firebase-android-sdk icon indicating copy to clipboard operation
firebase-android-sdk copied to clipboard
verified publisher icon firebase

CommonUtils.isRooted() does not work as expected anymore. (Android 12 and above)

Open harvsu opened this issue 2 years ago • 3 comments

[READ] Step 1: Are you in the right place?

Issues filed here should be about bugs in the code in this repository. If you have a general question, need help debugging, or fall into some other category use one of these other channels:

  • For general technical questions, post a question on StackOverflow with the firebase tag.
  • For general Firebase discussion, use the firebase-talk google group.
  • For help troubleshooting your application that does not fall under one of the above categories, reach out to the personalized Firebase support channel.

[REQUIRED] Step 2: Describe your environment

  • Android Studio version: 17
  • Firebase Component: Crashltytics
  • Component version: 18.3.1

[REQUIRED] Step 3: Describe the problem

Current Code:

    file = new File("/system/xbin/su");
    if (!isEmulator && file.exists()) {
      return true;
    }

CommonUtils.isRooted() does not work as expected. On devices Android 31 and above, due to the stricter file access permissions, there is no access to system/xbin folder via File() object and it always returns false regardless of the device being rooted. The above code snippet always returns false thats failing the logic.

Steps to reproduce:

  • Invoke root detection using isRooted() method in CommonUtils.java

Relevant Code:

public static boolean isRooted() { final boolean isEmulator = isEmulator(); final String buildTags = Build.TAGS; if (!isEmulator && buildTags != null && buildTags.contains("test-keys")) { return true; }

// Superuser.apk would only exist on a rooted device:
File file = new File("/system/app/Superuser.apk");
if (file.exists()) {
  return true;
}

// su is only available on a rooted device (or the emulator)
// The user could rename or move to a non-standard location, but in that case they
// probably don't want us to know they're root and they can pretty much subvert
// any check anyway.
file = new File("/system/xbin/su");
if (!isEmulator && file.exists()) {
  return true;
}
return false;

}

harvsu avatar Nov 07 '23 21:11 harvsu

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.

google-oss-bot avatar Nov 07 '23 21:11 google-oss-bot

Hi @harvsu, thanks for reaching out. I was able to reproduce the same behavior. I'll let our engineers know and see what we can do here.

argzdev avatar Nov 08 '23 14:11 argzdev

Just an update, it seems that due to Android 13 behavior changes, this was affected. And upon further investigation, it doesn't seem that there's a reliable way to retrieve the file without manual user intervention. That said, we'll internally track it here at b/313038988, and post back here once we have updates. Thanks!

argzdev avatar Nov 24 '23 10:11 argzdev

We are tracking this issue internally, and will update docs when a fix has been addressed.

anitdas avatar Jun 06 '24 19:06 anitdas