Mobile applications must check whether the device on which they will run is rooted.
Rooting is a process that grants mobile device users privileged control over the device’s system. Applications running on such devices are susceptible to technical information leaks (database connection strings, source code, certificates, etc.). Therefore, applications must check whether the device is rooted and inform the user about the associated risks, or prevent its own execution.
CWE-250: Execution with Unnecessary Privileges: The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
CWE-693: Protection Mechanism Failure: The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.