Test if Phone was Ever Root-ed

Interesting question. It would depend on how much effort someone went to to hide it and what phone model they have.

For example, with an S-On HTC you could tell that the bootloader had been unlocked, even if it had since been relocked. Wouldn't tell you the current ROM had been altered, but would indicate that the phone had been modded at some point. But if the phone was S-Off you could reset the lock flag, then set the phone S-On, and there would be no indication.

A Samsung with a tripped Knox fuse would be a give-away, but that's rather device-specific and hardly a general test.

And if we assume the person removed both the SU app and the superuser binaries from the ROM I can't think of a simple way of telling from the system software.

So the best I can think of is to check whether there are signs of the bootloader being unlocked. As noted above, someone who is really trying to hide it and knows what they are doing may well be able to, but it will at least provide an indication in many cases.

Of course if they unrooted by flashing a complete set of official software of the right branding for the phone then there's no problem. Otherwise, if you want to be absolutely certain, that's what the buyer would have to do: reflash the phone completely.

 

I've no experience of asking carriers to reflash a phone. I'd expect that they could do it if the phone was originally one of theirs (whether they would, what they'd charge, I don't know. I could imagine it depending who you spoke to).

If not I don't know: for example, an HTC RUU package will check the customer ID, so if someone buys an HTC that was originally locked to a different network but has now been unlocked, the new carrier's RUU will refuse to update it. Of course there are ways, but I don't know how far the carrier would be prepared to go for the customer in this circumstance.

But any phone, my guess is probably not. If the model isn't one the new carrier ever sold themselves I can't imagine they'd want to do anything.

 

Think it depends on the phone, if you can tell if it was ever rooted or not. Many recent Samsungs have the Knox counter or e-fuse, which can't be user reset AFAIK. The whole idea of Knox is to ensure the phone hasn't been tampered with, integrity of the firmware and only authorised apps and services can start at boot, it's trusted secure boot. Verizon Droid phones might have a locked bootloader, and if it's unlocked, can the manufacturer's lock be restored or not. On the other hand things like Oppos, Xiaomis, Vivos and some other Chinese phones, can very easily be restored to a factory unrooted state, and there's absolutely no way of determining if they were ever rooted or not.