Even though hardware manufacturers try to impose enough restrictions to restrict access to the root, hackers have always found different ways to get access to the root. The process of rooting varies depending on the underlying device manufacturer; however, rooting any device usually involves exploiting a security bug in the device's firmware, then copying the su (superuser) binary to a location in the current process's path (/system/xbin/su), and granting it executable permissions with the chmod command.

For the sake of simplicity, imagine that an Android device has three to four partitions, which run programs not entirely related to Android (Android being one among them).

The boot loader is present in the first partition and is the first program that runs when the phone is powered on. The primary job of this boot loader is to boot other partitions and load the Android partition, commonly referred to as ROM by default. To see the boot loader menu, a specific key combination is required, such as holding the power button and pressing the volume up button. This menu provides options for you to boot into other partitions, such as the recovery partition.

The recovery partition deals with installing upgrades to the phone, which are written directly to the Android ROM partition. This is the mode that you see when you install any official update on the device. Device manufacturers make sure that only official updates are installed through the recovery partition. This means that bypassing this restriction would allow you to install/flash any unlocked Android ROM. Modified recovery programs are those that not only allow an easier rooting process, but also provide various options that are not seen in the normal recovery mode. The following screenshot shows the normal recovery mode:

The following screenshot shows the modified recovery mode:

The most commonly used recovery program in the Android world is Clockwork recovery, also called ClockworkMod. Most rooting methods begin by flashing a modified recovery to the recovery partition. After that, you can issue an update, which can root the device; however, you don't need to perform all the actions manually, as software is available for most models that can root your phone with a single click.

Starting from Android 7.x, Google started strictly enforcing verified boot on devices. Verified boot guarantees that the software on the device is not modified before booting into the normal mode. This is implemented in such a way that each stage verifies the integrity and authenticity of the next stage before executing it. If a particular partition or segment is modified, the integrity check fails and the mobile may not boot into normal mode. More information about verified boot can be found at https://source.android.com/security/verifiedboot/verified-boot.

This also means that rooting such Android devices is going to be extremely difficult because rooting involves tweaking the Android OS. Marshmallow was the first Android version to provide alerts on system integrity, but since Android 7.x, this has been made mandatory.