Challenge Overview
Overview
The practice of rooting Android phone and tablets is common and it allows users to get administrative access on their devices. There are several approaches and tools to rooting an Android device. Rooting can be implemented via simple client-side apps or via more sophisticated solutions which have a client-server architecture
We would like to leverage the Topcoder community to to build an application to detect rooting of Android devices. Please read on to understand the complete requirements of what we’re trying to build. This ideation challenge is meant to solicit detailed ideas on what’s the best approach to build this tool and flesh out the various aspects of how it would work.
Requirements
-
It is expected that the tool can work with Android 6.x and Android 7.x operating system. The primary devices for this tool are Google Pixel, Nexus 5x and 6P.
-
The core requirements of this tool are
-
Be able to determine whether a device is rooted or not
-
Be able to handle false positives
-
Be able to bypass detection of app by active rooting
-
As an example, some utilities use one or more of the following approaches for detecting jailbreaks.
-
Check for superuser APK
-
Try to execute the su command
-
Check for test-keys in build tag
These are merely examples - while you can use leverage one or more of these approaches, all the functionality in proposed tool can’t be built using just the above.
Assumptions
Although you’re free to propose a client-side only solution, our findings so far suggest that a server-based solution will be better suited. If you do propose a solution which has a server component, you can safely assume the following
-
A trusted (authenticated + encrypted) channel exists between the app and the server
-
There will be a network of ~1000 users on the server, across which data can be compared
Deliverables
You are expected to submit a detailed document (minimum 3-4 pages) explaining your proposed approach for building this tool which can successfully detect whether a device is rooted or not. Make sure to include details on the architecture
-
Whether your solution is only client-side or client side + server side. If the latter, please describe the client-server interaction flows
-
Do NOT just submit links to any rooting utilities. We are NOT building a tool to root devices. We are building a tool which can detect jailbroken devices.
-
Submission should provide a clear direction on how the tool can be implemented - which APIs should be used, how will it be deployed etc. Be as detailed as possible.
-
Include details on how your tool will detect a false positive and bypass detection
-
If your submission relies on an existing open source package, please clearly mention those with appropriate licensing terms.
Review Criteria
The submissions will be reviewed by the client and will be rated based on the feasibility of implementation, level of attention to detail and how well the submissions matches to the requirements mentioned above. Only submissions that the client deems as passable will be chosen for awarding prizes. There will be no appeals or appeals response.
References
Here are some examples which should help you understand rooting, rooting detection, and anomaly analysis better.