326 – Detect rooted devices

Summary

Mobile applications must check whether the device on which they will run is rooted.

Description

Rooting is a process that grants mobile device users privileged control over the device's system. Applications running on such devices are susceptible to technical information leaks (database connection strings, source code, certificates, etc.). Therefore, applications must check whether the device is rooted and inform the user about the associated risks, or prevent its own execution.

Supported In

Essential: True

Advanced: True

References

• OWASPM10-M8. Code tampering
• MITRE-M1034. Limit hardware installation
• CMMC-MP_L2-3_8_7. Removable media
• HITRUST-13_m. Accuracy and quality
• FEDRAMP-CM-7_5. Least functionality - Authorized software, whitelisting
• ISO27002-7_9. Security of assets off-premises
• ISO27002-8_26. Application security requirements
• ISSAF-S_5_8. Web server security - Countermeasures (run as a non-root user)
• CWE-693. Protection mechanism failure
• ISO27001-7_9. Security of assets off-premises
• ISO27001-8_26. Application security requirements

Weaknesses

• 279 – Root detection control bypass
• 048 – Lack of root detection

Last updated

2023/09/18