How to check root access in android?

Question

I created a method for checking whether the android phone is rooted or not. This is done as follows

public int checkrootcommand(String string) {
    // TODO Auto-generated method stub
    Process exec;
    try {

        exec = Runtime.getRuntime().exec(new String[]{"su","-c"});

        final OutputStreamWriter out = new OutputStreamWriter(exec.getOutputStream());
        out.write("exit");
        out.flush();

        Log.i(SUPER_USER_COMMAND, "su command executed successfully");
        return 0; // returns zero when the command is executed successfully
    } catch (IOException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }  
    return 1; //returns one when the command execution fails
}

But the problem is that the method checkrootcommand() is executed first it works perfectly, but when the same method called again the superuser session is still running. Is there any way to end the superuser session once the method is executed??

Answer 1

There is no reliable means of detecting a rooted condition on a device where hardware protections have been overcome by exploiting software vulnerabilities.

At best you can detect the presence of particular toolsets or scan for things that aren't supposed to be there or changes in files that are - but that requires knowledge of what a given installation should look like, and assumes that the OS functionality you are using to make the checks hasn't been modified to hide the changes.

To reliably scan, you need to be sure trusted code runs at a lower level than untrusted code; a rooted device is one where this assurance has been fundamentally broken, or where the end user is trusted more than you the developer are.

Answer 2

In your case, you should kill the process after executing it for the job which is done before returning. The following changes to your code should do the thing.

public int checkrootcommand(String string) {
    // TODO Auto-generated method stub
    Process exec = null;
    try {

        exec = Runtime.getRuntime().exec(new String[]{"su","-c"});

        final OutputStreamWriter out = new OutputStreamWriter(exec.getOutputStream());
        out.write("exit");
        out.flush();

        Log.i(SUPER_USER_COMMAND, "su command executed successfully");
        return 0; // returns zero when the command is executed successfully
    } catch (IOException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } finally {
        if (exec != null) {
            try {
                exec.destroy();
            } catch (Exception ignored) {
            }
        }
    }
    return 1; //returns one when the command execution fails
}

You may not be able to universally detect whether phone is rooted or not but you should be able to request and then confirm is your app can access root by running id as root e.g., su -c id validate if the command executed successfully and the output contains uid=0 i.e., the uid of the root user.