device-root/com.pingidentity.device.root.detector/FileDetector

FileDetector

abstract class FileDetector : TamperDetector

Abstract base class for detecting device tampering by checking for the presence of specific files.

This detector works by searching for files that are commonly found on rooted or compromised devices across various system directories. Subclasses must provide the list of suspicious filenames to check for through the getFilenames method.

The detector searches through a comprehensive list of system paths including:

  • Standard system directories (/system/bin/, /system/xbin/)

  • Root-specific locations (/su/bin/, /system/usr/we-need-root/)

  • Local data directories (/data/local/, /data/local/bin/)

  • Cache and development directories

  • All paths from the system PATH environment variable

Common files that might indicate tampering include:

  • su (superuser binary)

  • busybox (comprehensive Unix utilities)

  • magisk (systemless root manager)

  • Root management app binaries

  • Custom recovery tools

The scoring system returns a Double value:

  • 1.0 indicates at least one suspicious file was found (high confidence of tampering)

  • 0.0 indicates no suspicious files were found

Example usage:

class RootFileDetector : FileDetector() {
    override fun getFilenames(): List<String> {
        return listOf("su", "busybox", "magisk", "supersu")
    }
}
Content copied to clipboard

See also

Inheritors

Constructors

Link copied to clipboard
constructor()

Types

Link copied to clipboard
object Companion

Functions

Link copied to clipboard
open suspend override fun analyze(context: Context): Double

Determines if the device has been tampered with by checking for suspicious files.

Link copied to clipboard
abstract fun getFilenames(): List<String>

Provides the list of filenames to check for tampering detection.