Add option to disable RootChecker

CHANGELOG.md

@@ -3,10 +3,22 @@
 ## Unreleased
 
 ### Features
+
 - Add support for Sentry Kotlin Compiler Plugin ([#2695](https://github.com/getsentry/sentry-java/pull/2695))
   - In conjunction with our sentry-kotlin-compiler-plugin we improved Jetpack Compose support for
     - [View Hierarchy](https://docs.sentry.io/platforms/android/enriching-events/viewhierarchy/) support for Jetpack Compose screens
     - Automatic breadcrumbs for [user interactions](https://docs.sentry.io/platforms/android/performance/instrumentation/automatic-instrumentation/#user-interaction-instrumentation)
+- More granular http requests instrumentation with a new SentryOkHttpEventListener ([#2659](https://github.com/getsentry/sentry-java/pull/2659))
+    - Create spans for time spent on:
+        - Proxy selection
+        - DNS resolution
+        - HTTPS setup
+        - Connection
+        - Requesting headers
+        - Receiving response
+    - You can attach the event listener to your OkHttpClient through `client.eventListener(new SentryOkHttpEventListener()).addInterceptor(new SentryOkHttpInterceptor()).build();`
+    - In case you already have an event listener you can use the SentryOkHttpEventListener as well through `client.eventListener(new SentryOkHttpEventListener(myListener)).addInterceptor(new SentryOkHttpInterceptor()).build();`
+- Add a new option to disable `RootChecker` ([#2735](https://github.com/getsentry/sentry-java/pull/2735))
 
 ### Fixes
 
@@ -24,16 +36,6 @@
 
 ### Features
 
-- More granular http requests instrumentation with a new SentryOkHttpEventListener ([#2659](https://github.com/getsentry/sentry-java/pull/2659))
-    - Create spans for time spent on:
-        - Proxy selection
-        - DNS resolution
-        - HTTPS setup
-        - Connection
-        - Requesting headers
-        - Receiving response
-    - You can attach the event listener to your OkHttpClient through `client.eventListener(new SentryOkHttpEventListener()).addInterceptor(new SentryOkHttpInterceptor()).build();`
-    - In case you already have an event listener you can use the SentryOkHttpEventListener as well through `client.eventListener(new SentryOkHttpEventListener(myListener)).addInterceptor(new SentryOkHttpInterceptor()).build();`
 - Add Screenshot and ViewHierarchy to integrations list ([#2698](https://github.com/getsentry/sentry-java/pull/2698))
 - New ANR detection based on [ApplicationExitInfo API](https://developer.android.com/reference/android/app/ApplicationExitInfo) ([#2697](https://github.com/getsentry/sentry-java/pull/2697))
     - This implementation completely replaces the old one (based on a watchdog) on devices running Android 11 and above:

sentry-android-core/api/sentry-android-core.api

@@ -224,6 +224,7 @@ public final class io/sentry/android/core/SentryAndroidOptions : io/sentry/Sentr
 	public fun isEnableAutoActivityLifecycleTracing ()Z
 	public fun isEnableFramesTracking ()Z
 	public fun isEnableNetworkEventBreadcrumbs ()Z
+	public fun isEnableRootCheck ()Z
 	public fun isEnableSystemEventBreadcrumbs ()Z
 	public fun setAnrEnabled (Z)V
 	public fun setAnrReportInDebug (Z)V
@@ -239,6 +240,7 @@ public final class io/sentry/android/core/SentryAndroidOptions : io/sentry/Sentr
 	public fun setEnableAutoActivityLifecycleTracing (Z)V
 	public fun setEnableFramesTracking (Z)V
 	public fun setEnableNetworkEventBreadcrumbs (Z)V
+	public fun setEnableRootCheck (Z)V
 	public fun setEnableSystemEventBreadcrumbs (Z)V
 	public fun setNativeSdkName (Ljava/lang/String;)V
 	public fun setProfilingTracesHz (I)V

sentry-android-core/src/main/java/io/sentry/android/core/DefaultAndroidEventProcessor.java

@@ -102,7 +102,9 @@ public DefaultAndroidEventProcessor(
   private @NotNull Map<String, Object> loadContextData() {
     Map<String, Object> map = new HashMap<>();
 
-    map.put(ROOTED, rootChecker.isDeviceRooted());
+    if (options.isEnableRootCheck()) {
+      map.put(ROOTED, rootChecker.isDeviceRooted());
+    }
 
     final String kernelVersion = ContextUtils.getKernelVersion(options.getLogger());
     if (kernelVersion != null) {

sentry-android-core/src/main/java/io/sentry/android/core/ManifestMetadataReader.java

@@ -90,6 +90,8 @@ final class ManifestMetadataReader {
 
   static final String SENTRY_GRADLE_PLUGIN_INTEGRATIONS = "io.sentry.gradle-plugin-integrations";
 
+  static final String ENABLE_ROOT_CHECK = "io.sentry.enable-root-check";
+
   /** ManifestMetadataReader ctor */
   private ManifestMetadataReader() {}
 
@@ -341,6 +343,9 @@ static void applyMetadata(
             SentryIntegrationPackageStorage.getInstance().addIntegration(integration);
           }
         }
+
+        options.setEnableRootCheck(
+            readBool(metadata, logger, ENABLE_ROOT_CHECK, options.isEnableRootCheck()));
       }
 
       options

sentry-android-core/src/main/java/io/sentry/android/core/SentryAndroidOptions.java

@@ -5,6 +5,7 @@
 import io.sentry.Sentry;
 import io.sentry.SentryOptions;
 import io.sentry.SpanStatus;
+import io.sentry.android.core.internal.util.RootChecker;
 import io.sentry.protocol.SdkVersion;
 import org.jetbrains.annotations.ApiStatus;
 import org.jetbrains.annotations.NotNull;
@@ -136,6 +137,12 @@ public final class SentryAndroidOptions extends SentryOptions {
 
   private @Nullable String nativeSdkName = null;
 
+  /**
+   * Controls whether to enable the {@link RootChecker}, which can potentially make apps to be
+   * flagged by some app stores as harmful.
+   */
+  private boolean enableRootCheck = true;
+
   public SentryAndroidOptions() {
     setSentryClientName(BuildConfig.SENTRY_ANDROID_SDK_NAME + "/" + BuildConfig.VERSION_NAME);
     setSdkVersion(createSdkVersion());
@@ -426,4 +433,12 @@ public void setNativeSdkName(final @Nullable String nativeSdkName) {
   public @Nullable String getNativeSdkName() {
     return nativeSdkName;
   }
+
+  public boolean isEnableRootCheck() {
+    return enableRootCheck;
+  }
+
+  public void setEnableRootCheck(final boolean enableRootCheck) {
+    this.enableRootCheck = enableRootCheck;
+  }
 }

sentry-android-core/src/test/java/io/sentry/android/core/DefaultAndroidEventProcessorTest.kt

@@ -576,4 +576,13 @@ class DefaultAndroidEventProcessorTest {
             assertNull(thread.isMain)
         }
     }
+
+    @Test
+    fun `does not perform root check if root checker is disabled`() {
+        fixture.options.isEnableRootCheck = false
+        val sut = fixture.getSut(context)
+
+        val contextData = sut.contextData.get()
+        assertNull(contextData[ROOTED])
+    }
 }

sentry-android-core/src/test/java/io/sentry/android/core/ManifestMetadataReaderTest.kt

@@ -1243,4 +1243,29 @@ class ManifestMetadataReaderTest {
         assertNotNull(resultingSet)
         assert(resultingSet.containsAll(listOf("Database Instrumentation", "OkHttp Instrumentation")))
     }
+
+    @Test
+    fun `applyMetadata reads enable root checker to options`() {
+        // Arrange
+        val bundle = bundleOf(ManifestMetadataReader.ENABLE_ROOT_CHECK to false)
+        val context = fixture.getContext(metaData = bundle)
+
+        // Act
+        ManifestMetadataReader.applyMetadata(context, fixture.options, fixture.buildInfoProvider)
+
+        // Assert
+        assertFalse(fixture.options.isEnableRootCheck)
+    }
+
+    @Test
+    fun `applyMetadata reads enable root check and keep default value if not found`() {
+        // Arrange
+        val context = fixture.getContext()
+
+        // Act
+        ManifestMetadataReader.applyMetadata(context, fixture.options, fixture.buildInfoProvider)
+
+        // Assert
+        assertTrue(fixture.options.isEnableRootCheck)
+    }
 }