How to Detect Root on Flutter

If your Flutter app runs on a rooted Android phone, attackers can tamper with it, inject malicious code, or bypass security checks. Root detection helps you protect sensitive data and maintain app integrity.

What is rooting?

Rooting removes Android’s built-in restrictions and grants privileged (root) access to the device. With root access, users (or attackers) can:

• Modify your app’s code or memory.

• Inject malicious libraries using tools like Magisk or Xposed.

• Bypass key protections such as SSL pinning.

It’s like removing the lock from your front door — anyone can walk in, change things, or steal information.

How common is rooting?

About 0.03% of Android devices are rooted. That may sound small, but at global scale it still means millions of devices. If your app handles sensitive data, you can’t ignore this risk.

How to detect rooted device?

Attackers use advanced tools like Magisk and Shamiko to hide root access. Simple checks like

• Detection of suspicious binaries

• Detection of suspicious processes

• Check for elevated permissions

may catch older roots, but they quickly become outdated. Building your own detection logic is time-consuming and hard to maintain. Basic techniques involve.

While building your own solution offers control, it’s not recommended due to the time, effort, and expertise required to keep up. A better option is to use an actively maintained SDK that evolves with new attack methods.

freeRASP (free library by Talsec)

• Strong detection (including Magisk 29 and Shamiko).

• Active maintenance with frequent updates.

• 14 additional detections : app integrity, Frida (runtime injection), hooking, emulator use, debugging, screenshots, etc.

• Used by 6000+ apps; #1 Mobile RASP SDK by popularity (link)

Integration example

final threatCallback = ThreatCallback(
      onPrivilegedAccess: () => print('Root/Jailbreak detected'),
      ...
);

Talsec.attachListener(...);
Talsec.instance.start(...);