Root Detection

Root access, also known as superuser access, grants the user elevated privileges on the operating system, allowing them to bypass the device's native security mechanisms. This type of access represents a significant risk to applications, as it enables unauthorized access to sensitive data, installation of malware, manipulation of system components, and execution of potentially malicious activities without the restrictions imposed by the standard environment.

Root detection constitutes an advanced approach to identifying potentially compromised devices, including those with active Root permissions, unlocked bootloaders, or modified operating systems. This type of check is especially relevant for applications that process sensitive information, perform financial transactions, or rely on the integrity of the execution environment to ensure the security of data and operations.

Technical Mechanism: MAD employs a layered detection approach, which covers the identification of files, binaries, and permissions associated with Root access, verification of the bootloader state, including its locked or unlocked condition, as well as contextual analysis of the device's operating environment. This analysis considers indicators of system modification, inconsistencies in the expected behavior of the operating system, and signs of undue privilege elevation, allowing risk classification and application of the configured response measures.

<rootDetection> 
    <enabled>true</enabled> 
    <selinux>true</selinux> 
    <unlockedBootloader>true</unlockedBooder> 
</rootDetection>