Root detection methodology in android which cannot be bypassed

Anonymous Platypus picture Anonymous Platypus · Dec 4, 2014 · Viewed 24.2k times · Source

I know that running an app which possess sensitive information on a rooted device is not secure at all. So developers usually do root detection in such cases and if the device is found rooted,then that app won't get installed. everything is ok.

The major techniques used by developers in root detection are checking for the superuser.apk file,check for chainfire,busybox,executing su command,etc. But an attacker can simply bypass these checks by several means like renaming the superuser.apk to superuser0.apk.

So what I am looking for is a unique solution for this issue where the root detection checks cannot be bypassed by attacker. Please share your views even if such a solution doesn't exists. Because the solutions from you guys might help in atleast hardening the code of root detection.

Answer

Dheeraj Vepakomma picture Dheeraj Vepakomma · Feb 12, 2017

There is an opensource library called rootbeer and a sample app which performs the following checks to detect root.

  • CheckRootManagementApps
  • CheckPotentiallyDangerousAppss
  • CheckRootCloakingApps
  • CheckTestKeys
  • checkForDangerousProps
  • checkForBusyBoxBinary
  • checkForSuBinary
  • checkSuExists
  • checkForRWSystem