0

Many banks and video streaming services don't allow root on Android devices.

My question is

  1. Is it the app itself that detects root and refuses to work at some stage (for example by refusing to call the associated internet service)?
  2. Is it the internet service that somehow directly or indirectly probes your device to see if it is rooted and if so instructs the app to disconnect or display some error message?

I guess this might interest people for which the app Hide Root doesn't work with some service providers.

Jens
  • 101
  • 1
  • 1
    I doubt that a server could probe you for the presence or lack of superuser access... it'd be an unforgivable breach of security if anyone out there could see if you are rooted, don't you agree? No, the apps are those who check for the presence of root privileges. – Grimoire Oct 14 '16 at 20:28
  • 1
    Root detection is device side, by the app making a request to SafetyNet (part of Google Play Services), which makes the determination if your device is rooted or not. In the last couple weeks there was mandatory, background update to SafetyNet... Suhide, RootCloak, and Magisk are all detected now. As of this post, there is no work around. – acejavelin Oct 14 '16 at 21:39
  • @acejavelin Wait, what? Noooooooo! Oh well, it may be (un)fixed yet.... – Dan Brown Oct 14 '16 at 23:07

1 Answers1

1

Banks detecting root devices is a bit disturbing but then again Java script is very powerful when abused. Perhaps get a browser with better privacy options.

  1. Usually root detection is performed on the target device when the application loads. @acejavelin summed it up best in above comments.

I'd suggest to any reader concerned about apps probing for permissions on rooted Android to check into Xprivacy module for Xposed. This and Donkey Guard, both are fantastic for disabling or modifying access to entire features of the device on a per-app basis. Generally I prefer Xprivacy because device specifics can be forged much easier.

One short note on security with Xposed; it's not really secure. Lots of permissions and portions of processing are exposed to the device's user.

  1. Reporting (if any) is done over the network. While it's possible to attempt detection from the server side it's very noisy and would cause lose of trust with customers.

There's another option with root reporting, run a firewall that doesn't allow the application to report out to it's servers. Though for some this will brake functionality when not allowed network access.

  1. Bonus option "Advance Freeze" with ROM toolbox Pro

While the above linked options are free and nearly full featured this last suggestion isn't... but it's worth it to freeze features of an application outright. Some apps crash but most will just limp on without privacy invading features or adverts enabled.

S0AndS0
  • 203
  • 1
  • 3
  • 9