Rooted devices can be an issue for multiple reasons. Attackers might run the application on a rooted device in order to get access to the application binary, to reverse engineer it, extract sensitive data, or manipulate the application's behavior. Regular users might have rooted their devices for reasons unrelated to your app, but by doing so they broke the secure environment provided by the Android operating system, and thereby made their data and accounts susceptible to attack. For applications handling sensitive data or subject to data-processing regulations, operating on rooted devices might be an unacceptable risk.
Configuring Root Checks
To have Dotfuscator inject Root Checks into your Xamarin.Android or MAUI Android application, first enable Checks.
Then, configure the Checks in the Config Editor or by annotating your source code with
Both of these methods allow you to specify various properties that determine how the Check operates; for a full listing, see the
RootCheckAttribute section of the Check Attributes page.
Supported Application Types
Dotfuscator can inject Root Checks into Xamarin.Android assemblies, and will prevent you from injecting into Xamarin assemblies for other platforms. You can inject into non-Xamarin-specific assemblies (such as PCL or .NET Standard libraries), but doing so will make the assembly dependent on the Xamarin Android framework. Note that this dependency is not usually an issue for other (Xamarin) platforms that use the shared library, because the Root Check is only injected into an Android-specific copy of the library, in most build scenarios. Dotfuscator can also inject Root Checks into MAUI Android assemblies.
QUERY_ALL_PACKAGESpermission. See the Xamarin documentation regarding Android permissions. Google permits using
QUERY_ALL_PACKAGESonly for certain circumstances. This is due to the latest update on Developer Program Policy. You can still use Root Check functionality without
Most emulators will trigger the Root Check (because they are effectively rooted devices), so you can usually test rooted behavior in an emulator, and non-rooted behavior on a (non-rooted) device. Exercise the locations of your Root Checks to observe how the application reacts to the root user being available.