Skip to main content

Identifying Real Device Clouds and Rooted Android Apps

· 4 min read
Joe Rutkowski
Lead Developer

Real device clouds are networks of physical or emulated mobile devices often managed to run automated scripts. These can be used for various purposes: legitimate testing or research, stress testing apps, or even malicious activities. At OverpoweredJS, we’ve been focused on detecting and analyzing these real device clouds, with a special emphasis on uncovering suspicious or malicious behavior. In this post, we’ll highlight how we use the x-requested-with header and other signals to detect rooted and jailbroken devices, and how fraudsters leverage these compromised devices to carry out their exploits.