Attack scenarios have become shorter, but the results are more devastating.
Security analysts at Zimperium have published a new study warning about the sharply increasing security risks associated with using rooted mobile devices. Despite the overall decline in the number of such devices, their vulnerability remains extremely high—and it may pose a threat not only to individual users but also to companies that allow employees to handle corporate data on personal smartphones.Over a year of observations, researchers found that rooted devices were infected with malware 3.5 times more often than regular ones. The number of cases involving compromised app installations was 12 times higher. System integrity violations were recorded 250 times more frequently, while file system compromises occurred 3,000 times more often.
Android devices are particularly at risk, as gaining root access is technically easier. According to the report, 0.24% of Android devices were rooted, compared to only 0.04% of iOS users having jailbroken their phones. In the U.S., Apple does not allow apps to be installed outside the App Store without a jailbreak, whereas Android officially supports APK installations from third-party sources.
However, this capability has become Android’s Achilles’ heel in terms of security. Users who gain root access often bypass Android Play Integrity and similar security checks, installing potentially malicious software. As a result, the device can become completely compromised, granting attackers access to system files and confidential data.
Zimperium specialists emphasize that root privileges allow users to interfere with the operating system, remove manufacturer-imposed restrictions, and utilize functions unavailable to regular users. However, this level of freedom often comes at the cost of serious security vulnerabilities.
The most popular tools for obtaining root access on Android include Magisk, APatch, and KernelSU. iPhone users are more likely to use utilities such as Dopamine, Checkra1n, and Roothide. These tools have limited compatibility and are increasingly being blocked by manufacturers and security systems, which have learned to detect signs of system modification.
Zimperium reminds us that many malware strains use rootkit injection as part of their attack chain, gaining full control over the device. A compromised smartphone can serve as an entry point into corporate infrastructure, which is particularly dangerous for remote workers.
The company believes that corporate users should reconsider their mobile security policies and implement threat detection tools. In the face of growing cybercriminal activity, banning rooted and jailbroken smartphones is no longer just a recommendation—it is a necessity.
