Android Anti-Root Detection Proof of Concept (POC)
rd is a proof-of-concept of sandboxing apps that performs root detection.
Root detection is the cargo-cult of Android security. Everyone does it, nobody knows why.
How does it work?
By using ptrace to call dlopen on the remote process. The loaded library has a constructor that replaces the code of access with its own.
If you look at the Android source code, File.exists calls access. If an app tries to check the presence of su, We simply have to emulate its absence.
It is released under the WTFPL, so you are free to show that root detection is useless.