|Applies To||RSA Product Set: Adaptive Authentication (Cloud, Hosted and OnPrem)|
RSA Product/Service Type: Mobile SDK
RSA Version/Condition: 2.x and later
|Issue||The RSA Adaptive Authentication Mobile SDK Mobile Data Collection Module collects the end user’s location and mobile device information and produces one mobile device string that is encoded in JSON format. It will return a positive value (> 0) for the "Compromised" field of the JSON string, when it finds evidence of the device being rooted or jailbroken.|
|Tasks||If an end user's device is found by the RSA Mobile SDK to be compromised (have evidence of being rooted or jailbroken), it can sometimes be difficult for the device owner to understand why that is so. This could occur for example, if the end user did not deliberately root/jailbreak the device themselves, or if they have taken steps to "unroot" or "unjailbreak" the device.|
The end user may therefore challenge the finding and claim that the device is not currently rooted/jailbroken.
|Resolution||To avoid the risk of a device being flagged as compromised by the RSA Mobile SDK, end user's should:|
|Notes||The terms "root" and "jailbreak" both refer to removing restrictions placed on a device by its manufacturer that normally prevent system-level access to the device.|
The term "jailbreak" is used for Apple iOS devices (iPad, iPhone, etc) and "root" is used for Android, Windows and Blackberry devices.
For more information about the Compromised flag returned by the RSA Mobile SDK, see the RSA Adaptive Authentication Mobile SDK Modules Developer's Guide, chapter "Mobile Data Collection Module", section "Collecting Mobile Data Collection Module Device Elements". That manual is in the Documentation folder of the RSA Adaptive Authentication Mobile SDK package .