This is a decent outline; http://su.chainfire.eu/#how-available
Though - you should remember, if the phone is rooted and you can't trust it, don't expect there to be a foolproof way to see "is it trustable/not-rooted"... Since well, they can control that as well! -Tim Strazzere On Mon, Dec 3, 2012 at 3:17 PM, Dominik Schürmann < [email protected]> wrote: > Hi, > > you could search for the "su" binary or open a shell and try to execute > "su". > > Regards > Dominik > > On 04.12.2012 00:15, Subbu Srinivasan wrote: > > So what are the most reliable ways to detect jail broken devices. > > > > > > On Mon, Dec 3, 2012 at 1:43 PM, Jeffrey Walton <[email protected]> > wrote: > > > >> On Sun, Dec 2, 2012 at 3:32 AM, JonS <[email protected]> wrote: > >>> > >>> How much of the security model breaks if the phone is rooted? Is there > >> an > >>> article on this? I am trying to write a secure app that transfers > >> sensitive > >>> information between apps, but I am worried if the user roots their > phone > >> and > >>> spawns a malicious app as root, that the security model will break > apart. > >> Yep. That's a problem with systems that use Discretionary Access > >> Controls (DACs). > >> > >> It is usually dealt with in a couple of ways. First, use SEAndroid > >> which moves to policy based Mandatory Access Controls (MACs). Under > >> SEAndroid, root is just another user who is contained. > >> > >> Second is policy and procedures. You create a policy that says, "you > >> cannot root or jail break your phone," and you place procedures to > >> detect rooting or jailbreaks. Then you get yourself a stick - the > >> carrot is optional. > >> > >> Jeff > >> > >> -- > >> You received this message because you are subscribed to the Google > Groups > >> "Android Security Discussions" group. > >> To post to this group, send email to > >> [email protected]. > >> To unsubscribe from this group, send email to > >> [email protected]. > >> For more options, visit this group at > >> http://groups.google.com/group/android-security-discuss?hl=en. > >> > >> > > > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
