Motorola Nexus 6 codenamed Shamu is a great Android phablet: slim design, large QHD touchscreen. 3 GB of RAM, front facing stereo speakers and most important – always decent Android operating system. As it is Nexus device with plain Android, you’ll need tons of apps until it gets handy enough but that’s the beauty – your phone your way. And to squeeze Shamu to the maximum, here’s how to root the device.

Why I wanted to root my Nexus 6 was to enable two-way call recording. That is a serious challenge as skvalex, developer of well known Call Recorder app, points out on XDA forum:

If manufacturers would implement call recording on their devices as described in the Android documentation, then the app worked on all devices. But they don’t. So I’ve to purchase many different phones to provide support for them. For example, a week ago I purchased Samsung SM-G906S to add support for Qualcomm 805 based devices, because without the device it’s not possible as there are no documentation or required source code. Even with a device it’s often not possible. On some devices the system provides distorted sound, people blame the app, but it’s manufacturer’s fault. If it was possible to fix, I’d fixed it.

Rooting device is usually 1st, but not necessarily winning step to enable two-way call recording. What is interesting, e. g. Samsung Galaxy Note 4 has call recording built-in native phone app, but it is disabled (at least in European version) due to possible law conflicts governing where and how you are (not)permitted to record. When device is rooted, you can gain this feature by simply editing one configuration XML file as this post explains. But when not, any file manager app won’t allow touching /system/csc/others.xml.

If you ask yourself whether it’s worth rooting device (and officially loosing guarantee) and what it is in essence, you might not want to do it. In short, as Android is Linux based, one of the key concepts exists: regular users run with limited permissions and capabilities while root users (or superusers, nowadays mostly sudoers) can do everything with the system from accessing system files to allowing or blocking network access, e. g. with nice open source firewall AFWall+ (source, Play download). More info about what rooting is and what manufacturers do to prevent it can be found on detailed Android Central article, so this time I won’t go into that.

Enough introduction, let’s begin the fun part.

At the moment of writing this walkthrough current Android version was 6.0.1 (MOB30M) but instructions should be valid for whole 6.x branch.

As you’re reading this walkthrough, suppose you’ve already got a Nexus 6 device waiting to get rooted. Then three more things will be needed:

You should now have two files: twrp-3.0.2-0-shamu.img and UPDATE-SuperSU-v2.76-20160630161323.zip.

First of all let’s enable USB debugging: go to Settings > About phone and tap Build number 7 times – this enables Developer options in Settings:

Developer options enabled on Android 6.0.1

Now go to Developer settings and enable USB debugging and OEM unlocking as shown in the screenshot:

USB debugging and OEM unlock enabled in Android 6.0.1

Now turn your device off and connect it to computer with USB cable. Check if Nexus device is seen by ADB by executing following in Terminal:

adb devices

Should return a list of devices attached. Now come back to physical device.

Press and hold Power and Volume down buttons simultaneously to enter phone’s fastboot mode. Leave phone for a moment and come back to terminal on computer to run following:

fastboot oem unlock

Similar output should be displayed:

gytis@pc ~ $ fastboot oem unlock
...
(bootloader) Device state transition will erase userdata.
(bootloader) Are you sure you want to continue this transition?
(bootloader) 
(bootloader) Press POWER key to continue.
(bootloader) Press VOL UP or VOL DOWN key to cancel state transition.
(bootloader) State transition confirmed!
(bootloader) Please select 'YES' on screen if you want to continue...
(bootloader) Unlocking bootloader...

(bootloader) Phone is unlocked successfully!
OKAY [ 98.988s]
finished. total time: 98.989s

If you have forgot to enable unlocking of bootloader in Android settings, output will look like this:

gytis@pc ~ $ fastboot oem unlock
...
(bootloader) Check 'Allow OEM Unlock' in Developer Options.
FAILED (remote failure)
finished. total time: 0.002s

Now it’s time to flash TWRP image into recovery partition:

fastboot flash recovery twrp-3.0.2-0-shamu.img

Successfull flashing should produce similar text:

gytis@pc ~ $ fastboot flash recovery twrp.img
target reported max download size of 536870912 bytes
sending 'recovery' (11585 KB)...
OKAY [  0.365s]
writing 'recovery'...
OKAY [  0.178s]
finished. total time: 0.543s

TWRP is installed.

Now get USB memory stick ready and copy UPDATE-SuperSU-v2.76-20160630161323.zip file to it. Also make sure USB flash contains at least 7-8 GB of free space if you are willing to make a backup (just in case). As Motorola Nexus 6 hasn’t got microSD memory card slot, we will be using USB stick connected to the phone’s microUSB port via USB OTG cable:

Motorola Nexus 6 with USB stick plugged via USB OTG

When ready, reboot your Nexus device:

fastboot reboot

Important! On many devices Android will overwrite any custom recovery image during first boot. Therefore if you wait until Android fully boots, you will loose TWRP and will have to flash it again. To install TWRP permanently, right after fastboot reboot hold hardware key combo Power + Volume down until you see Android fastboot window. Use arrow keys to navigate to RECOVERY MODE and select it by hitting Power button. Now TWRP will load:

TWRP 3.0.2-0 shamu on Motorola Nexus 6

Interface offers very smooth touch experience: options selected by tapping required item and actions confirmed or processed by swiping from right to left.

It is a good idea to navigate to Backup section and do a full backup:

TWRP full Android backup

Make sure you select USB OTG as target storage.

Next is time to install superuser management tool. Come back to home menu and select Install. Tap Select Storage and pick USB OTG as installation source:

TWRP install from USB OTG storage

And then pick SuperSU zip archive:

TWRP install zip: SuperSU

Wait a few moments and when it asks, reboot device. It will take time for Android to boot, so wait patiently. When it loads, in application drawer you should see SuperSU app:

Android 6.0.1 with SuperSU installed

Run it to verify if device is successfully rooted:

SuperSU settings

Congratulations! Now whenever certain application that is designed working as root requests superuser, SuperSU app will ask whether you want to allow it or deny:

SuperSU dialog: Titanium Backup requests root

Even though SuperSU is free to use, it is proprietary closed source application. Recently there were many speculations (XDA, Android Police, Reddit) as original developer Chainfire transfered development of SuperSU to commercial company Coding Code Mobile Technology LLC. Because superuser application is so sensitive due to root access, it is a potential risk when nobody is able to audit the software and review original source code.

As there were many stories how companies screwed nice applications (e.g.: Quick Pic), users seek for open source solution and there is only one available – Superuser. While initially developed by Koush under ClockworkMod project, it is no longer maintained. You can still grab source from GitHub and install app from Goole Play, but there are little chances it will work flawlessly on decent Android. Luckily, senior XDA member phhusson aims to keep Koush’s Superuser alive. Superuser sources are available as well as one supporting SELinux. You can download ZIP here and install it via TWRP in exactly the same way you’d setup SuperSU’s ZIP as described above. Just don’t forget to install front-end application from Google Play – the app will handle root rights requests like here:

Superuser dialog: AFWall+ requesting root rights

Using Superuser is just as easy as SuperSU because apps list and settings are very similar:

So because of being open source I’d definitely choose Superuser over SuperSU, but unfortunately SuperSU is much more polished and some apps like skvalex Call Recorder simply doesn’t work with something else then SuperSU:

skvalex Call Recorder not compatible with Superuser

So I’ll keep an eye on Superuser and look forward to when it becomes as solid as TWRP is among custom recovery tools.

There is however one drawback of having device rooted – you no longer get OTA updates (that is this nice option in Settings > About phone > System Updates).

Android OTA update

Well, in fact you will receive those updates, but an attempt to install them will fail because we have overwritten default recovery with TWRP therefore received updates cannot be applied. There’s another limitation I’ve read somewhere that when you root Android, checksums no longer match the original ones and OTA updates won’t work. Anyway, it is possible to update Android manually and I cover that in my upgrading Android on rooted device walkthough – there I describe upgrading Motorola Nexus 6 to latest Android 7 (Nougat) but it is very much the same upgrading to any Marshmallow versions.