TTP-03-012 WP3: Lack of root detection and anti-debugging defenses

Vulnerability type: TTP-03-012 WP3: Lack of root detection and anti-debugging defenses
Threat level: _Low_

Testing confirmed that the current implementation failed to offer root detection and anti- debugging mechanisms. As stipulated in the OWASP MASTG6 guidelines, it is paramount for every Android application to incorporate these features to enhance the overall effectiveness of the anti-tampering schemes, as well as to strengthen the mobile app’s security resilience in general.

To mitigate this issue, Cure53 recommends incorporating a root detection library. With the revised protection, the applications would alert users running on rooted devices. Although this is not considered a comprehensive safeguard, the implementation would suffice toward informing users about the possible dangers associated with operating the app on rooted devices.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information