AarogyaSetu_Android
AarogyaSetu_Android copied to clipboard
isRooted Detection can be improved
isRooted Only check the test-keys , uperuser.apk and su but system can be rooted with many other way.
Like TEST KEYS DEV KEYS NON RELEASE KEYS DANGEROUS PROPS PERMISSIVE SELINUX SU EXISTS SUPERUSER APK SU BINARY BUSYBOX BINARY XPOSED RESETPROP(EXPERIMENTAL) WRONG PATH PERMITION HOOKS
these are some key points
https://github.com/DimaKoz/meat-grinder
This uses some some native NDK methods to check so..
I can push this mechanisam as I've implemented this in my another app
Thanks n Regards: Haneet Singh Chhabra
Yup i agree..the root detection used here is old-school 👍..
isRooted Only check the test-keys , uperuser.apk and su but system can be rooted with many other way.
Like TEST KEYS DEV KEYS NON RELEASE KEYS DANGEROUS PROPS PERMISSIVE SELINUX SU EXISTS SUPERUSER APK SU BINARY BUSYBOX BINARY XPOSED RESETPROP(EXPERIMENTAL) WRONG PATH PERMITION HOOKS
these are some key points
https://github.com/DimaKoz/meat-grinder
This uses some some native NDK methods to check so..
I can push this mechanisam as I've implemented this in my another app
Thanks n Regards: Haneet Singh Chhabra
I will suggest to raise a PR with proper comment. This will help developer to understand your concern in more efficient manner and as you have already implemented, you may know pros and cons in better way and able to provide solution more efficiently.
isRooted Only check the test-keys , uperuser.apk and su but system can be rooted with many other way. Like TEST KEYS DEV KEYS NON RELEASE KEYS DANGEROUS PROPS PERMISSIVE SELINUX SU EXISTS SUPERUSER APK SU BINARY BUSYBOX BINARY XPOSED RESETPROP(EXPERIMENTAL) WRONG PATH PERMITION HOOKS these are some key points https://github.com/DimaKoz/meat-grinder This uses some some native NDK methods to check so.. I can push this mechanisam as I've implemented this in my another app Thanks n Regards: Haneet Singh Chhabra
I will suggest to raise a PR with proper comment. This will help developer to understand your concern in more efficient manner and as you have already implemented, you may know pros and cons in better way and able to provide solution more efficiently.
This feature will increase the app size and require NDK support so before pr I just want to make sure, they actually want it.
Root beer is another popular library that is utilised in other govt apps as well
Root beer is another popular library that is utilised in other govt apps as well
This looks pretty good, I guess..
Root beer is another popular library that is utilised in other govt apps as well
I just spoke to some people.. magisk bypass this lib..
now we are reviewing is 'https://github.com/DimaKoz/meat-grinder' 'magisk' safe or not
There is no perfect root detection library..even the one you mentioned above can be bypassed..I use Magisk + Xposed and can see it giving result as 'Non-rooted'
now we are reviewing is 'https://github.com/DimaKoz/meat-grinder' 'magisk' safe or not
Just Reviewing test came across..
meat-grinder is magisk safe..
we can use it
There is no perfect root detection library..even the one you mentioned above can be bypassed..I use Magisk + Xposed and can see it giving result as 'Non-rooted'
Okay
Related https://github.com/nic-delhi/AarogyaSetu_Android/issues/26
What is the rationale for this? Since the app has been open-sourced, if someone wanted to run it on a rooted phone, they could simply edit the source to skip the root check and then build an APK of that and use it, right? As I commented on #26, whatever client-side checks are implemented in the app for stopping mock location, rooted use etc., a malicious actor could bypass them in their own build of the app and continue to remain malicious.
What is the rationale for this? Since the app has been open-sourced, if someone wanted to run it on a rooted phone, they could simply edit the source to skip the root check and then build an APK of that and use it, right? As I commented on #26, whatever client-side checks are implemented in the app for stopping mock location, rooted use etc., a malicious actor could bypass them in their own build of the app and continue to remain malicious.
I Don't think so they're going to provide end links..
they may provide server side code which you need to implement in your environment..
but for usage of this app you need to download it from play store
you can make changes in these android or server code and raise a pull request. They may include it and push that to production..
It will not be useful , bypass root is very easy.
Just a wasting of time
The thing is safetynet with tee, anyway I don't know if anybody uses these apps.
It will not be useful , bypass root is very easy.
Just a wasting of time
The thing is safetynet with tee, anyway I don't know if anybody uses these apps.
Yeah.. You're right, someone will crack it.. but we still need to add as much as security as we can..
now we are reviewing is 'https://github.com/DimaKoz/meat-grinder' 'magisk' safe or not
Just Reviewing test came across..
meat-grinder is magisk safe..
we can use it
FYI It's not magisk safe..