0

Using the Android Management API, I would like to identify if a device has been rooted.

I found the attribute "devicePosture" and the possible values for this attribute are listed in this documentation here.

However, for me, it was not clear what these items mean.

For example:

  1. Does the type "POTENTIALLY_COMPROMISED" mean that the device is rooted or just had its bootloader unlocked?
  2. Does the "AT_RISK" type mean that you have a virus version of android (or something similar)?

Thank you for your help.

Sergio Ferreira
  • 1
  • Does this answer your question? [Determine if running on a rooted device](https://stackoverflow.com/questions/1101380/determine-if-running-on-a-rooted-device) – Arthur Attout Aug 02 '21 at 20:08

1 Answers1

0

You can check this link , Also to answer some of your questions with regards to device posture.

The value of the security posture determines the current device state and the policies applied. Or in other terms it reflects how secure the device is

1.) “POTENTIALLY_COMPROMISED” value means that either SafetyNet's ctsProfileMatch check or basicIntegrity check fail or this device may be compromised and corporate data may be accessible to unauthorized actors. It covers both bootloader unlocked and rooted scenarios[1].

2.) "AT_RISK” value means that both SafetyNet's ctsProfileMatch check and basicIntegrity check pass but fails to meet requirements set by the policy (e.g. device's password state, etc.).

To determine whether what fails you can check the PostureDetail, SecurityRisk Value

[1] To understand what SafetyNet's ctsProfileMatch and basicIntegrity fields mean, you can check this link, which also explains what scenarios correspond to the combination of the value of the two checks.

rsiason
  • 156
  • 5