Saving your mobile apps from the danger of rooted devices

Many users don't think of "rooting" or "jailbraeking" of mobile devices as something dangerous, but many app developers do. Essentially, rooting is overridding of normal security procedures on the device, so the apps have "root access", which is the same as to say that they have a system-level administrative privileges. It is great for enabling the user to do the things on their smartphones that they would not have been able to do otherwise. However, it is not so great when any apps you download will be able to do absolutely anything with your phone, including upload of all of your personal data into someone else's server and recording all of the keystrokes that you make.

For the developers of legitimate apps, there is another problem that is created by rooted devices. Rooting makes it a lot easier for people with malicious intent to reverse-engineer or even completely decompile apps. Normally, the app code is compiled into a set of low-level machine instructions that aren't human-readable. However, when other malicious apps have a root access to a given device, those apps can transform the compiled executable into a human-readable code that is available in textual format. This is how people can steal your trade secrets, or worse yet, obtain passwords and security tokens hidden in your code.

Therefore, it is within the interest of mobile app developers to determine if a particular device has been rooted. Unfortunately, the process of doing so was historically hard. There are many ways in which devices can be rooted, therefore a method that would detect one type of rooting will be completely useless against anything else.

The good news is that there is now a way of making the process relatively easy. Dotfuscator, a tool that was specifically designed for obfuscating compiled .NET code, so it cannot be reverse-engineered so easily, has been given the ability to detect many different types of rooting. And, just like the vendors of anti-malware software, the developers of Dotfuscator, PreEmptive Solutions, are actively conducting research an any new methods of rooting. Therefore, just by updating the version of Dotfuscator that runs alongside your mobile app, you can now enable the app to detect rooted device fairly reliably. How the app reacts, it is entirely up to you. You can disable certain features, implement a very specific logic reserved for this kind of scenarios, or just deactivate the whole app.

Dotfuscator is something you can use as a programmer if your platform of choice for app development is Xamarin. Of course, Xamarin in itself gives you plenty of advantages, such as having the same code base for Android, iOS or Universal Windows Platform devices. This is yet another major reason to use it.