The detection of 'root' is not just a simple check of files, we also check several apps that would gain access to the root file system and/or can modify such (this is proprietary to us as well). The device logs will show you malware or similar warning. There are times that new devices with a newer rom than what we have "certified" may also fail compliance on root. If the compliance action is "Wipe" or "Close Good" we wont have access to get the logs from the device to confirm.

More...