Identifying Real Device Clouds and Rooted Android Apps
Real device clouds are networks of physical or emulated mobile devices often managed to run automated scripts. These can be used for various purposes: legitimate testing or research, stress testing apps, or even malicious activities. At OverpoweredJS, we’ve been focused on detecting and analyzing these real device clouds, with a special emphasis on uncovering suspicious or malicious behavior. In this post, we’ll highlight how we use the x-requested-with
header and other signals to detect rooted and jailbroken devices, and how fraudsters leverage these compromised devices to carry out their exploits.