device-root/com.pingidentity.device.root.detector/NativeDetector

NativeDetector

class NativeDetector(var logger: Logger = Logger.WARN) : FileDetector

Native JNI-based detector for identifying device tampering through file system checks.

This detector extends FileDetector and uses native C/C++ code through JNI (Java Native Interface) to perform more sophisticated and harder-to-bypass file existence checks. The native implementation can potentially detect files even when Java-level file system access is restricted or monitored.

The detector specifically looks for the "su" (superuser) binary, which is the primary indicator of root access on Android devices. By using native code, it can:

Bypass Java-level security restrictions
Perform low-level file system operations
Be more difficult for anti-detection tools to hook or bypass

The native library "tool-file" must be available and properly linked for this detector to function. If the library fails to load, the detector gracefully degrades and returns 0.0 for all checks.

The scoring system returns a Double value:

1.0 indicates at least one suspicious file was found (high confidence of tampering)
0.0 indicates no suspicious files were found or native library unavailable

Example usage:

val detector = NativeDetector()
val isTampered = detector.isTampered(context)

Constructors

NativeDetector

constructor(logger: Logger = Logger.WARN)

Types

Companion

object Companion

Properties

logger

open override var logger: Logger

Logger instance used for logging within the detector.

Functions

analyze

open suspend override fun analyze(context: Context): Double

Determines if the device has been tampered with using native file detection.

exists

external fun exists(pathArray: Array<Any>): Int

Native JNI method that checks for file existence using C/C++ code.

getFilenames

open override fun getFilenames(): List<String>

Provides the list of filenames to check for using native detection.

NativeDetector

See also

Constructors

Types

Properties

Functions