The back and forth between Google developers and Android modders is an eternal cat and mouse chase. But unlike in the cartoons, this is hardly entertaining. It is also a battle where both sides are right and wrong at the same time. Case in point is the latest tug of war between Magisk developers and Google’s SafetyNet root detection system. While the upper hand currently belongs to Google, Magisk developers are just as passionate and committed and are already on the verge of releasing a fix to turn the tide again.
What is Magisk in the first place? Short for “Magic Mask”, it is, in practice, a replacement to the popular SuperSU root access utility. Unlike SuperSU, however, Magisk doesn’t modify the critical /system partition, making it what is called a “systemless” interface. The most important implication of that is that Magisk can “hide” a device’s rooted status from apps far better than SuperSu can. That means apps that wouldn’t work on rooted devices, particularly things like Android or Samsung Pay, will work.
That was until Google silently introduced SafetyNet. This new security system gave app developers a more powerful way to detect whether a device is rooted or not and take action, either by blocking access, hiding the app in Play Store, or doing nothing at all. SafetyNet, for a time, was able to see through Magisk’ mask. Since then, developers from both sides have almost frantically pushed out updates to outdo the other.
For now, SafetyNet still sees through the veil, but a Magisk update is around the corner to fix that. Until then, Magisk users can enter the following commands, via an Android terminal or ADB, to work around the detection:
resetprop --delete init.svc.magisk_pfs
resetprop --delete init.svc.magisk_pfsd
resetprop --delete init.svc.magisk_service
resetprop --delete persist.magisk.hide
Those using the Magisk core module will also need to enter one additional command:
resetprop --delete ro.magisk.disable
These command need to be entered every time the phone is rebooted, so best to do it via a script. Or wait for the official update that will make all that unnecessary.
As mentioned, this is a never-ending battle with no clear winner. Users do have some amount of right to do what they want with their devices, be it hardware or software. Especially the software, given that it’s open source. That said, Google understandably sees rooting as a security disaster waiting to happen. At the same time, it might also be trying to kiss up to content providers that refuse to work on rooted devices for fear of piracy. Magisk developers believe that, since Magisk runs as root and SafetyNet doesn’t, they have the upper hand. At least until Google decides to take more drastic measures.