Learn the 3 Easy Steps to Protect Android Apps from Rooting & Rooting Tools. Block Magisk, Magisk Manager, and other rooting tools and frameworks. No code, No SDK.
Rooting is the process of unlocking the Android OS to gain administrative control (aka: root privileges) over the entire device, OS and file system. Rooting is a form of privilege escalation. Hackers use Rooting to attain privileged control (known as root access) over various Android subsystems. As Android uses the Linux kernel, rooting an Android device gives similar access to administrative (superuser) permissions as on Linux or any other Unix-like operating system.
There are essentially 3 methods to Root Android and literally several hundred apps that can be used to facilitate the process. Here’s a quick overview of the 3 rooting methods:
As I said above, there are literally hundreds of tools that involve, enable or take advantage of rooting in some way. I will categorize those tools below.
There are 4 main categories of hacker tools that involve Android Rooting. I created the following chart in an attempt to categories these tools and explain the differences between the tools and how they are used. Note that some tools belong to multiple categories, mainly because many of these tools are quite versatile and multi-functional.
| TOOL | DESCRIPTION | KEY FUNCTION | EXAMPLE |
| Rooting Tools | Tools, apps or frameworks which are used to Root Android devices. (I.e. hackers use these tools to perform the act of “rooting” the Android operating system) | * Root Android devices * Elevate privileges (gain SU – Superuser Status) * Obtain access to and modify the file system | * Magisk * Xposed Framework |
| Root Hiding Tools Root Bypass Tools Root Cloaking Tools | These are tools, apps, or frameworks which are designed to evade detection or bypass root detection protections. | * Bypass root detection tools by changing system files or settings, or sending fake signals * Hide other apps that are using root access * Conceal rooted device status * Conceal themselves | * Magisk Manager * Xposed Framework * SuperusersSU |
| Permissions Management Apps for Rooting | Tools which are designed to manage the file system and grant/revoke/modify root permission for other apps that are also installed on the device. | * Manage admin or superuser access permissions for other rooting apps * enable more advanced, abstracted, or prepackaged hacking functions | * Magisk Manager * Xposed Framework * SuperusersSU |
| Frameworks that rely on or require Rooting to function at full effectiveness. | Tools that rely on rooting and/or abuse elevated privileges to hack or change other apps | * create ‘mods’ * dynamically instrument or inject code * Hooking frameworks (perform function, method, or API hooking) * memory editing * Fuzzing * Hex editing * Debug/decompile games * Create virtual environments to scale or conceal activity | * VirtualSpaces * Lucky Patcher * GameGuardian * Cheat Engine * Frida * Nox Emulator * EdXposed |
The above tools are often ‘mixed and matched’ in many different ways to achieve very specific outcomes. Here are a few specific real-world examples that I’ve come across in my research:
Use Case 1: Casual Gamer who wants to cheat, but doesn’t have a ton of hacking/coding experience:
Use Magisk to Root an Android device. Then install Magisk Manager to manage access to the other apps for which you intend to grant root privileges, such as Lucky Patcher. You can then use Lucky Patcher to cheat or modify mobile games (for example, bypass licensing verifications, turn off google ads, modify in-app purchase logic, change game values).
Use Case 2: More experienced gamer/hacker who wants to cheat in mobile games in a very specific way, or who wants to build ‘mods’ or tools for other cheaters to use.
Like the use case above, this gamer may use the same or similar tools to initially achieve root access (eg: Magisk or Xposed). But then they might use an app like GameGuardian to do a little more reverse engineering by using GameGuardian’s built-in debugger, emulator, or fuzzer to understand how and where game values are stored and so that they can change those values. But let’s assume this hacker wants those values to be permanent (ie: she doesn’t want to repeat these tasks every time she wants to play (cheat) in the game. Or maybe she wants to enable other players (cheaters). Now that she knows where and how these values are stored, she might pick up a tool like Frida, and use Frida’s dynamic code instrumentation capabilities to inject new code (ie: she will replace the existing code which stores game values and replace it with her own code), then repackage the new game up as a ‘mod’. Or similarly, she can use a hex editor or an Emulator like Nox to engage in ROM-hacking, to edit the memory to (to unlock game features, bypass in-app purchases, add more value to the game, etc).
Building an app with Appdome’s Root Prevention enables the app to detect if it was installed on a Rooted Android device. If a rooted device was found, the application has the capability to protect itself (RASP).
Appdome secured apps are not susceptible to the Magisk root (and root hiding) rooting methods. Currently, among the most popular rooting methods are Magisk and MagiskHide. These include access to /sbin/su, and SELinux policy modifications. These methods are hard to detect with standard root detection protections. Appdome can detect if the device has been rooted in these methods, which renders the root hiding mechanism ineffective.
Congratulations! You now have a mobile app fully integrated with Enhanced Root Detection.
Appdome offers additional options to protect the mobile OS and environment.
Appdome’s no-code mobile app security platform offers mobile developers, DevSec and security professionals a convenient and reliable way to protect Android apps with Root Prevention. When an Appdome user clicks “Build My App,” Appdome leverages a microservice architecture filled with 1000s of security plugins, and an adaptive code generation engine that matches the correct required plugins to the development environment, frameworks, and methods in each app.
Here’s what you need to build secured apps with Root Prevention.
After successfully securing your app using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include:
Or, see this quick reference Releasing Secured Android & iOS Apps built on Appdome.
Check out the related KB on Jailbreak Prevention iOS
Check out the full menu of features in the Appdome Mobile Security Suite
If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.
Or request a demo at any time.
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.
REDWOOD CITY OFFICE
3 Twin Dolphin Drive,
Suite 375 Redwood City, CA 94065
Phone: +1.650.567.6100
Mobile: +1.844.360.FUSE (3873)
Email: info@appdome.comISRAEL OFFICE
2 Eliezer Kaplan St,
12th floor Tel Aviv,
Israel 6473403
Phone: +972.3.720.7915
Email: info@appdome.com©2021 Appdome, Inc. All rights reserved. This Website requires the use of technical cookies and, with your consent, profiling, and third-party analytics to improve your experience. If you continue to use our Website, or by clicking any items of our Website, you agree to this.