Most retail devices running the Android operating system must be rooted in order to install custom versions of the Android system such as CyanogenMod. This is because in the stock configuration (unrooted), user-installed applications do not have direct access to the flash memory chip on the device and, thus, are not able to replace or modify the operating system itself. Rooting is also necessary for certain applications and widgets that require additional system and hardware rights such as for rebooting the phone, certain backup utilities, and other access to other hardware such as status LEDs. Rooting is also needed to disable or remove manufacturer-installed applications such as City ID. Rooting the phone typically also includes installing an application called Superuser that supervises which applications are granted root rights.
In contrast to iOS jailbreaking, rooting is not needed to run applications not distributed by the official Android Market (sometimes referred to as "side-loading"). However some carriers, like AT&T, prevent the installation of applications not on the Android Market in firmware, however the new Samsung Infuse 4G from AT&T allows running applications not downloaded from the market. One of the downsides to rooting is that some phone makers consider it to be "modifying" the phone, which violates the warranty. However, as long as the phone is unrooted (the process for doing so varies by phone) before the user tries to use his or her warranty, there isn't an easy way for the warranty provider to know that the phone was previously rooted.
The process of rooting varies widely by device. It usually includes exploiting a security weakness in the firmware shipped from the factory. For example, shortly after the T-Mobile G1 was released it was quickly discovered that anything typed using the keyboard was being interpreted as a command in a privileged (root) shell. Although Google quickly released a patch to fix this, a signed image of the old firmware was leaked giving people the ability to downgrade and use the original exploit to gain root access. Once this exploit is found, a custom recovery image that does not check the digital signature of a firmware update package can be flashed. In turn, using the custom recovery, a modified firmware update can be installed that typically includes the utilities (for example the Superuserapp) needed to run apps as root.
The Google-branded Android devices, the Nexus One, Nexus S and the Galaxy Nexus, can have their boot-loaders unlocked by simply running the command "fastboot oem unlock" from a computer connected to the device while it is in boot-loader mode. After accepting a warning the boot-loader will be unlocked so that a new system image can be written directly to flash without the need for an exploit.
Recently, Motorola, LG Electronics and HTC Corporation have added security features to their devices at the hardware level in an attempt to prevent retail Android devices from being rooted. For instance, the Motorola Droid X has a security boot-loader that will put the phone in "recovery mode" if unsigned firmware is loaded onto the device. This protection was defeated 6 days after the Motorola Droid X was released to the general public.
On July 26, 2010, the U.S. Copyright office announced a new exemption making it officially legal to root a device and run unauthorized third-party applications, as well as the ability to unlock any cell phone for use on multiple carriers.