000035180 - How to "clean" a device that the RSA Adaptive Authentication Mobile SDK flags as compromised

Document created by RSA Customer Support Employee on May 23, 2017
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000035180
Applies ToRSA Product Set: Adaptive Authentication (Cloud, Hosted and OnPrem)
RSA Product/Service Type: Mobile SDK
RSA Version/Condition: 2.x and later
IssueThe RSA Adaptive Authentication Mobile SDK Mobile Data Collection Module collects the end user’s location and mobile device information and produces one mobile device string that is encoded in JSON format.  It will return a positive value (> 0) for the "Compromised" field of the JSON string, when it finds evidence of the device being rooted or jailbroken.
TasksIf an end user's device is found by the RSA Mobile SDK to be compromised (have evidence of being rooted or jailbroken), it can sometimes be difficult for the device owner to understand why that is so.  This could occur for example, if the end user did not deliberately root/jailbreak the device themselves, or if they have taken steps to "unroot" or "unjailbreak" the device.
The end user may therefore challenge the finding and claim that the device is not currently rooted/jailbroken.
ResolutionTo avoid the risk of a device being flagged as compromised by the RSA Mobile SDK, end user's should:
  • Only purchase devices from authorised resellers
  • Only install apps from the official Android, Apple, Windows or Blackberry app stores
If a device is found by the RSA Mobile SDK to be Compromised, the following steps could be tried one by one to try to restore it to a non-root/jailbreak state:
  1. Uninstall any apps that are known to be capable of rooting/jailbreaking their device (even if the app has not been used to root or jailbreak the device)
  2. Uninstall any other apps that were not purchased from an official app store
  3. Factory reset the device
  4. Contact the device reseller to check if it was rooted/jailbroken prior to purchase
  5. Arrange for the device manufacturer's support service to check the device for any unsupported changes made to it
Bear in mind that uninstall of apps or even factory reset may not reverse all changes made by rooting/jailbreaking a device. Therefore, if the device is still flagged as compromised by the RSA Mobile SDK after steps 1, 2 and 3 have been done, then proceed to steps 4 and/or 5 to seek assistance from the device's place of purchase and/or manufacturer.
NotesThe terms "root" and "jailbreak" both refer to removing restrictions placed on a device by its manufacturer that normally prevent system-level access to the device.
The term "jailbreak" is used for Apple iOS devices (iPad, iPhone, etc) and "root" is used for Android, Windows and Blackberry devices.
For more information about the Compromised flag returned by the RSA Mobile SDK, see the RSA Adaptive Authentication Mobile SDK Modules Developer's Guide, chapter "Mobile Data Collection Module", section "Collecting Mobile Data Collection Module Device Elements".  That manual is in the Documentation folder of the RSA Adaptive Authentication Mobile SDK package .