Root an Android Emulator (AVD)
Guide to root your Android Emulator aka Android Virtual Device(AVD) for security testing
Rooting an Android device/emulator unlocks whole new possibilities with additional control and customization of OS using root access, also known as administrative or superuser access.
It gives users elevated privileges, allowing them to access and modify system files and settings that are normally restricted by the device’s manufacturer or carrier at a stake of voiding the warranty or even Bricking the device.
Why is it even important to check for Root Access?
As a developer, it is often recommended to have measures to protect Android applications from vulnerabilities and threats that could compromise confidentiality, integrity, and availability. It involves securing the application code, data, and resources from unauthorized access, modification, or destruction. One such case is detection of Root.
This is a multi-part series and focus of this article is limited to Rooting an Android Emulator for testing purposes using rootAVD & Magisk.
Before we get our hands dirty: The Prerequisites 🤖
- Android Studio with Platform Tools/ADB
- Emulator or Android Virtual Device(AVD) with Google Play Image**
- Stable internet connection
- PowerShell (Windows) OR Terminal (Mac)
** [IMP] Check for OS compatibility
Getting Started
rootAVD offers a set of handy scripts with Magisk to root an emulator within no time.
To download, follow rootAVD repo OR clone using below command in Terminal (Mac) or Command Prompt (Windows)
~ % git clone https://github.com/newbit1/rootAVD.git
Alternatively, same repo is hosted on GitLab -> rootAVD. No change is steps to root device.
Once cloned, change dir using below cmd
~ % cd rootAVD
Next up, run ./rootAVD.sh
to start rootAVD
agent:
rootAVD % ./rootAVD.sh
At this point, rootAVD agent is active. Now, before running another set of commands, ensure Emulator is running and not rooted.
I’m using Pixel 6a, API 29 for this demo. To verify root status, run adb shell
in Android Studio terminal:
% adb shell
generic_x86:/ $
Now, run su
for super user access:
generic_x86:/ $ su
/system/bin/sh: su: inaccessible or not found
Since, su is not accessible we can confirm device is NOT rooted.
Back to the rootAVD agent in terminal, run ./rootAVD.sh ListAllAVDs
to list all the available emulators.
Select and copy cmd having ramdisk.img
of running emulator/AVD
Now, run the cmd to start patching emulator with root privilege
rootAVD % ./rootAVD.sh system-images/android-29/google_apis_playstore/x86/ramdisk.img
At a point, it will prompt to select Magisk channel — Stable, Canary or Alpha. Wait to auto proceed with Stable version of the Magisk.
Once the patching finishes, Emulator will shut down automatically.
Yayyy!! Emulator is now patched with ROOT access 🎉
Boot the same emulator to verify Magisk App & ROOT status in terminal of Android Studio
Open Magisk App and reboot when prompted to apply changes.
Back in Android Studio terminal, run adb shell
followed by su
to check root access.
Accept the prompt to grant root access to shell and run id
to see details
hemanshuvarma@192 sample-app % adb shell
generic_x86:/ $ su
generic_x86:/ # id
uid=0(root) gid=0(root) groups=0(root) context=u:r:magisk:s0
generic_x86:/ #
Shell now has Root access of the Emulator.
Next up in this series, we’ll explore How to detect Root in Android App.
Smaaaaaash that 👏 button if you liked this article. Until next time! 👋