Root Detection
Root detection is a set of runtime checks a mobile application performs to determine whether the underlying device has been rooted (Android) or jailbroken (iOS), indicating that the operating system's security controls have been weakened or removed.
Rooting an Android device or jailbreaking an iOS device grants the user superuser privileges that bypass the operating system's built-in sandboxing. While some users root devices for legitimate customisation, the same elevated access allows malicious software to read other applications' private data stores, inject code into running processes, and intercept encrypted communications.
Mobile applications that handle financial transactions, healthcare records, or authentication tokens commonly implement root detection to reduce exposure on compromised devices. Detection techniques include checking for the presence of superuser binaries such as su or magisk, looking for known jailbreak file paths, verifying that the system partition has not been remounted as read-write, and testing whether the application can execute privileged commands.
Because attackers actively develop bypass tools like Magisk Hide and Liberty Lite, a single detection check is rarely sufficient. A layered strategy combines multiple heuristic checks, integrity verification of the application binary, and server-side risk scoring that factors the device's trust level into authorisation decisions. When root is detected, the application can respond on a spectrum from displaying a warning to refusing to launch, depending on the risk profile of the data it processes.