Rooting (Magisk, KernelSU)
A rooted device has superuser access, removing the OS security guarantees your app relies on.
What it is
Rooting grants superuser access to a device (e.g. via Magisk or KernelSU), letting protections like the sandbox and signature checks be bypassed.
How attackers use it
Root is often the precondition for hooking, memory dumping and system tampering — the foundation that enables other attacks.
How Appsolid detects it
Multi-signal root detection
Combines su binaries in standard paths, build tags/properties (e.g. test-keys), and Magisk/KernelSU artifacts in /proc/self/mountinfo.
Clean exit on detection + report
On detection it reports a ROOT event to the dashboard and exits cleanly.
Honest scope: Root owns the kernel, so userspace checks are inherently advisory. Legitimate users exist (developers, custom ROMs), so it's opt-in and designed to clean-exit rather than brick a device on a false positive.