> For the complete documentation index, see [llms.txt](https://docs.talsec.app/appsec-articles/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.talsec.app/appsec-articles/glossary/root-detection/what-is-root-detection.md). # What is Root Detection? **Root detection** is a security mechanism used by Android applications to determine if a device has been **rooted** — meaning the user has obtained **superuser (root)** access to the operating system. For apps that handle sensitive data (like banking or enterprise apps), it’s important to know if the device is rooted because a rooted device **no longer adheres to the standard security model** that Android enforces. The **purpose of root detection** is to protect applications and data from the risks associated with rooted devices. If an app detects that the phone is rooted, it may respond by **refusing to run or by limiting certain features** to safeguard information. For example, many financial apps will stop working or show a warning if they sense the device is rooted. By doing so, the app prevents attackers (or even the user) from exploiting the elevated privileges that come with rooting to compromise the app’s security. In short, root detection is about **ensuring the app is running in a trusted environment** — if the device is deemed untrusted (rooted), the app can take precautions or block usage to **protect sensitive data and operations**. Root detection involves scanning the device to identify markers or modifications that suggest it has been rooted. This might include checking for altered system files, the presence of superuser binaries (like the su binary), or any known indicators of rooting tools such as **Magisk** or Franco Kernel Manager app. Essentially, it verifies that the device’s operating system is in its intended, secure state. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.talsec.app/appsec-articles/glossary/root-detection/what-is-root-detection.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.