Determining if an Android device is rooted programmatically? [duplicate]

Possible Duplicate:
Determine if running on a rooted device

How do you determine (programmatically) if an Android device is: rooted Running a cracked copy of your software or rom.

I have some sensitive information in my database, and I would like to encrypt it when the phone is rooted aka the user has access to the database. How do I detect that?


Solution 1:

Rooting detection is a cat and mouse game and it is hard to make rooting detection that will work on all devices for all cases.

See Android Root Beer https://github.com/scottyab/rootbeer for advanced root detection which also uses JNI and native CPP code compiled into .so native library.

If you need some simple and basic rooting detection check the code below:

  /**
   * Checks if the device is rooted.
   *
   * @return <code>true</code> if the device is rooted, <code>false</code> otherwise.
   */
  public static boolean isRooted() {

    // get from build info
    String buildTags = android.os.Build.TAGS;
    if (buildTags != null && buildTags.contains("test-keys")) {
      return true;
    }

    // check if /system/app/Superuser.apk is present
    try {
      File file = new File("/system/app/Superuser.apk");
      if (file.exists()) {
        return true;
      }
    } catch (Exception e1) {
      // ignore
    }

    // try executing commands
    return canExecuteCommand("/system/xbin/which su")
        || canExecuteCommand("/system/bin/which su") || canExecuteCommand("which su");
  }

  // executes a command on the system
  private static boolean canExecuteCommand(String command) {
    boolean executedSuccesfully;
    try {
      Runtime.getRuntime().exec(command);
      executedSuccesfully = true;
    } catch (Exception e) {
      executedSuccesfully = false;
    }

    return executedSuccesfully;
  }

Probably not always correct. Tested on ~10 devices in 2014.

Solution 2:

If the information is sensitive you should probably just encrypt it for all users. Otherwise a user could install your app unrooted, then root and read your database once the data's been written.