Android Rooting: Methods, Detection, and Evasion

San-Tsai Sun ; Andrea Cuadros ; Konstantin Beznosov

14 October 2015

Abstract: Android rooting enables device owners to freely customize their own devices and run useful apps that require root privileges. While useful, rooting weakens the security of Android devices and opens the door for malware to obtain privileged access easily. Thus, several rooting prevention mechanisms have been introduced by vendors, and sensitive or high-value mobile apps perform rooting detection to mitigate potential security exposures on rooted devices. However, there is a lack of understanding whether existing rooting prevention and detection methods are effective. To fill this knowledge gap, we studied existing Android rooting methods and per- formed manual and dynamic analysis on 182 selected apps, in order to identify current rooting detection methods and evaluate their effectiveness. Our results suggest that these methods are ineffective. We conclude that reliable methods for detecting rooting must come from integrity-protected kernels or trusted execution environments, which are difficult to bypass.

Keyword(s): Android OS ; Rooting ; Detection ; Evasion

Published in: San-Tsai Sun, Andrea Cuadros and Konstantin Beznosov. Android Rooting: Methods, Detection, and Evasion. Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, October 2015.:

The record appears in these collections:
Refereed Conference Papers

 Record created 2015-10-14, last modified 2015-10-14

Download fulltextPDF Download fulltextPDF (PDFA)
Rate this document:

Rate this document:
(Not yet reviewed)