Determine if running on a rooted device

Question

My app has a certain piece of functionality that will only work on a device where root is available. Rather than having this feature fail when it is used (and then show an a

Answer 1

Update 2017

You can do it now with Google Safetynet API. The SafetyNet API provides Attestation API which helps you assess the security and compatibility of the Android environments in which your apps run.

This attestation can helps to determine whether or not the particular device has been tampered with or otherwise modified.

The Attestation API returns a JWS response like this

{
  "nonce": "R2Rra24fVm5xa2Mg",
  "timestampMs": 9860437986543,
  "apkPackageName": "com.package.name.of.requesting.app",
  "apkCertificateDigestSha256": ["base64 encoded, SHA-256 hash of the
                                  certificate used to sign requesting app"],
  "apkDigestSha256": "base64 encoded, SHA-256 hash of the app's APK",
  "ctsProfileMatch": true,
  "basicIntegrity": true,
}

Parsing this response can help you determine if device is rooted or not

Rooted devices seem to cause ctsProfileMatch=false.

You can do it on client side but parsing response on server side is recommend. A basic client server archtecture with safety net API will look like this:-