Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Root detection is bypassed using the FRIDA tool and some other Root management apps. #12

Open
viplsantosh opened this issue Dec 29, 2023 · 1 comment
Open

Root detection is bypassed using the FRIDA tool and some other Root management apps. #12

viplsantosh opened this issue Dec 29, 2023 · 1 comment

Comments

@viplsantosh
Copy link

Dear Sir,

We have implemented the plugin in our Cordova mobile app to resolve the "Widened Application attack surface - Application allowed to run on a Rooted Device" security concern.
However, in normal cases, it is detecting whether the device is rooted or not. when they are bypassed using the FRIDA tool, able to do so.

kindly let me know if you can help us resolve the same.

Hoping for your positive response on this.

Thanks in advance.

Device name & manufacturer: All devices
Android version:9+
Cordova Version:12.0.0 ([email protected])
Cordova Android Version: 13
Android SDK: Giraffe | 2022.3.1 Patch 1
Plugin Version: latest
@karandpr
Copy link
Owner

You will have to run some custom checks.
https://github.com/OWASP/owasp-mastg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md

1.) Prevent running tampered APKs using Play Integrity
2.)Run custom Anti-Frida checks from "non-tampered' APKs. Make sure you collect data from APK and perform integrity checks on server.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@karandpr @viplsantosh