Pokemon GO scans users’ files to root out rooted phones

JC Torres - Aug 20, 2018, 10:19 pm CDT
0
Pokemon GO scans users’ files to root out rooted phones

While rooted devices may have security implications for owners themselves, they’re also seen as potential threats to one specific class of Android apps: online games. Rooted devices have the potential to install modified versions of the game that could, in theory, give players an unfair advantage. That’s why some developers, by default, prevent rooted devices from playing their games. While that may be understandable, Pokemon GO developer Niantic Labs is using a rather controversial method to do so.

There are different ways to detect a rooted device but Pokemon GO is allegedly using a crude and unreliable path. The game is being accused of abusing the “read storage permission” that players grant it for a completely different purpose in order to scan the phone’s file system. It then looks for certain files and folders, like a MagiskManager directory, as evidence of a rooted device and blocks the phone from connecting to the servers.

That fact that Pokemon GO crawls through places where it should not is already irking some users. The method’s fallibility, however, is causing more than just concern but headaches as well. The app doesn’t actually check whether the device is rooted, so those with certain files and folders, perhaps from uncompleted rooting attempts, still find themselves locked out of the game.

And then there’s the fact that those savvy enough to root their phones are also knowledgeable enough on how to get around the process. It involves deleting or hiding the files and folders that are known to trigger the anti-root block and that’s pretty much it. Revoking Pokemon GO’s permissions to read storage doesn’t help at all.

While Niantic is definitely within its rights to protect its game, even if that means blocking rooted devices, it should have implemented a more robust way to check those devices. Then again, modders and hackers almost always find ways to circumvent those. It could take a page out of Epic’s Fortnite book, but that’s probably going to end up even worse for both Pokemon GO players and Niantic Labs.


Must Read Bits & Bytes