Android rooting enables device owners to freely customize their own devices. However, rooting system weakens the security of Android devices and opens the backdoor for malware to obtain privileged access easily. For this reason, some developers have introduced detection mechanisms for sensitive or high-value mobile apps to mitigate the potential security risks. Nevertheless, the existing root prevention and detection methods generally lack universality. In this paper, we studied the existing Android root detection methods and found the both parties have ignored the traces of the relevant behavior in the log. Thus, we proposed the system log based root state detection method. In the method, we directly use the existing log information to find clues to verify the system root state on one hand, on the other hand, to use the triggering features of some special operations to update and enrich the log information. The results show that, even be deliberately erased, some log information is still remained which can be used to verify whether system was rooted or not.
[1]
William Enck,et al.
PREC: practical root exploit containment for android devices
,
2014,
CODASPY '14.
[2]
Yuewu Wang,et al.
DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices
,
2015,
NDSS.
[3]
Konstantin Beznosov,et al.
Android Rooting: Methods, Detection, and Evasion
,
2015,
SPSM@CCS.
[4]
Azzedine Benameur,et al.
All your Root Checks are Belong to Us: The Sad State of Root Detection
,
2015,
MobiWac.
[5]
Yuewu Wang,et al.
Once Root Always a Threat: Analyzing the Security Threats of Android Permission System
,
2014,
ACISP.
[6]
Hang Zhang,et al.
Android Root and its Providers: A Double-Edged Sword
,
2015,
CCS.