Device Rooting

Why should you care if your device is rooted?

Rooting your device gives you admin access ƒand control that allows you to load software or OS versions that were initially incompatible, to improve the device’s performance and more. However, this comes at a cost. Obtaining admin access on your device suppresses security policies the OS puts in place to protect your data from leaking. Malware may detect when a device is rooted and may use the elevated permission rights to make malicious content seem legitimate, to steal user data, or even to alter system files corrupting your device.

To make things even worse, certain malware exhibits the ability to root your device without you knowing. This could mean that your device might be rooted and you don’t even know it. Would you feel comfortable if a malicious app had admin access on your device?

Admin access would allow opening your camera or microphone without you realizing, transferring your data to a third-party server, or sending messages on your behalf. Admin access essentially means that a superuser may be doing everything that you would normally do, and more, without you ever getting to know.

Rooting is a big deal. It is so big that for years Android has been battling with malicious apps to detect such attempts. Google’s SafetyNet scans your device for any malicious apps and releases security patches every month.  SafetyNet can however only scan applications that were installed through the PlayStore and cannot do much on rooted devices as these checks are suppressed.

What Antistalker checks for?

More than half of the apps published on app stores do not implement the recommended security requirements, imposing a threat at the user’s data. This threat is multiplied when the device is rooted, meaning that sensitive user information and access tokens may fall in the wrong hands.

Antistalker’s mission is to protect the user’s data privacy and therefore implements several checks to determine If your device is rooted or whether its security is at risk by detecting the improper configuration of security settings or apps that might be used to root your device.

In particular, the following checks are performed. Not all checks are equally threatening and therefore your device may come upƒ√ as not rooted even if one of these checks raises security concerns:

  • Check for Device Rooting Apps

    This indicator states that Antistalker located a known rooting or cloaking package on your device.

    It is highly recommended to review your device’s app security report and remove apps you do not recognize.

  • Check for Rooting Binaries

    This indicator states that Antistalker located a binary file that may provide elevated user access on your device or may be used to root your device.

    Check your device folders for any binaries you do not recognize and remove them.

  • Check Improperly Released Packages

    This indicator states that a test key is found on your device, meaning that an installed app does not specify a signing key.

    This indicator does not imply serious risk, but it means that the app does not bear a verified signing key by the developer.

  • Check for Development Packages

    This indicator states that a development key is found on your device, meaning that an installed app is signed by a developer’s key.

    This indicator does not imply serious risk.

  • Detect Development Keys

    This indicator states that an installed app is not signed with a release key. Only the verified developer may sign the app with the release key.

    You are advised to review your device’s app security report and remove apps you do not recognize

  • Check Dangerous Device Properties

    This indicator states that your phone’s OS might be in debuggable mode.

    You are recommended to review your device’s security settings. An app running in debuggable mode may reveal sensitive app information to other apps.

  • Check Device Security Properties

    This indicates that your device’s boot file may be altered.

    This may indicate that your device is tampered. Check for other indicators and consider resetting your device.

  • Check superuser Access

    This indicator states that a superuser exists on the device. Superuser access indicates that a third party may access your data without you knowing.

    You are highly advised to back up your data and reset your phone to its factory state.

  • Check for superuser APK

    This indicator states that Antistalker located a known rooting or cloaking package on your device.

    It is highly recommended to review your device’s app security report and remove apps you do not recognize.

  • Check for the superuser binary

    This indicator states that superuser access is possible on your device.

    You are advised to back up your data and reset your phone to its factory state.

  • Check for embedded OS

    This indicator states that busybox is found on your device, allowing your device to run an embedded OS. Busybox could introduce security issues as the embedded OS cannot be controlled by your device’s OS.

    It is known that manufacturers use busybox in different ways. Ignore this indicator if everything else seems to be running properly.

  • Check for rooting frameworks

    This indicator states that a framework used to root a device is detected on your phone.

    You are advised to check the findings of the App Security Report.

  • Check for reset device fingerprint properties

    This indicator states that Antistalker identified a stored file in your data folder that is used to reset the fingerprint of an app.

    You are advised to review the installed apps and data folder and remove files you do not recognize.

  • Paths that should be read-only

    This indicator states that system folders are no longer read only. This may indicate significant risks to your device and data.

    You are advised to back up your data and reset your phone to its factory state.
  • Check for Man In the Middle Attacks

    This indicator states that your device is potentially hooked, meaning that your phone’s data may be mirrored on a third party device.

    You are highly advised to back up your data and reset your phone to its factory state.