Root/Jailbreak Detection Implemented

Root/Jailbreak Detection Implemented

Risk: secure

Description

The application detected that it was running on a rooted/jailbroken device and responded by terminating, blocking sensitive functionality, or displaying a security warning.

This indicates the app performs runtime checks against known indicators of an elevated-privilege environment, reducing the impact of runtime instrumentation, sandbox bypass, and tampering attacks that depend on such an environment.

Recommendation

Links

• OWASP MASWE - Root/Jailbreak Detection Not Implemented (MASWE-0097)
• OWASP MASTG - Testing Root Detection (MASTG-TEST-0045)
• OWASP MASTG - Testing Jailbreak Detection (MASTG-TEST-0088)
• OWASP MASTG - Implementing Root Detection (MASTG-BEST-0030)
• OWASP MASVS - MASVS-RESILIENCE-1

Standards

• OWASP_MASVS_RESILIENCE:
  • MSTG_RESILIENCE_1
• OWASP_MASVS_v2_1:
  • MASVS_RESILIENCE_1
• PCI_STANDARDS:
  • REQ_6_2
  • REQ_6_3
• SOC2_CONTROLS:
  • CC_7_1
  • CC_7_2
• HIPAA_CONTROLS:
  • SECURITY212
  • SECURITY213
• OWASP_MOBILE_TOP_10:
  • M7_2024