Root Detection in Android device
Root Access is the process of allowing users smartphones, tablets and other devices running the Android mobile operating system to attain privileged control (known as root access). “Rooting” is the process by which one gains access to the administrative commands and functions of an operating system. It gives the ability (or permission) to alter or replace system applications, files, and settings, removing pre-installed applications, run specialized applications (“apps”) that require administrator-level permissions.
Why root Android Device?
Super User will get the privileged control (root access), full control over the applications installed on your handset, can remove the pre-installed application, full system backup with apps, installing a different version of Android, update with customs ROMs and many more.
Why is a rooted device potentially dangerous to users/apps?
System security and safeguards cannot be guaranteed after the root. In root, device data is at risk, including gaining access to personal information such as contact lists, emails, and other data, or collecting data like credentials and passwords. With a rooted device, a user or malicious program can elevate their permissions to root and circumvent this protection giving them access to other app’s private data.
So it is the best way to check in your application whether the device is rooted or not to avoid data theft but there’s no 100% way to check for root.
Let’s see, how to check the device is rooted or not
- Check for Test-Keys: Test-Keys has to do with how the kernel is signed when it is compiled. By default, stock Android ROMs from Google are built with release-keys tags. Test-Keys means it is signed with a custom key generated by a third-party developer. Specifically, it will check in build properties(“android.os.Build.TAGS”) for test-keys.
private boolean detectTestKeys() {
String buildTags = android.os.Build.TAGS;
return buildTags != null && buildTags.contains("test-keys");
}- Check for “su” binary: Su binary check is to identify the superuser in the device. This binary is installed when you try to root your phone using apps like kinguser or via fastboot in Android. These files are necessary so that one can root their phone and become the superuser. The existence of this binary can be checked from the following paths.
private boolean checkForSuBinary() {
return checkForBinary("su"); // function is available below
}- Check for “busybox” binary: If a device has been rooted, more often than not Busybox has been installed as well. Busybox is a binary that provides many common Linux commands. Running busybox is a good indication that a device has been rooted.
private boolean checkForBusyBoxBinary() {
return checkForBinary("busybox");//function is available below
}To check for the existence of the su or busybox binary
/**
* @param filename - check for this existence of this
* file("su","busybox")
* @return true if exists
*/
private boolean checkForBinary(String filename) {
for (String path : binaryPaths) {
File f = new File(path, filename);
boolean fileExists = f.exists();
if (fileExists) {
return true;
}
}
return false;
}- Check for SuExists: different file system check for the su binary.
/**
* A variation on the checking for SU, this attempts a 'which su'
* different file system check for the su binary
* @return true if su exists
*/
private boolean checkSuExists() {
Process process = null;
try {
process = Runtime.getRuntime().exec(new String[]
{"/system /xbin/which", "su"});
BufferedReader in = new BufferedReader(
new InputStreamReader(process.getInputStream()));
String line = in.readLine();
process.destroy();
return line != null;
} catch (Exception e) {
if (process != null) {
process.destroy();
}
return false;
}
}The following paths, Su and busybox binaries are often looked for on rooted devices.
private String[] binaryPaths= {
"/data/local/",
"/data/local/bin/",
"/data/local/xbin/",
"/sbin/",
"/su/bin/",
"/system/bin/",
"/system/bin/.ext/",
"/system/bin/failsafe/",
"/system/sd/xbin/",
"/system/usr/we-need-root/",
"/system/xbin/",
"/system/app/Superuser.apk",
"/cache",
"/data",
"/dev"
};- There are few applications which hide the root status of your Android device. Hence using the Package Manager we can check for installed apps that are typically used for managing superuser/root access. The following are the few Root cloaking and Potentially Dangerous Apps
com.devadvance.rootcloak
com.devadvance.rootcloakplus
com.koushikdutta.superuser
com.thirdparty.superuserThis is probably nowhere near a complete list, but it does show the many different ways root can be detected on Android devices.
Since a rooted device is much more at risk of being compromised, it is important to know about it. Detecting whether the device is rooted or not is essential for further security measures. There are ways to implement complex techniques but bypassing these verifications is not that difficult. It is always recommended to do not just depend on root detection techniques but secure the mobile application from all aspect of the information security.
