How to protect Android device from being rooted?

Question

I want to build an app with DeviceAdmin privileges and pre-install it on devices, that will go to my users.

What I want is: to protect the app from being uninstalled. To do so, I'm placing it into the system directory.

The problem is: user can root the device and uninstall my app.

The question is: What could be the potential solution? Is it possible to somehow protect the device from being rooted?

why would anyone not like to uninstall the app if the user is not interested in keeping that? — Abdul Waheed, Dec 04 '17 at 10:23
If somebody has physical access to your device, and is not in a controlled environment (e.g. your office) - you cannot prevent them doing anything to the device. — , Dec 04 '17 at 10:23
@AnuarSerikov Have you tried [this](https://stackoverflow.com/questions/1101380/determine-if-running-on-a-rooted-device) solution?? — Harshad Prajapati, Dec 04 '17 at 10:25
@HarshadPrajapati, that solution helps device to determine if the phone is rooted. What I need - is to disallow the root in the first place :) — Anuar Serikov, Dec 04 '17 at 10:30
@AbdulWaheed you can suppose that the app itself is a tool, that will control devices of employees in a corporate environment — Anuar Serikov, Dec 04 '17 at 10:31
@Bilkokuya so you're sure that there's no any solution (if phone is not in controlled environment)? — Anuar Serikov, Dec 04 '17 at 10:32
It's just common sense and logical to know that you cannot prevent a rooting process. Especially it's not possible with an app. The Process of rooting means exploiting the privileges in the kernel level. The only way to slightly "prevent" this is to disallow installing apps on the phone, then to disallow people to take the phone out of the office and finally to disallow phones to be connected to computers. But as the others already said. Generally it's impossible to protect from this. — Nico, Dec 04 '17 at 10:36
@AnuarSerikov This would be much easier if you could give us a rough outline of who's getting the devices, where, and why they need the app on them. A corporate environment sounds controlled to me; rooting is only a real issue if you're distributing devices to the public/people who have no contractual obligation to you. (note - people don't like losing their jobs) — , Dec 04 '17 at 10:38
@Bilkokuya in my case, 'corporal' can be read as 'public'. Thanks :) — Anuar Serikov, Dec 04 '17 at 10:45
@AnuarSerikov Then there is absolutely no way to protect your devices outside of strong contracts and the ability of your lawyers to enforce them (not cheap). I'd suggest figuring out what an affordable loss-rate will be and factoring for that. — , Dec 04 '17 at 10:51
@AnuarSerikov No problem. Glad to help and as a side note with the view of an end user. We hate apps pre-installed that we can't uninstall. The reason I rooted all my phones. No Adware or bloatware. ( If not job/company enforced ) — Nico, Dec 04 '17 at 10:58
It might be possible with some brands with limitation of unlocking the bootloader first to root the device as you can limit users to tick the Unlock Bootloader option in developer options of a phone or to disable the working of a phone if that option is ticked but in many phones, you can root a phone without even interacting with the application software of a phone directly by interacting with system software that is Recovery without even booting up the phone which makes it almost impossible to prevent. Hope you find something which works for you. — Lalit Fauzdar, Dec 04 '17 at 11:19
And as Nico said, even I've rooted many phones just to uninstall system bloatware. You should've some post-rooting measures to prevent users from rooting just like disabling the phone, limiting functionalities, locking the phone which can only be unlocked by you or a specific person deployed by you, deleting the data etc... — Lalit Fauzdar, Dec 04 '17 at 11:22
@LalitSinghFauzdar how can I lock the phone after it's rooted? Is it possible? :) — Anuar Serikov, Dec 04 '17 at 12:00
You can get everything you want to know [here](https://developer.android.com/guide/topics/admin/device-admin.html). Also, you can look at [this tutorial](http://gadgetcreek.com/android-working-lock-screen-device-administration-api/). Just detect root and lock the device. — Lalit Fauzdar, Dec 04 '17 at 13:09
@LalitSinghFauzdar but that will be stored as an app on the phone, right? And if someone gets root access to the device, he/she will be able to remove that app before it locks the phone — Anuar Serikov, Dec 05 '17 at 06:15
Not at all. You have the device, you can do anything with it. Make your app system app by moving it into system partition, create and start a service in it which checks for SU permissions, the moment user roots his phone, the service will detect SU permissions and as your app is the administrator, just lock the phone instantly. It's an easy DIY. — Lalit Fauzdar, Dec 05 '17 at 06:37
@LalitSinghFauzdar that sounds promising. Does it also protect the device from being reset to factory settings or wiped? Or even re-installed a different ROM? — Anuar Serikov, Dec 05 '17 at 07:23
I've rooted many phones and have installed custom/stock roms in many phones and I've experienced No app can prevent a user from flashing a ROM or resetting/wiping it because that mainly works by interacting with Recovery and even the newest Android 8.0 doesn't have any security measure to prevent anyone from wiping someone's phone. So it's a big NO, you just can't prevent anyone from entering in the Recovery menu. But as you've noticed, wiping any phone from recovery nowadays asks for last connected google account which still can be bypassed in many phones. — Lalit Fauzdar, Dec 05 '17 at 08:19
But yes, flashing ROM/Recovery does need the Unlock bootloader option to be ticked in developer options and that something you can't bypass. So, if you can lock this option or disable developer options, you can atleast prevent the user from flashing Rom/Recovery. — Lalit Fauzdar, Dec 05 '17 at 08:21

How to protect Android device from being rooted?

0 Answers0