Root detection is bypassed using the FRIDA tool and some other Root management apps.

[viplsantosh]

Dear Sir,

We have implemented the plugin in our Cordova mobile app to resolve the "Widened Application attack surface - Application allowed to run on a Rooted Device" security concern. However, in normal cases, it is detecting whether the device is rooted or not. when they are bypassed using the FRIDA tool, able to do so.

kindly let me know if you can help us resolve the same.

Hoping for your positive response on this.

Thanks in advance.

Device name & manufacturer: All devices Android version:9+ Cordova Version:12.0.0 (cordova-lib@12.0.1) Cordova Android Version: 13 Android SDK: Giraffe | 2022.3.1 Patch 1 Plugin Version: latest

[karandpr]

You will have to run some custom checks. https://github.com/OWASP/owasp-mastg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md

1.) Prevent running tampered APKs using Play Integrity 2.)Run custom Anti-Frida checks from "non-tampered' APKs. Make sure you collect data from APK and perform integrity checks on server.