How does Riskminder DDNA check for malicious App leading to "jailbreak=true"
Article ID: 129139
Updated On:
Products
CA Rapid App Security
CA Advanced Authentication
CA API Gateway
Issue/Introduction
Broadcom DDNA looks for Apps on a client's phone that may have Rooted access that a client may be unaware of.
These are few applications that are reported to be used for rooting:
----------------------------------------------------------------------------------------------
ROM Manager
Lucky Patcher
InAppBillingService.COIN
App Quarantine
Superuser
SuperSU
magisk
RootCloak
Xposed Installer
Cydia Substrate
Hide My Root
Hide Rooting Lite
And below are the packages that we check to identify if a particular app is malicious
------------------------------------------------------------------------------------------------------------------------
"com.devadvance.rootcloak"
"com.devadvance.rootcloakplus"
"de.robv.android.xposed.installer"
"com.saurik.substrate"
"com.zachspong.temprootremovejb"
"com.amphoras.hidemyroot"
"com.amphoras.hidemyrootadfree"
"com.formyhm.hiderootPremium"
"com.formyhm.hideroot
"com.koushikdutta.rommanager"
"com.koushikdutta.rommanager.license"
"com.dimonvideo.luckypatcher"
"com.chelpus.lackypatch"
"com.ramdroid.appquarantine"
"com.ramdroid.appquarantinepro"
"com.android.vending.billing.InAppBillingService.COIN"
"com.chelpus.luckypatcher"
"com.noshufou.android.su"
"com.noshufou.android.su.elite"
"eu.chainfire.supersu"
"com.koushikdutta.superuser"
"com.thirdparty.superuser"
"com.yellowes.su"
How does Riskminder DDNA check for malicious App leading to "jailbreak=true"
These are few applications that are reported to be used for rooting:
----------------------------------------------------------------------------------------------
ROM Manager
Lucky Patcher
InAppBillingService.COIN
App Quarantine
Superuser
SuperSU
magisk
RootCloak
Xposed Installer
Cydia Substrate
Hide My Root
Hide Rooting Lite
And below are the packages that we check to identify if a particular app is malicious
------------------------------------------------------------------------------------------------------------------------
"com.devadvance.rootcloak"
"com.devadvance.rootcloakplus"
"de.robv.android.xposed.installer"
"com.saurik.substrate"
"com.zachspong.temprootremovejb"
"com.amphoras.hidemyroot"
"com.amphoras.hidemyrootadfree"
"com.formyhm.hiderootPremium"
"com.formyhm.hideroot
"com.koushikdutta.rommanager"
"com.koushikdutta.rommanager.license"
"com.dimonvideo.luckypatcher"
"com.chelpus.lackypatch"
"com.ramdroid.appquarantine"
"com.ramdroid.appquarantinepro"
"com.android.vending.billing.InAppBillingService.COIN"
"com.chelpus.luckypatcher"
"com.noshufou.android.su"
"com.noshufou.android.su.elite"
"eu.chainfire.supersu"
"com.koushikdutta.superuser"
"com.thirdparty.superuser"
"com.yellowes.su"
How does Riskminder DDNA check for malicious App leading to "jailbreak=true"
Environment
CA/Broadcom Android DDNA SDK
Resolution
These are few applications that are reported to be used for rooting:
----------------------------------------------------------------------------------------------
ROM Manager
Lucky Patcher
InAppBillingService.COIN
App Quarantine
Superuser
SuperSU
magisk
RootCloak
Xposed Installer
Cydia Substrate
Hide My Root
Hide Rooting Lite
And below are the packages that we check to identify if a particular app is malicious
------------------------------------------------------------------------------------------------------------------------
"com.devadvance.rootcloak"
"com.devadvance.rootcloakplus"
"de.robv.android.xposed.installer"
"com.saurik.substrate"
"com.zachspong.temprootremovejb"
"com.amphoras.hidemyroot"
"com.amphoras.hidemyrootadfree"
"com.formyhm.hiderootPremium"
"com.formyhm.hideroot
"com.koushikdutta.rommanager"
"com.koushikdutta.rommanager.license"
"com.dimonvideo.luckypatcher"
"com.chelpus.lackypatch"
"com.ramdroid.appquarantine"
"com.ramdroid.appquarantinepro"
"com.android.vending.billing.InAppBillingService.COIN"
"com.chelpus.luckypatcher"
"com.noshufou.android.su"
"com.noshufou.android.su.elite"
"eu.chainfire.supersu"
"com.koushikdutta.superuser"
"com.thirdparty.superuser"
"com.yellowes.su"
----------------------------------------------------------------------------------------------
ROM Manager
Lucky Patcher
InAppBillingService.COIN
App Quarantine
Superuser
SuperSU
magisk
RootCloak
Xposed Installer
Cydia Substrate
Hide My Root
Hide Rooting Lite
And below are the packages that we check to identify if a particular app is malicious
------------------------------------------------------------------------------------------------------------------------
"com.devadvance.rootcloak"
"com.devadvance.rootcloakplus"
"de.robv.android.xposed.installer"
"com.saurik.substrate"
"com.zachspong.temprootremovejb"
"com.amphoras.hidemyroot"
"com.amphoras.hidemyrootadfree"
"com.formyhm.hiderootPremium"
"com.formyhm.hideroot
"com.koushikdutta.rommanager"
"com.koushikdutta.rommanager.license"
"com.dimonvideo.luckypatcher"
"com.chelpus.lackypatch"
"com.ramdroid.appquarantine"
"com.ramdroid.appquarantinepro"
"com.android.vending.billing.InAppBillingService.COIN"
"com.chelpus.luckypatcher"
"com.noshufou.android.su"
"com.noshufou.android.su.elite"
"eu.chainfire.supersu"
"com.koushikdutta.superuser"
"com.thirdparty.superuser"
"com.yellowes.su"
Additional Information
None
Feedback
Yes
No
Powered by
