Hi Kaveri,

There is nothing wrong with checking for root detection at the start of the application, however you need to ensure that it is robust enough to locate methods such as Magisk, and Magisk Hide but not simply by relying on hardcoded strings, unless these are encrypted and cannot be modified. That said, there may likely be a return value of some sort somewhere which can be modified as shown in the post.

Root detection needs multiple layers and checks to ensure it cannot be bypassed, this includes items such as anti-debugging or anti-injection measures, but also things like repack protection as well.

The suggestion in the post for using SafetyNet API is also a good one, as this has recently been updated to perform hardware backed checks for unlocked bootloaders, this has yet to by bypassed, and as such SafetyNet is likely to be one of the best detection methods right now.

It also comes down to the data that you are attempting to protect, if it is highly sensitive banking data then more checks and defence layers are required, if it is for a non-monetised game, less.

Thanks for reading the post!