Rooting (on Android) and jailbreaking (on iOS) were once widespread for enabling deeper customization and removing OS limitations on mobile devices. It’s a practice that’s become less common in recent years but still represents a serious security threat, not just to the user, but to enterprises who enable employees to access sensitive corporate apps and data from their devices.
Research from Zimperium’s zLabs shows rooted Android devices experience 3.5 times more malware attacks, and system compromises have surged by 250 times compared to non-rooted devices.
Rooting and jailbreaking grant users privileged access to their device’s operating system, opening the door to a host of security risks — including malware infections, compromised apps, and full system takeovers. A single compromised device can serve as the entry point for a much larger attack, putting an entire organization at risk.
“The cat-and-mouse game between security teams and mobile rooting tool developers is far from over,” says Nico Chiaraviglio, chief scientist at Zimperium. “What enterprises need is continuous, real-time detection of mobile tampering attempts — because once a mobile device is compromised, the risk to the entire organization skyrockets.”
These modified mobile devices allow threat actors to exploit security gaps, enabling sophisticated mobile attacks that can compromise an entire corporate network. At the same time, bad actors are using these devices to attack mobile applications with the intention to perform fraudulent activities. While mobile operating systems have implemented stronger defenses, the community behind mobile rooting tools continuously evolves to bypass detection.
J Stephen Kowski, field CTO at SlashNext Email Security+ says:
Mobile device security is a critical concern that’s often overlooked in corporate planning. When employees root or jailbreak their devices, they’re essentially removing crucial security guardrails that protect both personal and company data, creating significant attack vectors for threat actors.
Rather than implementing an all-or-nothing approach to personal devices, companies should consider deploying advanced threat detection that can identify compromised devices, block phishing attempts, and prevent lateral movement within networks without disrupting employee workflows. The real solution requires both technical controls and financial planning – recognizing that secure mobile access is now as essential to knowledge workers as computers were decades ago, and budgeting accordingly for proper protection.
You can read more on the Zimperium blog.
