Menu
The following method is one of the ways we can programatically detect if an android device is rooted:
public boolean checkRootMethod1(){
String buildTags = android.os.Build.TAGS;
if (buildTags != null && buildTags.contains("test-keys")) {
return true;
}
return false;
}
Can someone explain what this is actually doing? What is the "test-keys" build tag, and what does it have to do with root? I couldn't find any relevant information from google.
597
String buildTags = android.os.Build.TAGS; This code is for getting build.prop located in /system/build.prop. As you can see you are getting android.os.Build.TAGS that means you are getting ro.build.tags value inside build.prop. here is the code of build.java
We can bypass the root detection logic with adb shell of the device and hide/replace the root files and directories in the device With the help of apps and frameworks such as Xposed, RootCloak, etc. we will have to disallow apps to read the root detection from your rooted device
Hence, there is no single check that detects all types of rooting methods. Hence, implementing multiple checks will ensure a higher detection rate. Most detection apps simply try to run su or perform basic checks. Root Inspector uses multiple methods of root detection. There are 15 root checks via SDK (Java) and 13 checks via NDK (Native Code).
Another common way used by security experts for root detection is to search for applications that are commonly found on a rooted device. Some of such examples are Busyboy, Titanium Backup, Xposed Manager, Luckypatcher. Similarly, we can also use the shell to confirm some of the apps too.
Release-Keys and Test-Keys has to do with how the kernel is signed when it is compiled. Release-Keys means it was signed with an official Key from an official developer. Test-Keys means it was signed with a custom key generated by a third-party developer. From a security standpoint Release-Keys generally means the kernel is more secure, which is not always the case.
116
String buildTags = android.os.Build.TAGS;
This code is for getting build.prop located in /system/build.prop. As you can see you are getting android.os.Build.TAGS that means you are getting ro.build.tags value inside build.prop. here is the code of build.java
For your second question I can not make sure it will work because my ro.build.tags string is release-keys in my rooted device.
28
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
