Many Android users enjoy rooting their device – it is, after all, supposed to be a totally open-source operating system. However, some device brands and app developers don’t want us rooting our devices and go out of their way to cause headaches for us when we do root our devices. This means that some apps simply refuse to launch if it detects that your Android device is rooted.
Now normally, you can always go with a systemless root method, or some form of root-hiding (not always reliable) to prevent apps from detecting that your Android device is rooted. Or, we can go the super nerdy way, and tear apart those APKs and rebuild them to just not detect root at all. This guide is exactly for that, so lets roll up our sleeves, because our hands are going to get dirty.
Warning: This tutorial assumes you have some basic knowledge of hex editing and things of that nature. This is NOT something for beginners to try! Also note that this is not a one-method-fits-all tutorial, it is more of a general guideline for how to accomplish what we want. There is some trial and error involved for different apps and root detection / tampering detection methods employed by app developers!
Related Appual’s Guides:
- ADB Tools on your PC (see Appual’s guide “How to Install ADB on Windows”)
- An APK decompiler like APK Easy Tool
How to Remove Root Detection from APKs
Start by decompiling the APK (read Appual’s guide on decompiling APKs if you’ve never done this before).
Now search the APK folder structure for any files container the term “superuser” or “supersu” or “rooted”. For example, you would find something like:
Now open the relevant .smali file in a code editor like Notepad++, and change the const-string entries with any root-related APKs or directories to something that doesn’t exist.
Now recompile and sign the app (check the “Sign APK after Compile” box) and that’s it!
How to Remove Tampering Detection from APKs
After doing the above steps, some apps may have some sort of built-in APK tampering / modification detection, especially bank apps. For this, we need to remove the tamper protection, and this isn’t 100% reliable.
If you launch the app and get a message like “The application appears to have been modified or corrupted”, write down that exact message.
Now search the main strings file (typically “res\values\strings.xml”) for the message that was displayed.
Take note of the string’s name, for example “tamper_block_message_default” and search for it in the public.xml file, which is usually found in the same folder as the strings.xml file.
Take note of the hexadecimal ID, and search the APK for the hex string. In the app we’re testing this method with, it was found in smali_classes2/com/usaa/mobile/android/app/core/protection/TamperActions.smali
Open the relevant .smali file in Notepad++ (or similar coding editor) and find the line that contains the hexadecimal ID. This is the line / section that is triggering the tampering protection.
What we want to do here is scroll up from that line until we find what its housed in, for example an if= statement or a try block.
This may take some trial and error, but you want to make a way for the problematic block to never execute. So for example, if the line was housed in an if= statement, and the tamper protection fired when v0 is set to something other than 0.
What we would do in this case would make sure that v0 always equals 0, for example by adding the line:
const/4 v0, 0x0
Now you will recompile and sign the app.