Android device Not Rooted but RiskAuthentication indicates "jailbreak=true"

book

Article ID: 128531

calendar_today

Updated On:

Products

CA Rapid App Security CA Advanced Authentication CA API Gateway

Issue/Introduction

CA Risk Authentication Android SDK DDNA detects and informs "jailbreak=true" if the customer has "Root Access" and is using software say Magisk or Xposed on a rooted Android device. The issue discussed in this document is that customer reported that CA Risk Authentication SDK reported "jailbreak=true" where the Android Device did not have Root Access.



 

Cause

The Android device is possibly running a malicious App (in this case "Lucky Patcher") as shown below. Such Apps have gained Rooted access on the customer device.

<Please see attached file for image>

User-added image

Environment

An Android Device using CA Risk Authentication Device DNA SDK (DDNA)

Resolution

1. First collect all the Apps installed on the Android Device in question.
2. Examine the App listing #1 above for any malicious Apps.
3. Verify if Magdisk's (or similar software) screens to see if there is intended root access on the device by the device owner. "NOT ROOTED" in the Magdisk screen below indicateds the device was not intentionally Rooted.


<Please see attached file for image>

User-added image

3. Remove any unintended malicious Apps for example in his case "Lucky Patcher"
 

Additional Information

None.

Attachments

1558689281991000128531_sktwi1f5rjvs16fvd.jpeg get_app
1558689279268000128531_sktwi1f5rjvs16fvc.jpeg get_app