How to Detect Root on React Native
Need to secure your React Native app against rooted devices? Start here.
If you are deploying a React Native app on Android, you will inevitably encounter a formidable challenge: the rooted device. Root access represents a significant security vulnerability that demands a robust response. Ignoring this threat is not an option, particularly if your application handles sensitive data or performs critical business functions.
What is Root?
Rooting removes Android’s built-in restrictions and grants privileged (root) access to the device. With root access, users (or attackers) can:
Modify your app’s code or memory.
Inject malicious libraries using tools like Magisk or Xposed.
Bypass key protections such as SSL pinning.
It’s like removing the lock from your front door — anyone can walk in, change things, or steal information.
How common is rooting?
About 0.03% of Android devices are rooted. That may sound small, but at global scale it still means millions of devices. If your app handles sensitive data, you can’t ignore this risk.
How to Detect Rooted Device?
There are simple checks like:
Detection of suspicious binaries
Detection of suspicious processes
Check for elevated permissions
These may catch older roots, but they quickly become outdated. Building your own detection logic is time-consuming and hard to maintain. Basic techniques involve.
While building your own solution offers control, it’s not recommended due to the time, effort, and expertise required to keep up. A better option is to use an actively maintained SDK that evolves with new attack methods.
DIY Coding Guide
You can implement yourself simple root detection like this:
import RNFS from 'react-native-fs';
const detectSuBinary = async () => {
// Common paths where the 'su' binary may exist on rooted devices
const suPaths = [
'/system/bin/su',
'/system/xbin/su',
'/sbin/su',
'/system/su',
'/system/bin/.ext/su',
'/system/usr/we-need-root/su',
'/system/app/Superuser.apk',
];
for (const path of suPaths) {
try {
// RNFS.exists returns a promise that resolves to a boolean
const exists = await RNFS.exists(path);
if (exists) {
console.log(`Potential root detected: su binary found at ${path}`);
return true;
}
} catch (error) {
// Ignore errors for inaccessible paths or permissions issues
}
}
return false;
};
export default detectSuBinary;Use freeRASP (free library by Talsec)
With freeRASP, the root detection utilizes hundreds of advanced checks, offering robust detection even with hiding methods applied.
Strong detection (including Magisk 29+, Hide My Applist and Shamiko).
Active maintenance with frequent updates.
14 additional detections : app integrity, Frida (runtime injection), hooking, emulator use, debugging, screenshots, etc.
Used by 6000+ apps; #1 Mobile RASP SDK by popularity (link)
Integration Example
Add the freeRASP in your project, focus on implementing the following callback:
import { useFreeRasp } from 'freerasp-react-native';
// reactions for detected threats
const actions = {
// Android & iOS
privilegedAccess: () => {
console.log('privilegedAccess');
},
}
const config = ...
useFreeRasp(config, actions);Commercial Alternatives
When evaluating mobile app security and Runtime Application Self-Protection (RASP), developers often compare various Talsec alternatives to find the right fit for their architecture. The "right choice" depends on the specific problem you need to tackle and which vendor offers the best bang for your buck.
The market is diverse, offering different philosophical approaches to protection. Talsec prioritizes top-tier root detection and a balanced security SDK portfolio covering the most popular attack vectors. Meanwhile, some vendors specialize primarily in heavy code obfuscation and compiler-based hardening, while others focus on a drag-and-drop (no-code) integration experience for DevOps-oriented teams. There are also solutions dedicated specifically to API security, active cloud hardening, enterprise compliance, or gaming protection. The most prominent providers alongside Talsec include Guardsquare, Appdome, Promon, Build38, Approov, and AppSealing.
Key Takeaway
Rooted devices grant attackers privileged access, allowing them to tamper with apps, inject malicious code, or bypass critical protections like SSL pinning. Detection doesn’t have to be DIY or error-prone—simple checks for su binaries or elevated permissions are easily bypassed. Tools like freeRASP provide reliable, continuously updated detection with hundreds of advanced checks, letting you respond proactively to root threats and maintain app integrity.
👉 If you want root detection plus jailbreak, Frida, emulator, debugging, screenshot, and tampering protection in one free package, start with freeRASP by Talsec.
Handle App Security with a Single Solution! Check Out Talsec's Premium Offer & Plan Comparison!
Plans Comparison
https://www.talsec.app/plans-comparison
Premium Products:
RASP+ - An advanced security SDK that actively shields your app from reverse engineering, tampering, rooting/jailbreaking, and runtime attacks like hooking or debugging.
AppiCrypt (Android & iOS) & AppiCrypt for Web - A backend defense system that verifies the integrity of the calling app and device to block bots, scripts, and unauthorized clients from accessing your API.
Malware Detection - Scans the user's device for known malicious packages, suspicious "clones," and risky permissions to prevent fraud and data theft.
Dynamic TLS Pinning - Prevents Man-in-the-Middle (MitM) attacks by validating server certificates that can be updated remotely without needing to publish a new app version.
Secret Vault - A secure storage solution that encrypts and obfuscates sensitive data (like API keys or tokens) to prevent them from being extracted during reverse engineering.
Last updated
Was this helpful?