TTP-03-012 WP3: Lack of root detection and anti-debugging defenses
Vulnerability type: TTP-03-012 WP3: Lack of root detection and anti-debugging defenses
Threat level: _Low_
Testing confirmed that the current implementation failed to offer root detection and anti- debugging mechanisms. As stipulated in the OWASP MASTG6 guidelines, it is paramount for every Android application to incorporate these features to enhance the overall effectiveness of the anti-tampering schemes, as well as to strengthen the mobile app’s security resilience in general.
To mitigate this issue, Cure53 recommends incorporating a root detection library. With the revised protection, the applications would alert users running on rooted devices. Although this is not considered a comprehensive safeguard, the implementation would suffice toward informing users about the possible dangers associated with operating the app on rooted devices.