mobile - How to prevent Rooted Android Phones from Installing my app?

Question

The purpose in this context is to prevent false high scores(my app is a game) from being reported in LeaderBoard. This occurred for Flappy Birds - see this link - http://www.androidpit.com/forum/589832/flappy-bird-high-score-cheat-set-your-own-high-score

Since a root user can do anything he wants with his mobile, I suppose none of the other work around will work and the only solution is to prevent rooted users from installing the app. Am I right? Is there a way to do it?

PS: My game doesn't need internet connection always, hence reporting the scores as and when it happens to another server is not viable. The high scores are reported to leaderboard only when internet connection is available.

Answer 1

I had a similar requirement. I couldn't achieve that app should not be installed on rooted device, but I used a work around for that:

• Check if your device is rooted in your activity's onResume.
• If its rooted, just show him alert "This device is rooted. You can't use this app.", and exit from application.

Example:

@Override
protected void onResume() {
    // TODO Auto-generated method stub
    super.onResume();
    if(new DeviceUtils().isDeviceRooted(getApplicationContext())){
        showAlertDialogAndExitApp("This device is rooted. You can't use this app.");
    }
}


public void showAlertDialogAndExitApp(String message) {

    AlertDialog alertDialog = new AlertDialog.Builder(MainActivity.this).create();
    alertDialog.setTitle("Alert");
    alertDialog.setMessage(message);
    alertDialog.setButton(AlertDialog.BUTTON_NEUTRAL, "OK",
            new DialogInterface.OnClickListener() {
                public void onClick(DialogInterface dialog, int which) {
                    dialog.dismiss();
                    Intent intent = new Intent(Intent.ACTION_MAIN);
                    intent.addCategory(Intent.CATEGORY_HOME);
                    intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
                    startActivity(intent);
                    finish();
                }
            });

    alertDialog.show();
}

DeviceUtis.java was a Utility class which returned if a device is rooted or not.

public class DeviceUtils {

    public Boolean isDeviceRooted(Context context){
        boolean isRooted = isrooted1() || isrooted2();
        return isRooted;
    }

    private boolean isrooted1() {

        File file = new File("/system/app/Superuser.apk");
        if (file.exists()) {
            return true;
        }
        return false;
    }

    // try executing commands
    private boolean isrooted2() {
        return canExecuteCommand("/system/xbin/which su")
                || canExecuteCommand("/system/bin/which su")
                || canExecuteCommand("which su");
    }
}

We had used 5 methods for testing, and I have just shown 2 here. You can use any of methods you find good.

Hope this helps.

P.S: I have put this call in all activity's onResume as user (with intention of hacking) can install application, navigate to some other activity, and then root device.