A new report out today from mobile security platform provider Zimperium Inc. warns that mobile rooting and jailbreaking remain a persistent and evolving threat to enterprises worldwide.

Mobile devices that have been rooted, meaning someone got administrator access to the operating system, and jailbroken, meaning apps installed from outside official app stores, bypass critical security protocols. That leaves organizations vulnerable to mobile malware, data breaches and full system compromises.  Data from Zimperium’s zLabs team found that rooted Android mobile devices face 3.5 times more mobile malware attacks and are 250 times more likely to suffer from system compromise incidents.

Zimperium argues that as cybercriminals have moved to a mobile-first attack strategy, rooted and jailbroken mobile devices continue to be a powerful attack vector. The modified mobile devices create entry points for threat actors to exploit security gaps, enabling sophisticated mobile attacks that can compromise an entire corporate network.

The report also details how, at the same time, bad actors are using these devices to attack mobile applications with the intention of performing fraudulent activities. Though mobile operating systems have implemented stronger defenses, the community behind mobile rooting tools continuously evolves to bypass detection, with tools such as Magisk, APatch, KernelSU, Dopamin and Checkra1n being in active development, some with stealth mechanisms that evade traditional mobile security measures.

“The cat-and-mouse game between security teams and mobile rooting tool developers is far from over,” said Zimperium Chief Scientist Nico Chiaraviglio. “What enterprises need is continuous, real-time detection of mobile tampering attempts — because once a mobile device is compromised, the risk to the entire organization skyrockets.”

Zimperium’s researchers warn in the report that as cybercriminals refine their techniques, organizations must remain vigilant as a single compromised mobile device can serve as the gateway for data theft, ransomware and advanced persistent threats. Enterprises are urged to prioritize mobile security, adopt proactive defenses and leverage artificial intelligence-powered mobile threat detection to stay ahead of adversaries.

Who is still rooting phones and why in 2025? Jason Soroko, senior fellow at digital certificates and certificate lifecycle management firm Sectigo Ltd., told SiliconANGLE via email that one reason is that some people like to root their Android device or jailbreak their iOS device to “sideload” applications.

“Spyware on iOS and Android often hinges on jailbreaking or rooting to breach core security measures,” he said. “By circumventing built-in OS restrictions, attackers secure elevated privileges that allow them to install and conceal spyware. This malicious procedure typically starts with exploiting a device’s vulnerability or tricking users into compromising their own systems, ultimately enabling the spyware to operate undetected, monitor activities and extract sensitive data.”

Image: SiliconANGLE/Ideogram