Rooting (Android)
What is Rooting (Android)?
Rooting (Android)Gaining unrestricted superuser (root) privileges on an Android device, bypassing the protections enforced by the Linux kernel, SELinux, and the Android verified boot chain.
Rooting Android usually means installing a su binary and a manager such as Magisk so any app can request elevated privileges, often after unlocking the bootloader and flashing a custom boot image. Modern Android resists this through Verified Boot (AVB), SELinux in enforcing mode, dm-verity, and the Play Integrity API, which signals to relying apps that a device is no longer in a verified state. Rooting gives users full control of the system, but it also breaks app sandbox isolation, can disable Google SafetyNet/Play Integrity attestation, and is a favorite escalation step for Android malware families such as BRATA and SharkBot. Banking, MDM, and DRM apps commonly refuse to run on rooted devices.
● Examples
- 01
A user unlocks the bootloader and uses Magisk to gain root and hide that fact from Play Integrity.
- 02
An Android trojan asks the user to grant Magisk root in order to read SMS messages used for 2FA.
● Frequently asked questions
What is Rooting (Android)?
Gaining unrestricted superuser (root) privileges on an Android device, bypassing the protections enforced by the Linux kernel, SELinux, and the Android verified boot chain. It belongs to the Mobile Security category of cybersecurity.
What does Rooting (Android) mean?
Gaining unrestricted superuser (root) privileges on an Android device, bypassing the protections enforced by the Linux kernel, SELinux, and the Android verified boot chain.
How does Rooting (Android) work?
Rooting Android usually means installing a su binary and a manager such as Magisk so any app can request elevated privileges, often after unlocking the bootloader and flashing a custom boot image. Modern Android resists this through Verified Boot (AVB), SELinux in enforcing mode, dm-verity, and the Play Integrity API, which signals to relying apps that a device is no longer in a verified state. Rooting gives users full control of the system, but it also breaks app sandbox isolation, can disable Google SafetyNet/Play Integrity attestation, and is a favorite escalation step for Android malware families such as BRATA and SharkBot. Banking, MDM, and DRM apps commonly refuse to run on rooted devices.
How do you defend against Rooting (Android)?
Defences for Rooting (Android) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Rooting (Android)?
Common alternative names include: Android root.
● Related terms
- mobile-security№ 562
Jailbreak (iOS)
The process of bypassing Apple's code-signing and sandbox restrictions on an iPhone or iPad so the user can install software that Apple has not approved.
- mobile-security№ 693
Mobile App Sandbox
An operating-system enforced boundary that limits what files, IPC, and APIs a mobile application can access, so a compromised app cannot easily reach other apps' data.
- mobile-security№ 047
Android Malware
Malicious software that targets the Android operating system, typically distributed through sideloaded APKs, dropper apps on Google Play, or compromised third-party stores.
- mobile-security№ 046
Android Debug Bridge (ADB)
A command-line developer tool, part of the Android SDK, that lets a host computer communicate with an Android device or emulator over USB or TCP to install apps, read logs, and run shell commands.
- mobile-security№ 697
Mobile Device Management (MDM)
Software that lets an organization enroll, configure, monitor, and remotely wipe iOS, Android, macOS, and Windows endpoints from a central console.
- mobile-security№ 694
Mobile App Security
The practice of designing, building, and testing iOS and Android applications to protect user data, prevent reverse engineering, and resist runtime tampering.