0

I'm using following code for root detection in Android device. But still my security expert saying it can be installed and run in rooted device. Could someone detect what the issue with my code

public static boolean isDeviceRooted() {
  // get from build info
  String buildTags = android.os.Build.TAGS;
  if (buildTags != null && buildTags.contains("test-keys")) {
    return true;
  }
  return checkFiles() || checkLocations();
  }
   private static boolean checkFiles(){
String[] files = {
    "/system/app/Superuser.apk",
    "/system/etc/init.d/99SuperSUDaemon",
    "/dev/com.koushikdutta.superuser.daemon/",
    "/system/xbin/daemonsu"
};
for (String fileData : files) {
    try {
        File file = new File(fileData);
        if (file.exists()) {
            return true;
        }
    } catch (Exception e1) {
          // ignore
    }
}
return false;
  }
   private static boolean checkLocations(){
String su = "su";
String[] locations = {
    "/system/bin/",
    "/system/xbin/",
    "/sbin/",
    "/system/sd/xbin/",
    "/system/bin/failsafe/",
    "/data/local/xbin/",
    "/data/local/bin/",
    "/data/local/",
    "/system/sbin/",
    "/usr/bin/",
    "/vendor/bin/"
};
for (String location : locations) {
    if (new File(location + su).exists()) {
        return true;
    }
}
return false;
  }
someone
  • 6,577
  • 7
  • 37
  • 60
  • Advice? What is the problem? And what is the question? – blackapps Nov 01 '21 at 09:48
  • https://github.com/scottyab/rootbeer – ashu Nov 01 '21 at 09:49
  • 1
    Superuser is pretty outdated, modern devices are all rooted via Magisk. But with root permissions you can hide everything from an app. Perform at least Google SafetyNet check and validate the result on server side. – Robert Nov 01 '21 at 09:49
  • "security expert saying it can be installed". Is installing or running the requirement? because preventing installing is impossible I think. As for running, maybe this question helps: https://stackoverflow.com/questions/27540545/how-to-prevent-rooted-android-phones-from-installing-my-app – Ivo Nov 01 '21 at 09:50
  • @Robert you comment was useful SafetyNet has several limitations, hence checking for alternative solutions. – someone Nov 01 '21 at 10:32
  • Google SafetyNet check is the only solution that can not bypassed (on some devices) as it is executed in TEE. Therefore there is no alternative providing the same. – Robert Nov 01 '21 at 11:09

0 Answers0