DerScanner
Home / Vulnerability Database / Android : Incorrect rooting detection
Android

Android : Incorrect rooting detection

Classification

OWASP Mobile Top 10 2016
M9-Reverse Engineering
OWASP Top 10 2021
A4-Insecure DesignA8-Software and Data Integrity Failures
OWASP ASVS
Access ControlAccess ControlAccess ControlAccess Control
CWE
CWE-345CWE-602CWE-656CWE-693

Overview

It is not recommended to check the results of the SafetyNet Attestation API directly in the mobile application, because in this case there is no guarantee that the validation logic has not been changed.

In the context of anti-reversing, the goal of root detection is to make running the app on a rooted device a bit more difficult, which in turn blocks some of the tools and techniques reverse engineers like to use.

References

  1. Checklist for a SafetyNet Attestation API integration
  2. Android Root Detection Techniques
  3. CWE-693: Protection Mechanism Failure
MEDIUM

DerScanner Severity Score

Do you want to fix Android : Incorrect rooting detection in your application?

See also

Android

Android : Debug mode on

Android

Android : Error handling: generic exception

Android

Android : HTTP usage