048 – Lack of root detection
Description
The application does not check whether the Android system on which it is running has been rooted.
Impact
Install malicious tools in order to cause unexpected behaviors.
Recommendation
Validate that the device is not rooted at application startup.
Threat
Unauthorized attacker with a rooted device and the APK installed.
Expected Remediation Time
Score 4.0
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
- Attack vector: L
- Attack complexity: L
- Attack Requirements: N
- Privileges required: N
- User interaction: N
- Confidentiality (VC): L
- Integrity (VI): L
- Availability (VA): N
- Confidentiality (SC): N
- Integrity (SI): N
- Availability (SA): N
Threat 4.0
- Exploit maturity: X