Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Your device is rooted #33

Open
CyberDomovoy opened this issue Dec 21, 2020 · 10 comments
Open

Your device is rooted #33

CyberDomovoy opened this issue Dec 21, 2020 · 10 comments

Comments

@CyberDomovoy
Copy link

Device: Fairphone FP3
OS: /E/OS

This is a brand new install of the OS, everything was erased, there should be no trace of a previous root.
The procedure i followed:
_ OEM unlock
_ Flash /e/os as instructed here, ignoring the "Installing a custom recovery" part.
_ Boot the system
_ OEM lock (in developer options)
_ Install AirGap-vault

The OS works fine, dm-verity doesn't complain, i did not even try to root the phone.
When starting AirGap vault, it tells me "Your device is rooted", why is that? how can i fix this?

Thanks

@AndreasGassmann
Copy link
Member

The root detection is done with the following library: https://github.com/scottyab/rootbeer

They have a sample app that should give you more insights on the cause of this issue. I'm not an android expert, but as far as I know, the library checks if it can perform certain actions that are not allowed on a stock operating system, and if certain apps are installed. If this indeed is a false positive, then we rely on the library to fix it.

Over the next few months we are planning to make the root detection less strict. But we have to be careful here, because if the root detection is triggered, then it means that something isn't as it should be. And this might lead to a device that is less secure than expected. So we can't simply turn it off without losing an important security mechanism.

Could you share some more details about the issues after installing the rootbeer sample app?

@CyberDomovoy
Copy link
Author

Hi, thanks for the quick response.
Unfortunately, it seems the rootbeer only propose installation from google play.
Since i don't have, and don't want, a google account registered on that phone (the whole point of /e/OS is to get rid of google), this method is not available to be.

So i installed it from this source, hoping it wouldn't compromise my phone's security (anyway, once this issue is solved, i'll just reflash the whole thing).

It raises one negative flag: "DANGEROUS PROPS"
Watching at rootbeer sources, i ended running an adb shell:

$ getprop ro.debuggable                                                  
1
$ getprop ro.secure                                                      
1

It seems that ro.debuggable is the culprit.

As i understand it, there is no way to change it without rebuilding the rom, right?
Anyway, it seems that this is a problem from /e/OS, not rootbeer, and even less AirGap.
Thanks for the help.

@AndreasGassmann
Copy link
Member

Thanks for the investigation.

As i understand it, there is no way to change it without rebuilding the rom, right?

That definitely exceeds my knowledge around android. We'll try to take a look at this as soon as possible, but because of the holidays it might take a while.

Sadly, I don't think there is anything you can do at the moment. You might be able to build AirGap yourself and disable the root detection. But I think it's not as easy as turning it off, because there are also some root-related checks when accessing the secure storage, which will fail if root detection is triggered. And I'm not sure how easy it is to bypass/disable that entirely.

@CyberDomovoy
Copy link
Author

Thanks, but i believe the problem is not yours to fix, as this is a know problem for /e/OS: Is it possible to provide user builds instead of userdebug?

@AndreasGassmann
Copy link
Member

Thanks for letting us know.

We'll leave this issue open as a reminder to let you and others know when we release the root detection changes I mentioned. (Or if /e/OS fixes the problem).

@trymeouteh
Copy link

I now have the same issue with my LineageOS non-rooted bootloader unlocked phone. I like that the app warns you that your device is rooted but I do not like it will refuse to run if it detects the device is rooted.

Please allow for the app to run by having the user check off a box saying "I understand the risks" or something along the line. Coinomi does this to warn the user their phone is rooted or detects it something maybe wrong and there is a security risks but does not refuse to run.

@tepsys
Copy link

tepsys commented Aug 5, 2021

I am having this issue on a Oneplus 6t running non-rooted lineageOS (though without gapps) as well. I'm not sure what is causing it in lineage, but the idea suggested by @trymeouteh seems like a simple fix for people that understand the risks running it on rooted devices.

After having a little free time, it seems to be the same cause for lineage. Rebuilding lineage as "user" variant, allows Vault to be installed. Both build variants "eng" and "userdebug", fail to pass the test https://apkpure.com/rootbeer-sample/com.scottyab.rootbeer.sample

@climu
Copy link

climu commented Aug 30, 2021

I am affected on a Sony Xperia Z5 compact and Z3 compact with non-rooted LineageOS.
I agree that users should be able to run the software on their machine with the OS of their choosing. A fair warning should be enough.

@Ermylion
Copy link

Ermylion commented Jan 6, 2024

Thanks for letting us know.

We'll leave this issue open as a reminder to let you and others know when we release the root detection changes I mentioned. (Or if /e/OS fixes the problem).

I think that the whole problem is mostly in the library used; I think that the list of parameters for checking root rights needs to be shortened. As for me, it’s enough to remove the points "checkTestKeys" and "checkForDangerousProps"

@vksputnik
Copy link

Installed Lineage 18.1 custom firmware on my Xiaomi mi4 based on Android 11 and I am getting the same error. So any custom firmware installed via TWRP is not suitable, only official MIUI?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

7 participants