Samsung S9 network unlocked giving root positive

[sumit269]

One of our users who got the phone unlocked by his network, is getting root positive. Pretty sure the device is not rooted.
Below is the rootbeer sample screenshot.
My current check is without RootBeer(context).isRootedWithoutBusyBoxCheck, now RootBeer(context).isRooted
Is this the expected behaviour or would there be a workaround?

[steaked]

I'm also having the same problem as above, brand new Galaxy Note 20.

Some of the apps I've installed believe the phone is rooted (it's not). After looking through their APK they're using Google's SafetyNet & RootBeer - it fails on RootBeer.

As this is my phone I can guarantee it's not root - even Knox is still happy.

[steaked]

Okay, I've downloaded RootBeer Sample and run it across the Note 20.

Ends up that even though the phone is not rooted - when the Samsung tool was used to port the phone from the old phone (and then from a much older phone that had had root applied) - it also copied over the SuperSU package.

I programatically adjusted your app to uninstall SuperSU as it wasn't appearing as installed on the Playstore - this would be a cool feature to have for users who are experiencing problems such as this.

1 - detail which caused the root check to be triggered (in my case it was the SuperSU package), then
2 - give an option to uninstall the problem, I just used:

            Uri packageURI = Uri.parse("package:"+packageName);
            Intent uninstallIntent = new Intent(Intent.ACTION_DELETE, packageURI);
            mContext.startActivity(uninstallIntent);

So to sum it up - the Galaxy Note 20 wasn't rooted, but had SuperSU on it copied from a much older device but not installed via the Playstore so difficult for an end user to detect.

Hope this helps people, cheers - I'm off for a beer :)

[scottyab]

Thanks for the suggestion @steaked. I think if Rootbeer was a root detection app in its own right then a feature like this would make sense. But it's really just a demo of the RootBeer SDK/Library so it's not something I see as core functionality.

That said if you wanted to post a PR with the above suggestion we could look to include it. From user point of view this featute should handle cases where there are more than one root app flagged. Thanks again for taking the time to post.

[steaked]

Looking at it I think your app serves its function by executing the Rootbeer library.

Adding this functionality to detect and report unusual apps it finds is probably out of scope.

I might create an app similar that can help those also receiving this problem.

So SuperSU was originally on the Galaxy Note 4 (rooted) -> Note 8 (not rooted) -> Note 20 (not rooted). From memory I probably installed SuperSU from unknown sources outside the play store - and the Samsung porting app has ported it along to each phone.

Interesting that a government app in Australia is not only using SafetyNet but also Rootbeer to determine root - they must owe you a LOT beers! 👍

[hdralexandru]

I'm also getting a false positive on my S10E (Europe)