期刊名称:Journal of King Saud University @?C Computer and Information Sciences
印刷版ISSN:1319-1578
出版年度:2022
卷号:34
期号:5
页码:1950-1957
语种:English
出版社:Elsevier
摘要:Running applications on a rooting device makes the application vulnerable to data leakage. Therefore, many applications that require a high level of security are not allowed to run on rooted device. Common technique of detecting rooted device is by using Android API to discover rooting trace. However, the detection can be bypassed using Java function hooking script by the people who want to run the app on rooted device. This research will give illustration that the bypassing process becomes more easy with automation tool and hybrid analysis. In order to create the script, we use combination of static and dynamic analysis with three phases with specific function. Phase 1 aims to detect the estimated Java method that detect rooting, phase 2 will analyze that method on an unrooted device, then phase 3 will create the bypassing script based on the previous result. We also use automation tool to speed up the static analysis. We create two types of script: one that can be used on general application, and the other one that only can be used on specific app. Those types implement different scope: one with the certain Java method, and the other one with specific parameter or return value. In the end, we find that bypassing rooting detection is not complicated if the app use Java function to detect the rooted device. To complicate bypassing process, we encourage the developers to implement more advanced detection rooting technique.
