• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Test if Phone was Ever Root-ed

Thom

Thom

 
VIP Member
People buy phones from an untrusted sources.

If the phone is un-root-ed I recommend that the first thing they do when they receive the phone is a Factory Data Reset.

You can clearly determine if the phone is currently root-ed.

Is there a guaranteed way to determine if it was ever root-ed? The scenario is ... untrusted source root-s the phone, makes a modification, un-root-s the phone, and sells it to someone with the hidden modification still in place.

An example of an annoying problem verses a full blown attack would be ... untrusted source root-s phone, uninstalls some preinstalled software (AKA bloatware), remove root, and sells phone. Next owner later gets an OTA (over the air) system update to the phone and it fails because the pre-installed software is missing.

... Thom
 
Interesting question. It would depend on how much effort someone went to to hide it and what phone model they have.

For example, with an S-On HTC you could tell that the bootloader had been unlocked, even if it had since been relocked. Wouldn't tell you the current ROM had been altered, but would indicate that the phone had been modded at some point. But if the phone was S-Off you could reset the lock flag, then set the phone S-On, and there would be no indication.

A Samsung with a tripped Knox fuse would be a give-away, but that's rather device-specific and hardly a general test.

And if we assume the person removed both the SU app and the superuser binaries from the ROM I can't think of a simple way of telling from the system software.

So the best I can think of is to check whether there are signs of the bootloader being unlocked. As noted above, someone who is really trying to hide it and knows what they are doing may well be able to, but it will at least provide an indication in many cases.

Of course if they unrooted by flashing a complete set of official software of the right branding for the phone then there's no problem. Otherwise, if you want to be absolutely certain, that's what the buyer would have to do: reflash the phone completely.
 
In Motorola a while back there was a single bit that was set if it was ever root-ed and there was no way to reset it other than to have the carrier re-flash the phone. I don't think that ever survived. (They were denying service to phones that were root-ed or ever had been root-ed.)

The concern is consumer protection when buying a used phone ... especially for consumer who have no idea what root-ing is.

Can they take any phone that they obtained this way to their carrier and have it re-flashed? That would guarantee the correct starting point for them.

... Thom
 
I've no experience of asking carriers to reflash a phone. I'd expect that they could do it if the phone was originally one of theirs (whether they would, what they'd charge, I don't know. I could imagine it depending who you spoke to).

If not I don't know: for example, an HTC RUU package will check the customer ID, so if someone buys an HTC that was originally locked to a different network but has now been unlocked, the new carrier's RUU will refuse to update it. Of course there are ways, but I don't know how far the carrier would be prepared to go for the customer in this circumstance.

But any phone, my guess is probably not. If the model isn't one the new carrier ever sold themselves I can't imagine they'd want to do anything.
 
Think it depends on the phone, if you can tell if it was ever rooted or not. Many recent Samsungs have the Knox counter or e-fuse, which can't be user reset AFAIK. The whole idea of Knox is to ensure the phone hasn't been tampered with, integrity of the firmware and only authorised apps and services can start at boot, it's trusted secure boot. Verizon Droid phones might have a locked bootloader, and if it's unlocked, can the manufacturer's lock be restored or not. On the other hand things like Oppos, Xiaomis, Vivos and some other Chinese phones, can very easily be restored to a factory unrooted state, and there's absolutely no way of determining if they were ever rooted or not.
 
You must log in or register to reply here.
Back
Top Bottom