4

Possible Duplicate:
Determine if running on a rooted device

On Launch of the application, I want to detect if the device running is rooted. Is there proper way of detecting it?

I don't think trying to write a file to '\data' to see if rooted is a good solution. (Since even rooted devices may have that path unprivileged)

Community
  • 1
  • 1
jclova
  • 5,466
  • 16
  • 52
  • 78

2 Answers2

5

At the end of the day, you can't. A rooted device may be modified in any way, and thus can completely hide whatever it wants from you. In practice you could look at some of the standard root builds to find features they have or characteristics you can look at... but there is no way to guarantee that whatever you do will actually detect a "rooted" device.

hackbod
  • 90,665
  • 16
  • 140
  • 154
  • is that mean a rooted device can also make below code: Process proc = Runtime.getRuntime ().exec ( "su" ); fail? – jclova Aug 27 '10 at 18:00
  • yes there are softwares available that simulate that phone is not rooted by not granting you access of super user :) – AZ_ Jan 27 '11 at 04:49
  • @hackbod On http://developer.android.com/guide/publishing/licensing.html#app-obfuscation it says "For example, a copy-protected application cannot be downloaded from Market to a device that provides root acces..." - how is the root check done there? Through strong obfuscated check logic? Thanks. – Mathias Conradt Oct 11 '11 at 03:54
  • That copy protection is deprecated. – hackbod Oct 13 '11 at 03:15
0

you could try to do 

Process proc = Runtime.getRuntime ().exec ( "su" );

if that throws an exception or proc is null then they don't have root

Ryan Conrad
  • 6,870
  • 2
  • 36
  • 36
  • 2
    Untrue. It merely means that __this particular__ mechanism of launching a root process was not permitted __to that application__ during __that attempt__. If you tried this in an application that didn't advertise itself as being for rooted devices, a lot of users would be notified of and quite alarmed by the request, and would probably report your app as malware. – Chris Stratton May 24 '11 at 02:44
  • 1
    I would NOT use that solution either. – Kevin Parker Nov 11 '11 at 17:33
  • 1
    That also, with devices with SuperSU, throws up a "Grant Root Access" dialog. – Graeme Apr 07 '14 at 10:01
  • This will create zombie processes after 3rd or 4th app run with this check. This will slow the device and you will definitely need to restart it. – blueware Jan 23 '17 at 07:32
  • This is also a really bad idea as stated here: https://twitter.com/gsuberland/status/1029653985572077568 "Not just ineffective but also a security flaw. It checks for su by executing it. So if you'd like to run a process in the context of the BitFi app you can now, by putting a binary called su in path. The destroy call at the end doesn't kill the process either. And if I recall correctly it's possible to delete a binary on Linux/Android even when there's a running process from it (unlike on Windows) so the malicious su can delete itself and the app will continue none the wiser on restart." – MarioVilas Aug 15 '18 at 10:34