An assessment of the detection and evasion scenario of Android root access
Abstract
Android is now the most used operating system in the world making it a target for cyber criminals. Aiming the security of the devices, one of the challenges faced by developers is the detection and evasion of root access. This work investigates root evasion and detection techniques used in practice through a survey, evaluates the effectiveness of applications that aim to detect root, and also of the most downloaded applications on Google Play. Finally, improvements to some of the detection techniques are presented. It is hoped that this study will contribute to the understanding of the dispute between detection and evasion and allow more secure applications to be developed.
Keywords:
Detection, Evasion, Root, Android, Survey
References
CASATI, Luca; VISCONTI, Andrea. The Dangers of Rooting: Data Leakage Detection in Android Applications. Mobile Information Systems, 2018.
EVANS, Nathan; BENAMEUR, Azzedine; SHEN, Yun. All your Root Checks are Belong to Us: The Sad State of Root Detection. Proceedings of the 13th ACM International Symposium on Mobility Management and Wireless Access, p. 81-88. 2015.
KASPERSKY. Rooting your Android: Advantages, disadvantages, and snags. Disponível em <https://www.kaspersky.com/blog/android-root-faq/17135/>. Acessado em 29 de março de 2020.
KOTIPALLI, Srinivasa Rao; IMRAN, Mohammed. Hacking Android. Packt Publishing, 2016.
NGUYEN-VU, Long; CHAU, Ngoc-Tu; KANG, Seongeun; JUNG, Souhwan. Android rooting: An arms race between evasion and detection. Security and Communication Networks, 2017.
POLISCIUC, R.; ALBINI, L.; Grégio, A.; BONA, L. Análise de Aplicativos no Android utilizando Traços de Execução. Simpósio Brasileiro de Segurança da Informação, 2020.
STATISTA. Smartphone users worldwide 2020. Disponível em <https://www.statista.com/statistics/330695/number-of-smartphone-users-worldwide/>. Acessado em 29 de março de 2020.
SUN, San-Tsai; CUADROS, Andrea; BEZNOSOV, Konstantin. Android rooting: Methods, detection, and evasion. Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, p. 3-14. 2015.
TERMUX. Termux root packages. Disponível em <https://github.com/termux/termux-root-packages/tree/master/packages>. Acessado em 16 de maio de 2020.
WOHLIN, C.; Runeson, P.; Höst, M.; Ohlsson, M. C.; Regnell, B.; Wesslén, A. Experimentation in software engineering. Springer Science & Business Media, 2012.
EVANS, Nathan; BENAMEUR, Azzedine; SHEN, Yun. All your Root Checks are Belong to Us: The Sad State of Root Detection. Proceedings of the 13th ACM International Symposium on Mobility Management and Wireless Access, p. 81-88. 2015.
KASPERSKY. Rooting your Android: Advantages, disadvantages, and snags. Disponível em <https://www.kaspersky.com/blog/android-root-faq/17135/>. Acessado em 29 de março de 2020.
KOTIPALLI, Srinivasa Rao; IMRAN, Mohammed. Hacking Android. Packt Publishing, 2016.
NGUYEN-VU, Long; CHAU, Ngoc-Tu; KANG, Seongeun; JUNG, Souhwan. Android rooting: An arms race between evasion and detection. Security and Communication Networks, 2017.
POLISCIUC, R.; ALBINI, L.; Grégio, A.; BONA, L. Análise de Aplicativos no Android utilizando Traços de Execução. Simpósio Brasileiro de Segurança da Informação, 2020.
STATISTA. Smartphone users worldwide 2020. Disponível em <https://www.statista.com/statistics/330695/number-of-smartphone-users-worldwide/>. Acessado em 29 de março de 2020.
SUN, San-Tsai; CUADROS, Andrea; BEZNOSOV, Konstantin. Android rooting: Methods, detection, and evasion. Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, p. 3-14. 2015.
TERMUX. Termux root packages. Disponível em <https://github.com/termux/termux-root-packages/tree/master/packages>. Acessado em 16 de maio de 2020.
WOHLIN, C.; Runeson, P.; Höst, M.; Ohlsson, M. C.; Regnell, B.; Wesslén, A. Experimentation in software engineering. Springer Science & Business Media, 2012.
Published
2021-10-04
How to Cite
MORAES, Vinícius; VILELA, Jéssyka.
An assessment of the detection and evasion scenario of Android root access. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 21. , 2021, Belém.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2021
.
p. 57-70.
DOI: https://doi.org/10.5753/sbseg.2021.17306.
