Mobile Root Detection (Android).

Defensive checks an Android app runs to determine whether it is executing on a rooted device — typically by probing for su binaries, Magisk files, busybox, dangerous build properties, or hardware-attested integrity verdicts. Es gehört zur Kategorie Mobile Sicherheit der Cybersicherheit.

Defensive checks an Android app runs to determine whether it is executing on a rooted device — typically by probing for su binaries, Magisk files, busybox, dangerous build properties, or hardware-attested integrity verdicts.

Mobile root detection is the AppSec practice of checking, at runtime, whether the current Android device has been rooted — meaning a user or attacker can obtain superuser privileges and therefore inspect or modify app state. Detection techniques include filesystem checks for `/system/xbin/su`, `/system/bin/su`, `/sbin/su`, `magisk`, `superuser.apk`; mount-options checks (looking for `rw` on partitions that should be read-only); build-property checks (`ro.debuggable=1`, test-keys); installed-package checks (`com.topjohnwu.magisk`, `com.koushikdutta.superuser`); and process-list / loaded-library checks for Frida and Xposed. Because all of these can be defeated by sufficiently determined attackers using Magisk DenyList or Zygisk hooks, modern best practice is to combine local heuristics with server-side hardware attestation (Play Integrity API STRONG verdicts) and to treat root detection as a signal in an anti-fraud score rather than as a hard gate that blocks legitimate users with custom ROMs they trust. OWASP MASVS controls MSTG-RESILIENCE-1 through 4 codify this layered approach.

Schutzmaßnahmen gegen Mobile Root Detection (Android) kombinieren typischerweise technische Kontrollen und operative Praktiken, wie in der Definition oben beschrieben.

Übliche alternative Bezeichnungen: Root detection, Android root check.