Mobile applications must check whether the device on which they will run is rooted.
Rooting is a process that grants mobile device users privileged control over the device's system. Applications running on such devices are susceptible to technical information leaks (database connection strings, source code, certificates, etc.). Therefore, applications must check whether the device is rooted and inform the user about the associated risks, or prevent its own execution.
This requirement is verified in following services
- OWASP-M TOP 10-M8. Code tampering
- NIST Framework-PR_PT-2. Removable media is protected and its use restricted according to policy
- MITRE ATT&CK®-M1034. Limit hardware installation
- CMMC-MP_L2-3_8_7. Removable media
- HITRUST CSF-13_m. Accuracy and quality
- FedRAMP-CM-7_5. Least functionality - Authorized software, whitelisting
- ISO/IEC 27002-7_9. Security of assets off-premises
- ISO/IEC 27002-8_26. Application security requirements
- ISSAF-S_5_8. Web server security - Countermeasures (run as a non-root user)
- CWE™-693. Protection mechanism failure
- ISO/IEC 27001-7_9. Security of assets off-premises
- ISO/IEC 27001-8_26. Application security requirements
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.