Root Check
A Root Check is a type of Check that detects if the application is running on an Android device that has been rooted or has a malicious software installed or is otherwise compromised, i.e. carries a package that can pose a security risk even when the device is not rooted.
Rooted devices can be an issue for multiple reasons. Attackers might run the application on a rooted device in order to get access to the application binary, to reverse engineer it, extract sensitive data, or manipulate the application's behavior. Regular users might have rooted their devices for reasons unrelated to your app, but by doing so they broke the secure environment provided by the Android operating system, and thereby made their data and accounts susceptible to attack. For applications handling sensitive data or subject to data-processing regulations, operating on rooted devices might be an unacceptable risk.
Root Checks can detect that the device has been rooted and react by notifying the application and hindering the attacker.
Configuring Root Checks
To have Dotfuscator inject Root Checks into your Xamarin.Android or MAUI Android application, first enable Checks.
Then, configure the Checks in the Config Editor or by annotating your source code with RootCheckAttribute
.
Both of these methods allow you to specify various properties that determine how the Check operates; for a full listing, see the RootCheckAttribute
section of the Check Attributes page.
Supported Application Types
Dotfuscator can inject Root Checks into Xamarin.Android assemblies, and will prevent you from injecting into Xamarin assemblies for other platforms. You can inject into non-Xamarin-specific assemblies (such as PCL or .NET Standard libraries), but doing so will make the assembly dependent on the Xamarin Android framework. Note that this dependency is not usually an issue for other (Xamarin) platforms that use the shared library, because the Root Check is only injected into an Android-specific copy of the library, in most build scenarios. Dotfuscator can also inject Root Checks into MAUI Android assemblies.
QUERY_ALL_PACKAGES
permission.
See the Xamarin documentation regarding Android permissions.
Google permits using QUERY_ALL_PACKAGES
only for certain circumstances. This is due to the latest update on Developer Program Policy. You can still use Root Check functionality without QUERY_ALL_PACKAGES
.
Testing
Most emulators will trigger the Root Check (because they are effectively rooted devices), so you can usually test rooted behavior in an emulator, and non-rooted behavior on a (non-rooted) device. Exercise the locations of your Root Checks to observe how the application reacts to the root user being available.