mobsf.mobsfscan.best_practices.root_detection.android_root_detection

profile photo of MobSFMobSF
Author
unknown
Download Count*
License

This app does not have root detection capabilities. Running a sensitive application on a rooted device questions the device integrity and affects users data.

Run Locally

Run in CI

Defintion

rules:
  - id: android_root_detection
    patterns:
      - pattern-either:
          - pattern: |
              $J.isJailBroken(...)
          - pattern: |
              $R.isDeviceRooted(...)
          - pattern: |
              $R.isRooted(...)
          - pattern: |
              RootTools.isAccessGiven(...)
          - pattern: |
              $MTD.contains("test-keys")
    message: This app does not have root detection capabilities. Running a sensitive
      application on a rooted device questions the device integrity and affects
      users data.
    languages:
      - java
    severity: INFO
    metadata:
      cwe: cwe-919
      owasp-mobile: m8
      masvs: resilience-1
      reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1
      license: LGPL-3.0-or-later
      vulnerability_class:
        - Other