How can Android's Copy Protection check if the device is rooted? _问答_开发者

How can Android's Copy Protection check if the device is rooted?

开发者 https://www.devze.com 2023-04-12 10:36 出处：网络

On http://developer.android.com/guide/publishing/licensing.html, under section \"Replacement for Copy Protection\" it says:

On http://developer.android.com/guide/publishing/licensing.html, under section "Replacement for Copy Protection" it says:

A limitation of the legacy Copy Protection mechanism on Android Market is that applications using it can be installed on开发者_如何学Goly on compatible devices that provide a secure internal storage environment. For example, a copy-protected application cannot be downloaded from Market to a device that provides root access, and the application cannot be installed to a device's SD card.

How can Android's - meanwhile deprecated - Copy Protection check whether the device is rooted? Afaik it's not possible, also according to Dianne Hackborn (see How can you detect if the device is rooted in the app?). So that can only mean, the check is done by some (unknown the the public) obfuscated criteria check, obviously not just a simple check whether the 'su' command exists, I suppose. Does anybody know more about that check logic - or how secure that is?

This is what I use:

public static boolean isDeviceRooted () {
    boolean ret = false;
    String path = null;
    Map<String,String> env = System.getenv();

    if (env != null && (path = env.get("PATH")) != null) {
        setDevicePath(path);
        String [] dirs = path.split(":");
        for (String dir : dirs){
            String suPath = dir + "/" + "su";
            File suFile = new File(suPath);
            if (suFile != null && suFile.exists()) {
                setSuLocation(suPath);
                ret = true;
            }
        }
    }
    return ret;
}

Theoretically, it's not going to work in all cases, because a user can put 'su' to a non-standard location, which is not in a PATH, but practically if he does that, other applications that need to know where 'su' is won't find it either, so the purpose of rooting will be defeated.

While the presence of the Superuser app isn't a perfect way to tell if the phone is rooted its a pretty indicator that it might be. Why not just check to see if the package com.noshufou.android.su is installed?

I've never tried it but I don't see why it wouldn't work.

We would clearly state in the sales information that the app doesn't run on rooted devices.

This will definitely affect your install rate. Although you are planning to sell your app for $1000, that is going to have a much worse effect than anything else you could to it.