Research Article
Android Rooting: An Arms Race between Evasion and Detection
Table 6
Root checking in native library.
| Package name | Library name | Root detection |
| Finance App 1 | libXAS_jni.so | /sbin/su /system/bin/su /system/sbin/su /system/xbin/su /system/xbin/sudo /system/app/superuser.apk /system/app/UnRoot.apk /system/app/Nakup.apk /data/data/com.noshufou.android.su /data/data/com/ajantech.app/UnRoot /data/app/com.noshufou.android.su-2.apk |
| Government 1 | libsmartmedic.so | Store rooting_pattern information into smartmedic1.db file |
| Security App 1 | libEngineManager.so | native.startRootCheck |
| Banking App 1 | libBengine.so | Check /proc/%d/cmdline for su |
| Banking App 2 | libap1.7.8.so | Check su files Check Telephony status Check Wifi status (including MAC address) Check for noshufou and supersu |
| Finance App 2 | libap1.7.2.so | Check for noshufou and supersu |
|
|