- 23 Dec 2024
- 1 Minute à lire
- SombreLumière
- PDF
Root detection
- Mis à jour le 23 Dec 2024
- 1 Minute à lire
- SombreLumière
- PDF
Rooting is the process of circumventing security measures of the operating system. This is usually performed by the device user to customize the device beyond of what the manufacturer allows.
Attackers can 'root' a device to bypass the Android application sandbox. This can grant attackers access to data that is stored on the device, which would otherwise be restricted. Similarly, malware can exploit known weaknesses within Android to gain elevated permissions on a device while it is running.
Since a rooted device has a higher risk of being compromised, it is important to know about this. Even if the application can be configured to allow execution on rooted devices, detecting whether the device is rooted or not is essential for further security measures.
Root detection can be performed in several ways, such as checking for well-known indicators of root files, processes, and other anomalies. Root detection is inherently a "cat-and-mouse" game between new rooting techniques and rooting detection methods.
App Shielding implements several layers and levels of root detection mechanisms to handle most well-known approaches as well as more heuristics type indicators that are looking for symptoms of a rooted device rather than conclusive evidence. Newer versions of Android restrict the ability to detect certain types of rooting due to a stricter app security sandbox being enforced on the detection mechanism itself.