TL;DR Rooting is useful for Android assessments The process is relatively simple It will wipe all user data from the device and void any warranty Introduction For mobile testing, be it for apps or hardware, having complete control over the device is essential for analysis and vulnerability assessment. Rooting an Android device allows us to gain root privileges, giving us full access to the OS, including access to the private storage of any installed app. In this blog we will go over the general process of rooting an Android device using Magisk. I’ll be using a generic MediaTek-based Android phone as an example. There are other ways to root an Android device other than the technique described below, though I prefer to use Magisk as it maintains Google’s SafetyNet which allows us to test applications that rely on Google’s SafetyNet API. One of the key features of Magisk is its ability to hide root access from certain applications that typically block rooted devices, such as banking apps or streaming services. This is achieved through Magisk Hide, a feature that conceals the root status from selected apps Before we dive in it's important to note some risks of rooting: It will void the device warranty (this old chestnut) It could potentially make your device unstable Increased attack surface of the device, opening it up to malware (Don’t download dodgy stuff). Something to note before we root the phone: during the rooting process the bootloader needs to be unlocked, this…Read More