Detect rooted devices
Summary
Mobile applications must check whether the device on which they will run is rooted.
Description
Rooting is a process that grants mobile device users privileged control over the device's system. Applications running on such devices are susceptible to technical information leaks (database connection strings, source code, certificates, etc.). Therefore, applications must check whether the device is rooted and inform the user about the associated risks, or prevent its own execution.
References
- OWASPM10-M8. Code tampering
- MITRE-M1034. Limit hardware installation
- CMMC-MP_L2-3_8_7. Removable media
- HITRUST-13_m. Accuracy and quality
- FEDRAMP-CM-7_5. Least functionality - Authorized software, whitelisting
- ISO27002-7_9. Security of assets off-premises
- ISO27002-8_26. Application security requirements
- ISSAF-S_5_8. Web server security - Countermeasures (run as a non-root user)
- CWE-693. Protection mechanism failure
- ISO27001-7_9. Security of assets off-premises
- ISO27001-8_26. Application security requirements
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.
Supported In
This requirement is verified in following services
Essential Plan
Advanced Plan