Port MASTG-TEST-0045: Testing Root Detection (android)

[martinzigrai]

This PR closes #3021

[githubrlloyd]

The proposal here focuses on a demo which illustrates some basic checks that can be implemented to detect root, but the purpose of the TEST is to test whether root devices are detected by an app.

I'm not sure the usefulness of the DEMO in that regard. If someone implements these basic checks, I think they will not meaningfully address the weakness.

I think the TEST should remain focused on what good root detection characteristics are. (resilience to dynamic bypasses, breadth of root scenarios detected, effectiveness of detections, as described in the TEST).

the other valuable contribution to this TEST would be examples of how to test for those characteristics. e.g. how to setup a wide enough range of root scenarios, how to test bypassing a root detection, etc..

[cpholguera]

Thanks for the PR @martinzigrai.

The new MASTG tests aim at consistency (in code, content, language and structure) and reproducibility, so, before we start with the actual review, please make sure that everything is in line with our guidelines and other recently added demos (go here and sort the list, the highest numbers indicate more recent demos).

For example:

• You have to use the official application: https://github.com/cpholguera/MASTestApp-Android (please read the README)
• You need to include the reversed code as a file and in the markdown, using specific filenames.
• For Android, unless the test/demo is about C code, we don't use r2, you can use semgrep.
• Use the same language as in other test/demos for Observations and Evaluation, e.g. "The test fails if ..." as indicated in our guidelines.

Please check the latest tests and demos and read the following:

• "Porting MASTG Tests from v1 to v2 guidelines
• Writing MAS Weaknesses & Tests
• App README,

If you have any questions, I'll be happy to help. Thank you very much!