I think this has been discussed at length before, but as there's not really any universally accepted definition of what it even means to be "rooted," there's also no 100% accurate test to detect whether a device is rooted or not.
kris On Mon, Dec 3, 2012 at 6:15 PM, Subbu Srinivasan <ssriniva...@gmail.com> wrote: > So what are the most reliable ways to detect jail broken devices. > > > > On Mon, Dec 3, 2012 at 1:43 PM, Jeffrey Walton <noloa...@gmail.com> wrote: >> >> On Sun, Dec 2, 2012 at 3:32 AM, JonS <thejunk...@gmail.com> wrote: >> > >> > How much of the security model breaks if the phone is rooted? Is there >> > an >> > article on this? I am trying to write a secure app that transfers >> > sensitive >> > information between apps, but I am worried if the user roots their phone >> > and >> > spawns a malicious app as root, that the security model will break >> > apart. >> Yep. That's a problem with systems that use Discretionary Access >> Controls (DACs). >> >> It is usually dealt with in a couple of ways. First, use SEAndroid >> which moves to policy based Mandatory Access Controls (MACs). Under >> SEAndroid, root is just another user who is contained. >> >> Second is policy and procedures. You create a policy that says, "you >> cannot root or jail break your phone," and you place procedures to >> detect rooting or jailbreaks. Then you get yourself a stick - the >> carrot is optional. >> >> Jeff >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Android Security Discussions" group. >> To post to this group, send email to >> android-security-discuss@googlegroups.com. >> To unsubscribe from this group, send email to >> android-security-discuss+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/android-security-discuss?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > android-security-discuss@googlegroups.com. > To unsubscribe from this group, send email to > android-security-discuss+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to android-security-discuss@googlegroups.com. To unsubscribe from this group, send email to android-security-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
