Android device Not Rooted but RiskAuthentication indicates "jailbreak=true"


Article ID: 128531


Updated On:


CA Rapid App Security CA Advanced Authentication CA API Gateway


CA Risk Authentication Android SDK DDNA detects and informs "jailbreak=true" if the customer has "Root Access" and is using software say Magisk or Xposed on a rooted Android device. The issue discussed in this document is that customer reported that CA Risk Authentication SDK reported "jailbreak=true" where the Android Device did not have Root Access.



The Android device is possibly running a malicious App (in this case "Lucky Patcher") as shown below. Such Apps have gained Rooted access on the customer device.

<Please see attached file for image>

User-added image


An Android Device using CA Risk Authentication Device DNA SDK (DDNA)


1. First collect all the Apps installed on the Android Device in question.
2. Examine the App listing #1 above for any malicious Apps.
3. Verify if Magdisk's (or similar software) screens to see if there is intended root access on the device by the device owner. "NOT ROOTED" in the Magdisk screen below indicateds the device was not intentionally Rooted.

<Please see attached file for image>

User-added image

3. Remove any unintended malicious Apps for example in his case "Lucky Patcher"

Additional Information



1558689281991000128531_sktwi1f5rjvs16fvd.jpeg get_app
1558689279268000128531_sktwi1f5rjvs16fvc.jpeg get_app