Although there has been a reduction in rooted and jailbroken devices, these devices are still a security concern for users and enterprises. According to data from Zimperium, rooted devices are more than 3.5 times as likely to be targeted with mobile malware. 

Rooting, the process of obtaining privileged access to an Android operating system, allows users to manipulate system files, install applications, and remove restrictions. The research found that root devices had an exposure factor varying from three times to 3000 times that of stock devices. Other key findings include: 

• Compromised apps increase by a factor of 12.
• Filesystem compromises increase by a factor of 3000. 
• System compromise events are 250 times greater.

Security leaders weigh in 

Adam Brown, Managing Consultant at Black Duck:

Past research of mobile devices for financial organizations found that one of the more frequent risks is the extraction of biometric information from the trusted execution environment on the device. For each assessment it is assumed the device could be and would be rooted and that a nefarious third-party app would be present. Typically, weaknesses were found in architecture and code implementations, however, over the years there have been improvements made by the major device producers in the architecture and software implementations of these devices and ultimately their resilience and security against such attacks.

While improved device resilience and security against malware is very positive, app producers and organizations that rely on mobile devices must understand the risk of the software architecture and code implementation on these devices and take action. Otherwise, the weaknesses introduced at that stage result in vulnerabilities and therefore breaches.

Some questions to ask of your organization to assess your own risk include: Do you run high risk transactions on mobile apps? Do you allow your users/customers to use that app on all devices? Do you know what weaknesses and therefore risks are present on those devices? How do you mitigate against them?

Jason Soroko, Senior Fellow at Sectigo:

One of the reasons some people like to root their Android device or jailbreak their iOS device is to have the ability to sideload applications. Sideloading bypasses the official app store’s rigorous vetting process, leaving devices exposed to malware, unauthorized code, and other security risks. 

With Apple now forced in Europe to allow sideloading, the safety net of curated applications is eroded, increasing the potential for compromised apps and systemic vulnerabilities that attackers can exploit to access sensitive data and undermine device integrity.

Spyware on iOS and Android often hinges on jailbreaking or rooting to breach core security measures. By circumventing built-in OS restrictions, attackers secure elevated privileges that allow them to install and conceal spyware. This malicious procedure typically starts with exploiting a device’s vulnerability or tricking users into compromising their own systems, ultimately enabling the spyware to operate undetected, monitor activities, and extract sensitive data.

J Stephen Kowski, Field CTO SlashNext Email Security+:

Mobile device security is a critical concern that’s often overlooked in corporate planning. When employees root or jailbreak their devices, they’re essentially removing crucial security guardrails that protect both personal and company data, creating significant attack vectors for threat actors. 

Rather than implementing an all-or-nothing approach to personal devices, companies should consider deploying advanced threat detection that can identify compromised devices, block phishing attempts, and prevent lateral movement within networks without disrupting employee workflows. The real solution requires both technical controls and financial planning, recognizing that secure mobile access is now as essential to knowledge workers as computers were decades ago, and budgeting accordingly for proper protection.