🪓 Root Check
The Malloc Security SDK offers a comprehensive root detection feature that checks for common indicators of a rooted device. This includes known rooting binaries, packages, superuser access, and modified security properties.
Available from version 0.2.0+
Option 1: Asynchronous Usage
Java
MallocSDK.rootCheckAsync(new MallocSDK.ScanFinishedCallback() {
@Override
public void onScanFinished(JSONObject rootCheckResults) {
// Use the rootCheckResults
}
});
Option 2: Synchronous Usage
Do not call this on the main/UI thread.
Java
ExecutorService executor = Executors.newSingleThreadExecutor();
executor.execute(new Runnable() {
@Override
public void run() {
JSONObject rootCheckResults = MallocSDK.rootCheckSync();
// Use the rootCheckResults
}
});
executor.shutdown();
📦 Sample JSON Response
{
"status": "success",
"details": {
"rooted_flag": true,
"root_check_results": [
{
"issue_found": false,
"check_description": "Root Management Apps"
},
{
"issue_found": false,
"check_description": "Potentially Dangerous Apps"
},
{
"issue_found": false,
"check_description": "Root Cloaking Apps"
},
{
"issue_found": false,
"check_description": "Test Keys"
},
{
"issue_found": false,
"check_description": "BusyBox Binary"
},
{
"issue_found": false,
"check_description": "SU Binary"
},
{
"issue_found": false,
"check_description": "2nd SU Binary check"
},
{
"issue_found": false,
"check_description": "RW Paths"
},
{
"issue_found": true,
"check_description": "Dangerous Props"
},
{
"issue_found": false,
"check_description": "Root via native check"
},
{
"issue_found": false,
"check_description": "Magisk specific checks"
}
]
}
}
Interpretation
rooted_flag: A high-level boolean flag indicating if the device appears to be rooted.root_check_results: A list of all individual root checks performed, with their respective results and descriptions.issue_found: A boolean indicating whether the check flagged something (true = suspicious, false = clean)check_description: A short, readable explanation of what that check was about. Possible values:- Root Management Apps: Checks against known root management applications.
- Potentially Dangerous Apps: Detects apps that typically require root privileges.
- Root Cloaking Apps: Identifies root-hiding apps and checks native library read access.
- Test Keys: Verifies kernel signing status (Release-Keys vs Test-Keys).
- BusyBox Binary: Scans common system locations for BusyBox.
- SU Binary: Checks common paths for Superuser binary.
- 2nd SU Binary Check: Alternative check for Superuser binary.
- RW Paths: Verifies write permissions on protected system directories.
- Dangerous Props: Examines system properties for known risky configurations.
- Root via Native Check: Performs low-level root detection through native library checks.
- Magisk Specific Checks: Looks for Magisk framework components in common locations.
The status field in the returned JSON indicates the result of the operation. Possible values include:
success– The operation completed successfully and the result contains valid data.failed_sdk_not_initialized– The SDK was not initialized before the function was called. Ensure MallocSDK has been initialised.failed_access_forbidden– The operation was blocked, possibly due to missing permissions or restricted access.failed_no_internet_connection– The device has no active internet connection, which is required to perform the scan.error– A general error occurred during the operation (e.g., unexpected exception or parsing failure).
These status strings are defined as final constants in the MallocSdkResponseJson class.
✅ Best Practices
- Always perform root checks after SDK initialization is completed.
- Use the asynchronous version for better UI performance.
- Always check the status field before relying on other content within the JSON.