diff --git a/app/src/main/java/sh/sar/isodroid/root/RootManager.kt b/app/src/main/java/sh/sar/isodroid/root/RootManager.kt
index e159616..e2b818b 100644
--- a/app/src/main/java/sh/sar/isodroid/root/RootManager.kt
+++ b/app/src/main/java/sh/sar/isodroid/root/RootManager.kt
@@ -6,13 +6,26 @@
 package sh.sar.isodroid.root
 
 import com.topjohnwu.superuser.Shell
+import sh.sar.isodroid.BuildConfig
 import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.withContext
 
 object RootManager {
 
+    /**
+     * Escapes a string for safe use in shell commands.
+     * Uses single quotes and escapes any single quotes within the string.
+     * This prevents command injection via $(), ``, ;, &&, ||, etc.
+     */
+    fun shellEscape(s: String): String {
+        // Single quotes prevent all shell interpretation except for single quotes themselves
+        // To include a single quote, we end the single-quoted string, add an escaped single quote, and start a new single-quoted string
+        // Example: "test'file" becomes 'test'\''file'
+        return "'" + s.replace("'", "'\\''") + "'"
+    }
+
     init {
-        Shell.enableVerboseLogging = true
+        Shell.enableVerboseLogging = BuildConfig.DEBUG
         Shell.setDefaultBuilder(
             Shell.Builder.create()
                 .setFlags(Shell.FLAG_MOUNT_MASTER or Shell.FLAG_REDIRECT_STDERR)