framebuffer for the video display. The framebuffer is located at /dev/graphics/fb0. this "file", which is basically a stream that the device writes to when changes in the user interface occur, contains ~2 frames of the screen display.

The permissions on the framebuffer file is rw- rw- ---. Note that the last "group" has 3 "-"'s. That basically means that if you are not the owner (which is root) you do not have permission to even read from that file.

If there was a system installed application, that could take screenshots, it would have permission to read from the framebuffer. Which, I believe, is how the Motorola Xoom is able to take screenshots. It has an application installed on the device, as a system app.

Reading the framebuffer, for a developer, is actually simple, if they have access to read it.


Due to Android's security focus on separating all apps from each others' data, to prevent malicious apps from stealing or altering data in apps that you trust, they can't allow an app to take screenshots of other apps.

Think about how many of your apps are able to do things like OCR to translate pictures into text, I can think of at least four apps on my phone that can do this, prime example is Google Goggles OCRing book titles, and also OCRing and then translating blocks of text in foreign languages. Now think about how many of your apps put text on screen that you wouldn't want an untrustworthy app to see, I have a password database app on my phone with an encrypted database of my passwords for various systems, a malicious screensaver app could wait until that password app's running, take a picture of the screen with the login details on it, then OCR them and send them off. It could also do the same for everything in your Contacts list, even if you don't give the app permission to your Contacts database, or your browser history, or chat logs and so on. This is only one way that it could abuse access to your screen.

This is why for screenshotting to be universal it needs to be in the OS (which you already trust with all your data). This is why on phones that do have the screen shot function built-in it's been added as part of the system, not as a separate app.

If you root your phone and allow an app to take screenshots, then you are effectively saying that you implicitly trust that app to be able to do everything that the system can do, including accessing and interfering with other apps and their data, and that you totally trust it not to abuse that access. That's not something that Android's ever going to allow anything except the System/OS to do.


Short answer: Because 1) computers are Complicated and 2) the screenshot functionality is actually not very simple (for the programmer, not for the user).

In other words, taking a screenshot requires the screenshotting process to hook pretty deep into the OS internals, mess with them for a bit, and unhook again. Since Android tries to have a built-in security model (as opposed to the "bolted-on afterthought" seen in Windows), taking a screenshot trips on several security barriers. Those can be bypassed, but the only currently practical way (short of creating holes - and potential vulnerabilities - in the kernel) is to use the all-powerful root account, which is not subject to the limitations.

Tags:

Screenshots