Mobile Forensics
Mobile Forensics
Mobile Forensics
  • Introduction
  • Preparations
    • Knowledge
    • Safety
    • Trust
    • Backup
  • Methodology
  • Checking Windows Computers
    • Review Programs Launching at Startup
    • Review Running Processes
    • Review Network Connections
    • Extract Data for Further Analysis
  • Checking Mac Computers
    • Review Programs Launching at Startup
    • Review Running Processes
    • Review Kernel Extensions
    • Review Network Connections
    • Review XProtect Logs
    • Extract Data for Further Analysis
  • Checking Smartphones
    • Note: curriculum
    • Smartphone System Architecture
    • Check Devices Linked to Chat Applications
    • Check for Suspicious Messages
    • Monitor Network Traffic
    • Note: Monitoring Network Traffic on Linux
  • Checking Android Devices Basic
    • Review Installed Applications
    • Check Storage
    • Check if the Phone is under Android Device Policy
    • Check if the Phone is Rooted
    • Check if Developer Options is Enabled
    • Analyze Applications
    • Extract Data for Further Analysis
    • Optional : Check for Indicators of Stalkerware Installation
  • Checking Android Devices Advanced
    • Wireshark
    • MVT
    • Other Tools
  • Checking iOS Devices
    • Review iCloud Accounts
    • Review Installed Applications
    • Check for Mobile Device Management Profiles
    • Check for Shortcuts
    • Check for Jailbreaks
    • Enable and Check App Privacy Report
    • Extract Data for Further Analysis
    • Analyzing Extracted Data
    • About Lockdown Mode
  • Checking Devices Remotely
    • Mac Computers
    • Android
  • Concluding a Forensic Gathering
  • References and Further Learning
  • License and Credits
Powered by GitBook
On this page
  • What is "root"?
  • Look for Root-Related Applications
  • Check with Root Verifier
  1. Checking Android Devices Basic

Check if the Phone is Rooted

PreviousCheck if the Phone is under Android Device PolicyNextCheck if Developer Options is Enabled

Last updated 3 years ago

What is "root"?

"root" is a system superuser account on all Android systems (actually all UNIX-like operating systems, including Linux, macOS and iOS). The root user is allowed to do anything on the system. Usually, only a few (but not all) system processes run as root. User applications never run as root, but in less privileged (normal) accounts.

Sometimes, users want to customize the system in a way not allowed for normal accounts, such as to remove the built-in apps installed by the vendor ("bloatware") to release storage space. In this case, users need to "root" their system, which means to obtain direct control of the "root" account on the system.

Rooting generally involves:

  1. Unlock the device bootloader.

  2. Flash a custom "recovery operating system" (often just called "recovery"), which is a minimal operating system living on a separate storage partition. The original purpose of recovery is to install system updates.

  3. Using the custom recovery, flash (install) the root bundle.

In the rooting process, important system security features are disabled (such as bootloader unlock). A rooted system also adds more attack vector to the system.

Look for Root-Related Applications

When a phone is rooted, the process often involves installing an application to manage root access, most of the time (or on old versions of Android). One first step is to check if the Magisk application is installed. You can check directly for the icon in your main menu, or go to Settings > Applications and search the application.

Check with Root Verifier

Once installed, you can launch the application. The interface is really simple, you just need to click on "CHECK" and wait for the result.

Root Verifier is an application that check if an Android Phone is rooted through different techniques. You can install it from the or from the .

open source
Google Play Store
F-Droid repository
Magisk
SuperSU