Developers implement root-detection mechanism in Android to prevent users from using their app on a rooted phone. The app (apk) will implement different checks to determine whether the phone is rooted or not. Later, after this check, if the phone is rooted then the APK will display some message like “This device is rooted, exiting the application”, or “This application will not work on rooted device, exiting!”, and it will exit the application.
- How to bypass this – (a) the APK checks at the device level and determines that the device is rooted, (b) APK will display the message and close the application.
- Between the step (a) and step (b), let the APK know that the device is rooted – but before it gives the command to exit the application – we can change the code to not exit the application even if the device is rooted.
Below are the technical steps to perform this. This method works most of the times, and doesn’t need Xposed modules or other tools.
Lets refer the APK/Application as test.apk for this article. Decompile the APK by using apktool, with the following command:
apktool d test.apk
The code of this apk will be available in a folder named ‘test’. There will be smali files in the folder, which will have all the application code.
Search for text like ‘rooted’, ‘exiting’ or ‘root’ – according to the message which is being displayed when you start this application on a rooted phone. Note the name of the file which is containing this text, open it in a text editor.
Functionality will be like this:
- APK will check the device is rooted:
- if yes (e.g. equals to 0),
- if no (e.g. not equals to 0),
If you make the condition as ‘not equals to 0’, it will not exit and allow the application to run. After making this change, re-compile/build the APK by using apktool with following command:
apktool b test test-new.apk
A new apk will be created with the name test-new.apk, and then create a key and sign the apk with following commands:
keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore test-new.apk alias_name
Now the APK is built, signed and ready for installation. Install this APK by using ADB and now it will allow the application to run on a rooted Android device.