How to Protect Android Apps from Rooting & Rooting Tools

 

Learn the 3 Easy Steps to Protect Android Apps from Rooting & Rooting Tools.  Block Magisk, Magisk Manager, and other rooting tools and frameworks.  No code, No SDK.

What is Android Rooting?

Rooting is the process of unlocking the Android OS to gain administrative control (aka: root privileges) over the entire device, OS and file system. Rooting is a form of privilege escalation. Hackers use Rooting to attain privileged control (known as root access) over various Android subsystems. As Android uses the Linux kernel, rooting an Android device gives similar access to administrative (superuser) permissions as on Linux or any other Unix-like operating system.

Rooting Methods

There are essentially 3 methods to Root Android and literally several hundred apps that can be used to facilitate the process. Here’s a quick overview of the 3 rooting methods:

  1. Unlocking the bootloader, then re-flashing a zip file that contains the ‘su’ binary (superuser) to gain ‘root access’ or administrative privileges over the entire OS and file system
  2. Exploiting a software bug – same outcome, a different method than above. In this case, your goal is still to elevate privileges via the su binary, but instead of modifying the bootloader to do so, you’re exploiting a bug in the software in order to achieve root access.
  3. Custom ROM
    1. Flashing a custom ROMThis is a modified version of number 1 above, but in this case you’re installing a custom pre-packaged ROM that has comes ‘out of the box’ rooted.
    2. Using a Framework (like Xposed) – You can customize the OS without Flashing ROM, using one of the ‘modules’ from a framework like Xposed.

As stated above, there are literally hundreds of tools that take advantage of rooting Android in some way. I will categorize those tools below.

Rooting Tools – Categorized and Explained

There are 4 main categories of hacker tools that involve Android Rooting. I created the following chart in an attempt to categories these tools and explain the differences between the tools and how they are used. Note that some tools belong to multiple categories, mainly because many of these tools are quite versatile and multi-functional.

TOOL DESCRIPTION KEY FUNCTION EXAMPLE
Rooting Tools Tools, apps or frameworks which are used to Root Android devices.
(I.e. hackers use these tools to perform the act of “rooting” the Android operating system)
* Root Android devices
* Elevate privileges (gain SU – Superuser Status)
* Obtain access to and modify the file system
* Magisk, Magisk Manager
* Xposed Framework
Root Hiding Tools
Root Bypass Tools
Root Cloaking Tools
These are tools, apps, or frameworks that are designed to evade detection or bypass root detection mechanisms. * Bypass root detection tools by changing system files or settings, or sending fake signals
* Hide other apps that are using root access
* Conceal rooted device status
* Conceal themselves
* Magisk Hide
* Xposed Framework
* SuperusersSU
Permissions Management Apps for Rooting Tools that are designed to manage the file system and grant/revoke/modify root permission for other apps that are also installed on the device. * Manage admin or superuser access permissions for other rooting apps
* enable more advanced, abstracted, or prepackaged hacking functions
* Magisk Manager
* Xposed Framework
* SuperusersSU
Frameworks that rely on or require Rooting to function at full effectiveness. Tools that rely on rooting and/or abuse elevated privileges to hack or change other apps * create ‘mods’
* dynamically instrument or inject code
* Hooking frameworks (perform function, method, or API hooking)
* memory tracing and memory editing
* Fuzzing
* Hex editing
* Debug/decompile games
* Create virtual environments to cheat/hack at scale or conceal activity
* VirtualSpaces
* Lucky Patcher
* GameGuardian
* Cheat Engines
* FRIDA
* Nox Emulator
* EdXposed

 

USE CASES – How Hackers Use Rooting Tools to Cheat in Mobile Games

Hackers often use several of these tools together, combining rooting tools from different categories to complement one another and to achieve specific outcomes. Here are a few specific real-world examples:

Use Case 1: Casual Gamer who wants to cheat, but doesn’t have a ton of hacking/coding experience:

Use Magisk to Root an Android device. Then install Magisk Manager to manage access to the other apps for which you intend to grant root privileges, such as Lucky Patcher. You can then use Lucky Patcher to cheat or modify mobile games (for example, bypass licensing verifications, turn off google ads, modify in-app purchase logic, change game values).

 

Use Case 2: More experienced gamer/hacker who wants to cheat in mobile games in a very specific way, or who wants to build ‘mods’ or tools for other cheaters to use.

Like the use case above, this gamer may use the same or similar tools to initially achieve root access (eg: Magisk or Xposed). But then they might use an app like GameGuardian to do a little more reverse engineering by using GameGuardian’s built-in debugger, emulator, or fuzzer to understand how and where game values are stored and so that they can change those values.  But let’s assume this hacker wants those values to be permanent (ie: she doesn’t want to repeat these tasks every time she wants to play (cheat) in the game. Or maybe she wants to enable other players (cheaters). Now that she knows where and how these values are stored, she might pick up a tool like FRIDA, and use FRIDA’s dynamic code instrumentation capabilities to inject new code (ie: she will replace the existing code which stores game values and replace it with her own code), then repackage the new game up as a ‘mod’.  Or similarly, she can use a hex editor or an Emulator like Nox to engage in ROM-hacking, to edit the memory to (to unlock game features, bypass in-app purchases, add more value to the game, etc).

How to Protect Android Apps Against Rooting

Building an app with Appdome’s Root Prevention enables the app to detect if it was installed on a Rooted Android device. If Rooting is detected, the protected app will close/exit in order to protect itself. Optionally different enforcement actions can be instrumented by developers using Threat Events.

Appdome secured apps are not susceptible to the Magisk root (and root hiding) rooting methods. Currently, among the most popular rooting methods are Magisk and MagiskHide. These include access to/sbin/su, and SELinux policy modifications. These methods are hard to detect with standard root detection protections. Appdome can detect if the device has been rooted in these methods, which renders the root hiding mechanism ineffective.

Appdome also protects against mobile game cheats and cheat engines that rely on rooting in order to function.

3 Easy Steps to Protect Apps from Android Rooting

  1. Upload a Mobile App to Your Account (can be s .apk or .aab file)
  2. In the Build Tab, Select Root Prevention
  3. Click Build My App.

Congratulations! The app is now secured with Root Prevention.

Fusion Success Notification

Optional Features 

Appdome offers additional options to protect the mobile OS and environment.

  1.  (optional for Android only) Click the toggle next to Detect SELinux Enforcement to enable the feature and treat non-SELinux enforced devices as rooted
  2. (Optional) Customize the message given to the user when a rooted device is detected under App Compromise Notification
  3. Enable Threat Events to configure this security alert on your app.

Appdome’s no-code mobile app security platform offers mobile developers, DevSec and security professionals a convenient and reliable way to protect Android apps with Root Prevention. When an Appdome user clicks “Build My App,” Appdome leverages a microservice architecture filled with 1000s of security plugins, and an adaptive code generation engine that matches the correct required plugins to the development environment, frameworks, and methods in each app.

Prerequisites

Here’s what you need to build secured apps with Root Prevention. 

No Coding Dependency

Using Appdome, there are no development or coding prerequisites to build secured apps with Root Prevention. There is no SDK and no library to manually code or implement in the app. The Appdome technology adds the relevant standards, frameworks, and logic to the app automatically, with no manual development work at all.

How to Sign & Publish Secured Mobile Apps Built on Appdome  

After successfully securing your app using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include 

Or, see this quick reference Releasing Secured Android & iOS Apps built on Appdome. 

 How to Learn More

Check out the related KB on Jailbreak Prevention iOS

Check out the full menu of features in the Appdome Mobile Security Suite

If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.

Or request a demo at any time.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

Jan Sysmans

Have a question?

Ask an expert

GaliMaking your security project a success!

Get Your Copy
2021 Global Mobile
Consumer Security
Survey