All Your Root Checks Belong to Us - The Sad State of Root Detection

Explore the vulnerabilities in root detection mechanisms for Android devices in this Black Hat conference talk. Delve into the world of mobile security, focusing on the challenges posed by rooted devices in the context of Bring Your Own Device (BYOD) policies and Mobile Device Management (MDM) solutions. Analyze popular Android security applications and BYOD solutions to understand their root detection methods. Learn about reverse engineering techniques used to circumvent these checks, and discover AndroPoser, a tool designed to bypass root detection. Gain insights into the implications of easily subverted root checks for both personal and corporate data security on mobile devices. Examine the broader impact on mobile device security practices and the need for more robust detection methods in an increasingly BYOD-oriented workplace.

Intro
Agenda
Context
Root Devices
Java
Tools
Results
General Device Settings
Root Checks
Root Check Results
Root Clock
AirWatch
Library hooking
Conclusion
What we learned
Questions