Mobile Root Detection (Android).

Defensive checks an Android app runs to determine whether it is executing on a rooted device — typically by probing for su binaries, Magisk files, busybox, dangerous build properties, or hardware-attested integrity verdicts. 它属于网络安全的 移动安全 分类。

Defensive checks an Android app runs to determine whether it is executing on a rooted device — typically by probing for su binaries, Magisk files, busybox, dangerous build properties, or hardware-attested integrity verdicts.

Mobile root detection is the AppSec practice of checking, at runtime, whether the current Android device has been rooted — meaning a user or attacker can obtain superuser privileges and therefore inspect or modify app state. Detection techniques include filesystem checks for `/system/xbin/su`, `/system/bin/su`, `/sbin/su`, `magisk`, `superuser.apk`; mount-options checks (looking for `rw` on partitions that should be read-only); build-property checks (`ro.debuggable=1`, test-keys); installed-package checks (`com.topjohnwu.magisk`, `com.koushikdutta.superuser`); and process-list / loaded-library checks for Frida and Xposed. Because all of these can be defeated by sufficiently determined attackers using Magisk DenyList or Zygisk hooks, modern best practice is to combine local heuristics with server-side hardware attestation (Play Integrity API STRONG verdicts) and to treat root detection as a signal in an anti-fraud score rather than as a hard gate that blocks legitimate users with custom ROMs they trust. OWASP MASVS controls MSTG-RESILIENCE-1 through 4 codify this layered approach.

针对 Mobile Root Detection (Android) 的防御通常结合技术控制与运营实践,详见上方完整定义。

常见的别称包括: Root detection, Android root check。