Overview

The Root Detection SDK detects if an application runs on a rooted (Android) or jailbroken (iOS) device, based on residual traces of the rooting method.

To detect if a device is compromised, the Root Detection SDK uses a signature file that is part of the OneSpan Mobile Security Suite package. This signature file must be integrated into your project.

The Root Detection SDK can be used on a variety of devices and supports the following platforms:

Android devices:

  • Minimum Android 6 (API level 23)
  • Target Android 14 (API level 34)

iOS devices:

  • iOS 13 or higher
  • Swift 5.0 or higher
  • Xcode 15 or higher

The Image Scanner SDK package includes the following:

  • MSSRootDetection.xcframework for iOS
  • RootDetectionSDK.aar for Android

Detected rooting and jailbreak methods

The Root Detection SDK detects different rooting or jailbreak methods that are used on Android and iOS, respectively.

Android

The Root Detection SDK detects the following Android rooting methods:

  • Magisk (systemless root)
  • SuperSU
  • KingRoot
  • TowelRoot
  • Framaroot
  • Root master (Root大师)
  • 360 Root (360超级ROOT)
  • Root Ghost (Root Genius)
  • LineageOS
  • OneClickRoot
  • KingoRoot
  • Root Dashi (Zhiqupk Root)

The Root Detection SDK can also handle the following Android Root cloaking tools:

  • RootCloak 2
  • RootCloak Plus
  • Magisk
  • suhide (SuperSU mod)
  • Hide My Root Adfree
  • Hide Rooting Premium

Limitation

If Magisk Hide was used to prevent root detection, the SDK is not able to detect that a device is rooted.

iOS

The Root Detection SDK detects the following iOS jailbreak methods:

  • TaiG
  • Pangu9
  • PPJailbreak
  • yalu102
  • Saïgon

The Root Detection SDK can also handle the following iOS Jailbreak cloaking tools:

  • xCon
  • Officer
  • tsProtector 8
  • tsProtector 8+
  • Snoop-it

Exposed APIs

Classes and methods that are exposed by the Root Detection SDK API have very simple names and consist of a single letter. This enhances security because it complicates reverse-engineering.

The APIs comprise two main methods:

  • s method: Start the analysis process to detect if the phone is rooted/jailbroken.

  • g method: Retrieve the file signature version.

For Android, the APIs are exposed by the P class of the com.vasco package. For iOS, the APIs are exposed by the P object.

For more information, see Integrate the Root Detection SDK.

Constants

The return codes listed in Return codes can be retrieved from the O object.

Return codes
Name Value Error Message
v Current version Version of the Root Detection SDK.
t 14 Current version of the signature file.
n

0

Indicates that the device is not rooted/jailbroken.
z –4600 Indicates an unknown error.
r –4601 Indicates that the device is rooted/jailbroken.
e –4602 Indicates that the signature file is null.
l –4603 Indicates that the signature file length is incorrect—must be at least 256 characters.
f

–4604

Indicates that the signature file format is incorrect—only hexadecimal characters allowed.
i

–4605

Indicates that the signature file is invalid: wrong signature or XML parsing error.
a –4606 Indicates that the version of the signature file is too old to be used by the Root Detection SDK.