Detecting rooted or jailbroken devices

Rooting/jailbreaking is a technique of acquiring privileged control over the operating system of an Android/iOS device. While most users root their devices to overcome the limitations put on the devices by the manufacturers, it also enables those with malicious intent to abuse privileged access and steal sensitive information. Many different attack vectors require privileged access to be performed. Tools such as Magisk, Shamiko, Shad0w or Dopamine can hide privileged access and are often used by attackers.

Learn more about the root detection and jailbreak detection.

Learn more about root and jailbreak detection in our glossary.

freeRASP uses various checks to detect whether the device is rooted or jailbroken. It detects not only rooted/jailbroken devices but also looks for the presence of their hiders (e.g., Magisk Hide, Shamiko, Shad0w, Dopamine).

From our data, around 0.5% - 1% of devices have traces of rooting and jailbreaking. Keep that in mind when choosing the appropriate reaction type.

Below are code snippets demonstrating root and jailbreak detection across various platforms:

// Root detection on Android
override fun onRootDetected() {
    TODO("Not yet implemented")
}

// iOS jailbreaking detection
case jailbreak

// Flutter root and jailbreak detection
onPrivilegedAccess: () => print("Privileged access")

// Cordova root and jailbreak detection
privilegedAccess: () => {
    // Place your reaction here
}

// React Native root and jailbreak detection
privilegedAccess: () => {
    // Place your reaction here
}

// Capacitor root and jailbreak detection
privilegedAccess: () => {
    // Place your reaction here
}

Recommended action: Notify users that their device is insecure and log the event on your BE. Some of the applications (mostly banking) are often even killed upon the detection of this threat.

PreviousThreat Detection NextEmulator detection

Last updated 8 months ago