Mobile Root Detection (Android).

Defensive checks an Android app runs to determine whether it is executing on a rooted device — typically by probing for su binaries, Magisk files, busybox, dangerous build properties, or hardware-attested integrity verdicts. サイバーセキュリティの モバイルセキュリティ カテゴリに属します。

Defensive checks an Android app runs to determine whether it is executing on a rooted device — typically by probing for su binaries, Magisk files, busybox, dangerous build properties, or hardware-attested integrity verdicts.

Mobile root detection is the AppSec practice of checking, at runtime, whether the current Android device has been rooted — meaning a user or attacker can obtain superuser privileges and therefore inspect or modify app state. Detection techniques include filesystem checks for `/system/xbin/su`, `/system/bin/su`, `/sbin/su`, `magisk`, `superuser.apk`; mount-options checks (looking for `rw` on partitions that should be read-only); build-property checks (`ro.debuggable=1`, test-keys); installed-package checks (`com.topjohnwu.magisk`, `com.koushikdutta.superuser`); and process-list / loaded-library checks for Frida and Xposed. Because all of these can be defeated by sufficiently determined attackers using Magisk DenyList or Zygisk hooks, modern best practice is to combine local heuristics with server-side hardware attestation (Play Integrity API STRONG verdicts) and to treat root detection as a signal in an anti-fraud score rather than as a hard gate that blocks legitimate users with custom ROMs they trust. OWASP MASVS controls MSTG-RESILIENCE-1 through 4 codify this layered approach.

Mobile Root Detection (Android) に対する防御は通常、上記の定義で述べたとおり、技術的統制と運用上の実践を組み合わせます。

一般的な別名: Root detection, Android root check。