There is no reliable means of detecting a rooted condition on a device where hardware protections have been overcome by exploiting software vulnerabilities.

At best you can detect the presence of particular toolsets or scan for things that aren't supposed to be there or changes in files that are - but that requires knowledge of what a given installation should look like, and assumes that the OS functionality you are using to make the checks hasn't been modified to hide the changes.

To reliably scan, you need to be sure trusted code runs at a lower level than untrusted code; a rooted device is one where this assurance has been fundamentally broken, or where the end user is trusted more than you the developer are.

You can achieve this from a terminal command and you can run terminal commands within an app.

if [ ! -z "$(/system/bin/ps -A | grep -v grep | grep -c daemonsu)" ]; then echo "device is rooted"; else echo "device is not rooted"; fi

Your application also doesn't require root access this way.

Use this code:

Process executor = Runtime.getRuntime().exec("su -c ls /data/data");
executor.waitFor();
int iabd = executor.exitValue();
if(iabd != 0){ /*process exit value is not 0, so user is not root*/ }else{ /* user is root*/ }

In your case, you should kill the process after executing it for the job which is done before returning. The following changes to your code should do the thing.

public int checkrootcommand(String string) {
    // TODO Auto-generated method stub
    Process exec = null;
    try {

        exec = Runtime.getRuntime().exec(new String[]{"su","-c"});

        final OutputStreamWriter out = new OutputStreamWriter(exec.getOutputStream());
        out.write("exit");
        out.flush();

        Log.i(SUPER_USER_COMMAND, "su command executed successfully");
        return 0; // returns zero when the command is executed successfully
    } catch (IOException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } finally {
        if (exec != null) {
            try {
                exec.destroy();
            } catch (Exception ignored) {
            }
        }
    }
    return 1; //returns one when the command execution fails
}

You may not be able to universally detect whether phone is rooted or not but you should be able to request and then confirm is your app can access root by running id as root e.g., su -c id validate if the command executed successfully and the output contains uid=0 i.e., the uid of the root user.

Method 1 : Application asks for ROOT access :

Add this in your app-level gradle build file :

dependencies {
    compile 'eu.chainfire:libsuperuser:201501111220'
}

Now,

System.out.println(Shell.Su.available());
//Outputs true if user-granted else false

Method 2 : Application doesn't asks for ROOT :

boolean deviceisRooted() {
            String[] filespaths = {"/system/app/Superuser.apk","/sbin/su", "/system/bin/su","/system/xbin/su"};
            for (String xyz : filespaths) {
                if (new File(xyz).exists()) return true;
            }
            return false;
        }

System.out.prinln(deviceisRooted());

//Outputs true if device is ROOTED else false
//Doesn't asks user
//Also returns true IF NOT PROPERLY ROOTED (But ROOTED somehow)