Mobile Root Detection (Android).

Defensive checks an Android app runs to determine whether it is executing on a rooted device — typically by probing for su binaries, Magisk files, busybox, dangerous build properties, or hardware-attested integrity verdicts. Cette notion relève de la catégorie Sécurité mobile en cybersécurité.

Defensive checks an Android app runs to determine whether it is executing on a rooted device — typically by probing for su binaries, Magisk files, busybox, dangerous build properties, or hardware-attested integrity verdicts.

Mobile root detection is the AppSec practice of checking, at runtime, whether the current Android device has been rooted — meaning a user or attacker can obtain superuser privileges and therefore inspect or modify app state. Detection techniques include filesystem checks for `/system/xbin/su`, `/system/bin/su`, `/sbin/su`, `magisk`, `superuser.apk`; mount-options checks (looking for `rw` on partitions that should be read-only); build-property checks (`ro.debuggable=1`, test-keys); installed-package checks (`com.topjohnwu.magisk`, `com.koushikdutta.superuser`); and process-list / loaded-library checks for Frida and Xposed. Because all of these can be defeated by sufficiently determined attackers using Magisk DenyList or Zygisk hooks, modern best practice is to combine local heuristics with server-side hardware attestation (Play Integrity API STRONG verdicts) and to treat root detection as a signal in an anti-fraud score rather than as a hard gate that blocks legitimate users with custom ROMs they trust. OWASP MASVS controls MSTG-RESILIENCE-1 through 4 codify this layered approach.

Les défenses contre Mobile Root Detection (Android) combinent habituellement des contrôles techniques et des pratiques opérationnelles, comme détaillé dans la définition ci-dessus.

Noms alternatifs courants : Root detection, Android root check.