RootProgramFileDetector
Pre-configured tamper detector that identifies device rooting by checking for root program files.
This detector extends FileDetector and specifically looks for the presence of core root management program files in the device filesystem. These files are essential components of rooted Android systems and their presence is a strong indicator of device compromise.
The detector searches for the following critical root program files:
su (Superuser Binary):
The fundamental root access binary that grants elevated privileges
Present on virtually all rooted Android devices
Allows applications and users to execute commands with root permissions
Typically installed in system directories like
/system/bin/,/system/xbin/,/su/bin/
magisk:
Binary component of the popular Magisk systemless root solution
Provides advanced root management with hiding capabilities
Offers systemless modifications that don't alter system partition
Includes MagiskHide functionality to conceal root from other applications
These files are searched across all known system paths including standard Android directories, custom root installation locations, and paths from the system PATH environment variable. The detection is performed at the filesystem level, making it difficult to bypass without actually removing or hiding the files.
This detector provides reliable root detection as these program files are essential for root functionality and cannot be easily hidden without breaking root access entirely.
Example usage:
val detector = RootProgramFileDetector()
val isTampered = detector.isTampered(context)
// Or in analyze DSL:
val isTampered = analyze {
detector {
add(RootProgramFileDetector())
}
}