Adversaries may include functionality in malware that uninstalls the malicious application from the device. This can be achieved by:
Attestation can detect rooted devices. Mobile security software can then use this information and take appropriate mitigation action. Attestation can detect rooted devices.
Security updates typically provide patches for vulnerabilities that enable device rooting.
Inform users that device rooting or granting unnecessary access to the accessibility service presents security risks that could be taken advantage of without their knowledge.
Users can see a list of applications that can use accessibility services in the device settings. Application vetting services could look for use of the accessibility service or features that typically require root access.