Root Detection

A rooted device is able to change the runtime of the application and thus change its behaviour. It also increases the likelihood of third-party malicious applications to be installed and affecting unsuspecting applications to change their behaviour or extract sensitive information. Therefore detecting a rooted device is a way to protect against executing sensitive operations in less secure or possibly compromised environments.

With a rooted device, one is able to bypass SSL certificate pinning, a widely used method to prevent network traffic interception and manipulation. An app developer might pin the SSL certificates the app uses for its encrypted communication, thinking traffic is secured and cannot be manipulated or inspected. Secret values in transit might be leaked leading to a vulnerable and exploitable service. There are several methods to bypass SSL certificate pinning, most of which and the easier ones rely on having a rooted device. Having a rooted device make this bypass trivial (https://krushnalipane.medium.com/bypassing-android-ssl-pinning-194e41a0d807).