device-root/com.pingidentity.device.root.detector/RootRequiredAppDetector

RootRequiredAppDetector

object RootRequiredAppDetector : PackageDetector

Pre-configured tamper detector that identifies device compromise by checking for applications that require root access.

This detector extends PackageDetector and specifically looks for installed packages of applications that inherently require root access to function properly. The presence of these applications is a strong indicator that the device has been rooted, as they would be non-functional on unrooted devices.

The detector checks for several categories of root-dependent applications:

ROM Management Tools:

  • ROM Manager (com.koushikdutta.rommanager) - Custom ROM installation and management

  • ROM Manager License (com.koushikdutta.rommanager.license) - Premium version

App Modification & Patching Tools:

  • Lucky Patcher (com.dimonvideo.luckypatcher, com.chelpus.lackypatch, com.chelpus.luckypatcher) - App modification and license bypassing

  • Freedom (cc.madkite.freedom) - In-app purchase manipulation

  • Game CIH (com.cih.game_cih) - Game modification tool

  • Xmod Games (com.xmodgame) - Game modification platform

Security & Quarantine Tools:

  • App Quarantine (com.ramdroid.appquarantine, com.ramdroid.appquarantinepro) - App isolation and management

Alternative App Stores & Piracy Tools:

  • BlackMart (com.blackmartalpha, org.blackmart.market) - Alternative app marketplace

  • Mobilism (org.mobilism.android) - App sharing community

  • All In One Free (com.allinone.free) - Free app repository

  • RepoTRoid (com.repodroid.app) - App repository

Framework Modification Tools:

  • EdXposed Manager (com.solohsu.android.edxp.manager, org.meowcat.edxposed.manager) - Xposed framework variants

Billing & License Bypass:

  • Various billing service modifications (com.android.vending.billing.InAppBillingService.*)

  • Hack tools (org.creeplays.hack, com.baseappfull.fwd)

These applications are designed to modify system behavior, bypass security restrictions, or provide functionality that is only possible with elevated privileges. Their presence strongly suggests device tampering and potential security risks.

Example usage:

val detector = RootRequiredAppDetector()
val isTampered = detector.analyze(context)

// Or in analyze DSL:
val isTampered = analyze {
    detector {
        add(RootRequiredAppDetector())
    }
}
Content copied to clipboard

See also

Properties

Link copied to clipboard
open override var logger: Logger

Logger instance for logging detection process and results.

Functions

Link copied to clipboard
open suspend override fun analyze(context: Context): Double

Determines if the device has been tampered with by checking for root-dependent applications.