UPDATED 09:00 EDT / MARCH 20 2025

SECURITY

Zimperium report warns that mobile rooting and jailbreaking still pose serious security risks

A new report out today from mobile security platform provider Zimperium Inc. warns that mobile rooting and jailbreaking remain a persistent and evolving threat to enterprises worldwide.

Mobile devices that have been rooted, meaning someone got administrator access to the operating system, and jailbroken, meaning apps installed from outside official app stores, bypass critical security protocols. That leaves organizations vulnerable to mobile malware, data breaches and full system compromises.  Data from Zimperium’s zLabs team found that rooted Android mobile devices face 3.5 times more mobile malware attacks and are 250 times more likely to suffer from system compromise incidents.

Zimperium argues that as cybercriminals have moved to a mobile-first attack strategy, rooted and jailbroken mobile devices continue to be a powerful attack vector. The modified mobile devices create entry points for threat actors to exploit security gaps, enabling sophisticated mobile attacks that can compromise an entire corporate network.

The report also details how, at the same time, bad actors are using these devices to attack mobile applications with the intention of performing fraudulent activities. Though mobile operating systems have implemented stronger defenses, the community behind mobile rooting tools continuously evolves to bypass detection, with tools such as Magisk, APatch, KernelSU, Dopamin and Checkra1n being in active development, some with stealth mechanisms that evade traditional mobile security measures.

“The cat-and-mouse game between security teams and mobile rooting tool developers is far from over,” said Zimperium Chief Scientist Nico Chiaraviglio. “What enterprises need is continuous, real-time detection of mobile tampering attempts — because once a mobile device is compromised, the risk to the entire organization skyrockets.”

Zimperium’s researchers warn in the report that as cybercriminals refine their techniques, organizations must remain vigilant as a single compromised mobile device can serve as the gateway for data theft, ransomware and advanced persistent threats. Enterprises are urged to prioritize mobile security, adopt proactive defenses and leverage artificial intelligence-powered mobile threat detection to stay ahead of adversaries.

Who is still rooting phones and why in 2025? Jason Soroko, senior fellow at digital certificates and certificate lifecycle management firm Sectigo Ltd., told SiliconANGLE via email that one reason is that some people like to root their Android device or jailbreak their iOS device to “sideload” applications.

“Spyware on iOS and Android often hinges on jailbreaking or rooting to breach core security measures,” he said. “By circumventing built-in OS restrictions, attackers secure elevated privileges that allow them to install and conceal spyware. This malicious procedure typically starts with exploiting a device’s vulnerability or tricking users into compromising their own systems, ultimately enabling the spyware to operate undetected, monitor activities and extract sensitive data.”

Image: SiliconANGLE/Ideogram

A message from John Furrier, co-founder of SiliconANGLE:

Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.

  • 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
  • 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.