When activated, the Check calls the method, passing in the argument true if the device is rooted and false otherwise. When this argument is true—that is, when the Check detects rooting—the method saves a value to local storage, indicating the app is now dis­ abled. An accompanying property, IsDisabled, exposes the saved value:
// Definitions in TodoAzure.App
private const string DisabledPropertyKey = "AppStatus"; public static void DisableIfCompromised(bool wasCompromised) {
if (!wasCompromised) { return; } Current.Properties[DisabledPropertyKey] = new Random().Next(); SavePropertiesNow();
}
public static bool IsDisabled =>
Current.Properties.ContainsKey(DisabledPropertyKey);
After the app is disabled, future runs need to show an error message and exit. To do this, I overrode TodoAzure.LoginPage.On­ Appearing, which is called right before the Login Page is shown when the app starts. If the app is disabled, this method hides the Login Page, displays an error dialog and then exits.
// Definition in TodoAzure.LoginPage protected override async void OnAppearing() {
detected. Instead, I configured the Check to do this automatically by setting the Action Check Property to Exit.
When the Check detects a rooted device, it notifies the Sink and then immediately exits the app. By having the Check, rather than the Sink, perform this initial exit, I spread multiple copies of the exit logic through the app. Just as with multiple Locations, multiple copies of the exit logic allow the app to better defend itself when an attacker has removed some of the Root Checks.
Building and Testing the App
After configuring the Root Check, I exited the Check’s window by selecting OK, then I saved my changes to the Dotfuscator config file by choosing File | Save Project. I built TodoAzure.Droid in Visual Studio to test the protected app, in order to verify that I correctly con­ figured the Root Check to enforce the intended protection strategy.
I tested the app on a non­rooted device, on a rooted device and on an emulator. On the non­rooted device, the app functioned normally, allowing me to log in to view the to­do list. However, on the rooted device and on the emulator, after selecting the Login button, the app abruptly closed. After re­launching the app, the app displayed the error dialog shown in Figure 4; after I closed the dialog, the app exited once more. To view the Login Page again, I had to uninstall and then reinstall the app.
Wrapping Up
I hope this article has helped illuminate a way to effectively detect and respond to rooted Android devices using free tooling included with Visual Studio. While I used a well­known sample app as reference, you can apply the ideas introduced in this article to all kinds of Xamarin.Android apps and to various other
if (App.IsDisabled) {
IsVisible = false;
var message = "The security of this device has been compromised. "
+ " The app will exit.";
await DisplayAlert("App deactivated", message, "Exit App"); App.Exit(); // Delegates to platform-specific exit logic
} base.OnAppearing();
Because I also want to defend against reverse engineering, I took additional measures to ensure the app would be more resilient to such an attack. I used a vague name for the saved value, AppStatus, and set the value to a random number, which obscures the meaning of the value. I also configured Dotfuscator
}
to obfuscate the app, renaming identifiers like DisableIfCompromised, so an attacker viewing decompiled code will not easily identify this method as being of interest. For details on how I configured renaming obfuscation, see the sample’s README.
When the Check detects a rooted device, it notifies the Sink and then immediately exits the app.
Action: While the Sink (the DisableIf­ Compromised method) sets a property to ensure future runs of the app exit, it doesn’t itself exit the app when rooting is first
Figure 4 The Protected TodoAzure.Droid Running in an Emulator
protection strategies.
If you’re interested in learning more about
Checks, I recommend reading my previous MSDN Magazine article. In it, I discussed additional kinds of Checks that you can apply to .NET Framework apps and how using Checks can prevent data breaches.
You may also be interested in the advanced Check and obfuscation fea­ tures of Dotfuscator Professional Edition (bit.ly/2xgEZcs) or the companion tool for Java and traditional Android apps, PreEmptive Protection ­ DashO (bit.ly/2ffHTrN). You can keep up­to­date with all developments in Checks and PreEmptive Protection by fol­ lowing PreEmptive Solutions on Twitter (twitter.com/preemptive) and by visiting our blog (preemptive.com/blog). n
Joe Sewell is a software engineer and technical writer on the Dotfuscator team at PreEmptive Solutions. He has previously written for MSDN Magazine and the official Xamarin Blog.
ThankS to the following Microsoft technical expert for reviewing this article: David Britch
40 msdn magazine
Security