cordova-plugin-rootguard is a security plugin for Cordova that detects:
- ✅ Root access (Magisk, SuperSU,
subinaries, system mount modifications) – Android - ✅ Frida instrumentation (open ports, memory maps, processes) – Android
- ✅ Jailbreak status (Cydia, Sileo, rootless indicators) – iOS
- ✅ Frida runtime detection (dylib injection) – iOS
- Fix(android): prevent plugin timeout on Magisk/RootAVD by adding process timeouts and safe cleanup
- Moved root and Frida detection checks to Cordova thread pool
- Added timeouts (500ms) to all shell command executions (
su,mount,pidof,getprop) - Ensured processes are destroyed and streams closed in finally blocks
- Fail-safe: assume compromised if detection errors or times out
- Fixes issue where plugin call timed out on Magisk-enabled emulators (RootAVD)
- Added iOS support
- Detects common root paths and
subinaries - Executes shell checks (
which su,mount) - Detects Frida server via:
- Open ports (default: 27042, 27043)
- Injected memory maps
- Frida running processes
- System properties
- Detects Cydia, Sileo, and rootless jailbreak indicators
- Checks common jailbreak file paths and URL schemes
- Detects Frida dynamic library injections using
dyldinspection
cordova plugin add cordova-plugin-rootguard- Download and place the
cordova-plugin-rootguard/folder inside your project. - Run:
cordova plugin add ./cordova-plugin-rootguard
The plugin provides a single function checkSecurity that checks for both root access and Frida detection.
RootGuard.checkSecurity(function(result) {
if (result === 1) {
console.log("Security Risk Detected: Root or Frida is present.");
} else {
console.log("Device is secure.");
}
}, function(error) {
console.error("Error detecting Root/Frida:", error);
});- File Check: Scans for common root-related files (e.g.,
su,Superuser.apk,.magisk). - Command Execution: Attempts to execute
suto check for root access. - Mount Check: Verifies if
/systemis mounted as read-write instead of read-only.
- Port Scan: Checks for Frida's default listening ports (
27042,27043). - Memory Scan: Reads
/proc/self/mapsto detect Frida-related libraries (frida,gum-js,gadget). - Process Check: Looks for a running
frida-serverprocess. - Property Check: Scans system properties for any Frida-related entries.
- Install Magisk or SuperSU on your Android device.
- Run your Cordova app. It should detect root and exit.
- Test with rooted devices or emulators with Magisk/SuperSU.
- Attach Frida using: frida -n
- Test on a jailbroken device (Palera1n, Dopamine).
- Use Frida with tools like frida-trace, frida-server.
- Start Frida-server on the device:
adb push frida-server /data/local/tmp/ adb shell chmod 755 /data/local/tmp/frida-server adb shell /data/local/tmp/frida-server & - Run your Cordova app. It should detect Frida and exit.
- ✅ Android (Minimum SDK: API 21+)
- ✅ iOS
| Platform | Root/Jailbreak Detection | rida Detection |
|---|---|---|
| Android | ✅ | ✅ |
| iOS | ✅ (Cydia, Sileo, Rootless) | ✅ (dylib scan) |
1. Plugin Not Found After Installation
Run cordova platform remove android && cordova platform add android to refresh plugins.
2. App Crashes on Certain Devices
Ensure the plugin has the required permissions and that your app has minSdkVersion set to 21 or higher in config.xml.
3. False Positives or False Negatives
Root detection can vary across devices. Consider adding additional root detection methods if needed.
This project is licensed under the MIT License.
We welcome contributions! Feel free to submit a pull request or report issues on the repository.
For any issues, please open a GitHub issue in the repository.
📌 Binuka Kamesh
📧 Contact: binukakamesh97@gmail.com
🌍 GitHub: binuka97
Maintained by Binuka Kamesh