@capawesome/capacitor-root-detection 0.0.1 → 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -1,4 +1,4 @@
1
- # @capawesome/capacitor-root-detection
1
+ # Capacitor Root Detection Plugin
2
2
 
3
3
  Capacitor plugin for detecting rooted and jailbroken devices.
4
4
 
@@ -13,15 +13,20 @@ Capacitor plugin for detecting rooted and jailbroken devices.
13
13
  - 🔒 **Root detection**: Detect rooted (Android) and jailbroken (iOS) devices.
14
14
  - 🤖 **Emulator detection**: Detect whether the app is running on an emulator or simulator.
15
15
  - 🛠️ **Developer mode**: Detect whether developer mode is enabled (Android).
16
- - 🔗 **Compatibility**: Works alongside the [App Integrity](https://capawesome.io/plugins/app-integrity/) plugin for server-verifiable device attestation.
16
+ - 🤝 **Compatibility**: Works alongside the [App Integrity](https://capawesome.io/docs/sdks/capacitor/app-integrity/) plugin for server-verifiable device attestation.
17
17
  - 📦 **SPM**: Supports Swift Package Manager and CocoaPods for iOS.
18
18
  - 🔁 **Up-to-date**: Always supports the latest Capacitor version.
19
19
 
20
20
  Missing a feature? Just [open an issue](https://github.com/capawesome-team/capacitor-plugins/issues) and we'll take a look!
21
21
 
22
- ## Newsletter
22
+ ## Use Cases
23
23
 
24
- Stay up to date with the latest news and updates about the Capawesome, Capacitor, and Ionic ecosystem by subscribing to our [Capawesome Newsletter](https://cloud.capawesome.io/newsletter/).
24
+ The Root Detection plugin is typically used in apps that handle sensitive data and need to assess the trustworthiness of the device, for example:
25
+
26
+ - **Banking and fintech apps**: Warn users or restrict access when the app runs on a rooted or jailbroken device.
27
+ - **Fraud prevention**: Detect emulators and simulators to make automated abuse of your app harder.
28
+ - **Compliance checks**: Detect whether developer mode is enabled on Android to satisfy internal security policies.
29
+ - **Conditional feature gating**: Disable particularly sensitive features on compromised devices while keeping the rest of the app usable.
25
30
 
26
31
  ## Compatibility
27
32
 
@@ -57,7 +62,7 @@ npx cap sync
57
62
 
58
63
  This plugin will use the following project variables (defined in your app's `variables.gradle` file):
59
64
 
60
- - `$rootbeerVersion` version of `com.scottyab:rootbeer-lib` (default: `0.1.0`)
65
+ - `$rootbeerVersion` version of `com.scottyab:rootbeer-lib` (default: `0.1.2`)
61
66
 
62
67
  ### iOS
63
68
 
@@ -80,6 +85,12 @@ No configuration required for this plugin.
80
85
 
81
86
  ## Usage
82
87
 
88
+ The following examples show how to check whether the device is rooted or jailbroken, running on an emulator, or has developer mode enabled.
89
+
90
+ ### Check whether the device is rooted or jailbroken
91
+
92
+ Check whether the device is rooted (Android) or jailbroken (iOS). Keep in mind that this is a best-effort, client-side check that can be bypassed by a determined attacker (see [Security Considerations](#security-considerations)):
93
+
83
94
  ```typescript
84
95
  import { RootDetection } from '@capawesome/capacitor-root-detection';
85
96
 
@@ -87,11 +98,27 @@ const isRooted = async () => {
87
98
  const { rooted } = await RootDetection.isRooted();
88
99
  return rooted;
89
100
  };
101
+ ```
102
+
103
+ ### Check whether the app runs on an emulator
104
+
105
+ Check whether the app is running on an emulator (Android) or simulator (iOS):
106
+
107
+ ```typescript
108
+ import { RootDetection } from '@capawesome/capacitor-root-detection';
90
109
 
91
110
  const isEmulator = async () => {
92
111
  const { emulator } = await RootDetection.isEmulator();
93
112
  return emulator;
94
113
  };
114
+ ```
115
+
116
+ ### Check whether developer mode is enabled
117
+
118
+ Check whether developer mode is enabled on the device. Only available on Android:
119
+
120
+ ```typescript
121
+ import { RootDetection } from '@capawesome/capacitor-root-detection';
95
122
 
96
123
  const isDeveloperModeEnabled = async () => {
97
124
  const { enabled } = await RootDetection.isDeveloperModeEnabled();
@@ -194,7 +221,44 @@ required.
194
221
 
195
222
  The checks provided by this plugin are performed entirely on the device and are **best-effort**. A determined attacker with full control over a rooted or jailbroken device can bypass or spoof any client-side detection. Therefore, you should **never** rely on this plugin as the sole security measure for protecting sensitive functionality.
196
223
 
197
- For **server-verifiable** device and app integrity, use the [App Integrity](https://capawesome.io/plugins/app-integrity/) plugin, which leverages the Play Integrity API (Android) and App Attest (iOS) to produce attestations that can be validated on your backend.
224
+ For **server-verifiable** device and app integrity, use the [App Integrity](https://capawesome.io/docs/sdks/capacitor/app-integrity/) plugin, which leverages the Play Integrity API (Android) and App Attest (iOS) to produce attestations that can be validated on your backend.
225
+
226
+ ## FAQ
227
+
228
+ ### How is this plugin different from other similar plugins?
229
+
230
+ It combines several device-trust signals in one fully typed API: root and jailbreak detection on Android and iOS, emulator and simulator detection, and a developer-mode check on Android. These are fast, client-side checks that are easy to drop into any app, and the plugin is designed to work alongside the App Integrity plugin when you also need server-verifiable attestation. If a lightweight client-side signal is all you need, this covers it well; when you need a full trust story, the two plugins fit together.
231
+
232
+ ### Can root detection be bypassed?
233
+
234
+ Yes. All checks provided by this plugin are performed entirely on the device and are best-effort. A determined attacker with full control over a rooted or jailbroken device can bypass or spoof any client-side detection. You should therefore never rely on this plugin as the sole security measure. See the [Security Considerations](#security-considerations) section for details.
235
+
236
+ ### What is the difference between this plugin and the App Integrity plugin?
237
+
238
+ The Root Detection plugin performs client-side checks that run entirely on the device, which makes them fast and easy to use but also spoofable. The [App Integrity](https://capawesome.io/docs/sdks/capacitor/app-integrity/) plugin leverages the Play Integrity API (Android) and App Attest (iOS) to produce attestations that can be validated on your backend, providing server-verifiable trust. The two plugins are designed to work alongside each other.
239
+
240
+ ### Which methods are available on which platforms?
241
+
242
+ The `isRooted()` and `isEmulator()` methods are available on Android and iOS. The `isDeveloperModeEnabled()` method is only available on Android. There is no Web implementation, since rooting and jailbreaking are concepts of mobile operating systems.
243
+
244
+ ### Do I need any special configuration on iOS?
245
+
246
+ Optionally, you can add the `cydia` scheme to the `LSApplicationQueriesSchemes` array in your app's `Info.plist` file so that the `isRooted()` method can check whether the `cydia://` URL scheme can be opened as part of its jailbreak heuristics. If the scheme is not added, the method still works but skips the URL scheme check. See the [Installation](#installation) section for details.
247
+
248
+ ### Can I use this plugin with Ionic, React, Vue or Angular?
249
+
250
+ Yes, the plugin is framework-agnostic. It works in any Capacitor app regardless of the web framework, including Ionic with Angular, React, or Vue, as well as plain JavaScript projects.
251
+
252
+ ## Related Plugins
253
+
254
+ - [App Integrity](https://capawesome.io/docs/sdks/capacitor/app-integrity/): Verify app and device integrity using the Play Integrity API (Android) and App Attest (iOS).
255
+ - [Biometrics](https://capawesome.io/docs/sdks/capacitor/biometrics/): Request biometric authentication, such as face recognition or fingerprint recognition.
256
+ - [Secure Preferences](https://capawesome.io/docs/sdks/capacitor/secure-preferences/): Securely store key/value pairs such as passwords, tokens or other sensitive information.
257
+ - [Privacy Screen](https://capawesome.io/docs/sdks/capacitor/privacy-screen/): Hide sensitive app content in the app switcher, block screenshots, and detect when a screenshot is taken.
258
+
259
+ ## Newsletter
260
+
261
+ Stay up to date with the latest news and updates about the Capawesome, Capacitor, and Ionic ecosystem by subscribing to our [Capawesome Newsletter](https://cloud.capawesome.io/newsletter/).
198
262
 
199
263
  ## Changelog
200
264
 
@@ -3,7 +3,7 @@ ext {
3
3
  androidxAppCompatVersion = project.hasProperty('androidxAppCompatVersion') ? rootProject.ext.androidxAppCompatVersion : '1.7.1'
4
4
  androidxJunitVersion = project.hasProperty('androidxJunitVersion') ? rootProject.ext.androidxJunitVersion : '1.3.0'
5
5
  androidxEspressoCoreVersion = project.hasProperty('androidxEspressoCoreVersion') ? rootProject.ext.androidxEspressoCoreVersion : '3.7.0'
6
- rootbeerVersion = project.hasProperty('rootbeerVersion') ? rootProject.ext.rootbeerVersion : '0.1.0'
6
+ rootbeerVersion = project.hasProperty('rootbeerVersion') ? rootProject.ext.rootbeerVersion : '0.1.2'
7
7
  }
8
8
 
9
9
  buildscript {
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@capawesome/capacitor-root-detection",
3
- "version": "0.0.1",
4
- "description": "Capacitor plugin for detecting rooted and jailbroken devices.",
3
+ "version": "0.1.0",
4
+ "description": "Capacitor plugin for detecting rooted and jailbroken devices on Android and iOS.",
5
5
  "main": "dist/plugin.cjs.js",
6
6
  "module": "dist/esm/index.js",
7
7
  "types": "dist/esm/index.d.ts",
@@ -33,11 +33,19 @@
33
33
  "url": "https://opencollective.com/capawesome"
34
34
  }
35
35
  ],
36
- "homepage": "https://capawesome.io/docs/plugins/root-detection/",
36
+ "homepage": "https://capawesome.io/docs/sdks/capacitor/root-detection/",
37
37
  "keywords": [
38
38
  "capacitor",
39
39
  "plugin",
40
- "native"
40
+ "native",
41
+ "capacitor-plugin",
42
+ "root detection",
43
+ "jailbreak detection",
44
+ "rooted device",
45
+ "jailbroken device",
46
+ "emulator detection",
47
+ "developer mode",
48
+ "device security"
41
49
  ],
42
50
  "scripts": {
43
51
  "verify": "npm run verify:ios && npm run verify:android && npm run verify:web",