简体繁体 English

用于生根设备的Android广播接收器

[英]Android Broadcast receiver for rooting device

原文 2015-09-10 09:19:58 1 1 android/ broadcastreceiver/ root

I use RootTools library and RootTools.isRootAvailable() function to know if device is rooted or no. 我使用RootTools库和RootTools.isRootAvailable()函数来了解设备是否已root。 I use it when phone is Booted in broadcast receiver. 手机在广播接收器中启动时使用它。 If device is rooted I delete all my secure data. 如果设备已启动，则删除所有安全数据。
Not long time ago I have seen video where user has root his phone, after installing 3 apps and do some manipulation in them. 不久前，在安装3个应用并对其进行一些操作后，我看到了用户已将其手机扎根的视频。 Interesting he has SU privileges and he see all aps data without reboot his phone. 有趣的是，他具有SU特权，并且无需重新启动手机即可查看所有aps数据。 My question how we can secure our apps data in phone, maybe Android has broadcast receiver on root access, maybe I must listen some other collections of receivers or we must generate service that will check root access in some period? 我的问题是我们如何才能确保手机中的应用程序数据的安全，也许Android已通过根访问权限广播了接收器，也许我必须收听其他一些接收器集合，或者我们必须生成将在一段时间内检查根访问权限的服务？

1 个解决方案

There is no such thing as an event (Broadcast or other) that tells you 'The device has been rooted right now'. 没有事件（广播或其他事件）告诉您“设备已立即植根”。 Even if it existed, it would be easy to defeat : just force-stop the application before rooting. 即使存在，也很容易失败：只需在生根之前强制停止应用程序。 By the way this also prevent your application to receive the BOOT_COMPLETED event. 顺便说一句，这还阻止您的应用程序接收BOOT_COMPLETED事件。
There is no definitive protection against rooted devices. 没有针对生根设备的明确保护。 You cannot trust a compromised system to tell you that it has been compromised. 您不能信任受到威胁的系统来告诉您它已经遭到破坏。

The best solution I can think of would be to 我能想到的最佳解决方案是

Encrypt your beloved data, so they are useless without the secret key. 加密您心爱的数据，因此如果没有密钥，它们将毫无用处。
Each time you need them, try to get some clue if the system is secure before decrypting them in memory. 每次需要它们时，请先获取一些有关系统是否安全的线索，然后再将其解密到内存中。

this leaves the problem of hiding the secret key (if you don't want to ask the user) 这留下了隐藏密钥的问题（如果您不想询问用户）