Detecting rooted or jailbroken devices
Rooting/jailbreaking is a technique of acquiring privileged control over the operating system of an Android/iOS device. While most users root their devices to overcome the limitations put on the devices by the manufacturers, it also enables those with malicious intent to abuse privileged access and steal sensitive information. Many different attack vectors require privileged access to be performed. Tools such as Magisk, Shad0w or Dopamine can hide privileged access and are often used by attackers.
freeRASP uses various checks to detect whether the device is rooted or jailbroken. It detects not only rooted/jailbroken devices but also looks for the presence of their hiders (e.g., Magisk, Shad0w, Dopamine).
From our data, around 0.5% - 1% of devices have traces of rooting and jailbreaking. Keep that in mind when choosing the appropriate reaction type.
Below are code snippets demonstrating root and jailbreak detection across various platforms:
Recommended action: Notify users that their device is insecure and log the event on your BE. Some of the applications (mostly banking) are often even killed upon the detection of this threat.
Last updated