• BLOG
  • Magisk: Dangers of Rooting your Android Device

Magisk: The cyber arms race is real!

October 03, 2019
Magisk Android Device Rooting, Dangers of Rooting Android w/ Magisk, Android vulnerabilities

What is rooting?

Before we describe Magisk, let’s first define what rooting your Android device is. Rooting is a process that allows the user to gain root access privileges to their Android operating system (OS). It’s comparable to the process of jailbreaking your Apple iOS or iPadOS device. Rooting and jailbreaking grants the user privileges to modify the OEM software and system apps; it allows them to customize their mobile device by installing apps that the manufacturer would normally block. These are apps that are not downloaded from sanctioned app stores like the iOS App Store or Google Play Store.

 

What is Magisk?

Magisk is a systemless root technique that does not modify any system files within the /system partition. It basically leaves the OEM bootloader files within its logical partition, while it writes rooting libraries and any modifications in a separate partition. So, what does this achieve? The immediate benefit of using a systemless root is it successfully evades Google’s SafetyNet Attestation that checks for device tampering, and block certain popular apps like Android Pay, Netflix, and Pokemon Go from being installed or working properly on the mobile device. Also, normal over-the-air (OTA) updates to the Android system are still permitted since the original system files are still intact.

Magisk is a more advantageous alternative to other traditional rooting methods like Chainfire’s SuperSU, which does modify the system files during its installation and is unable to evade the Google SafetyNet checks. This rooting method is persistent over reboots, although it can be removed just by performing a factory reset of the Android device. Other methods require reinstalling the OEM bootloader files.

Magisk is also updated very frequently. While Android updates and patches their OS, the developer of Magisk comes out with a root shortly thereafter. For example, there was a Magisk root before Android Q was even released to the public because the beta was used to create the rooting update.

 

What cool things can I do with Magisk?

Enabling the Magisk Hide feature within Magisk Manager allows the user to select the threat detection apps and evade detection.

  • You can use financial or banking apps
  • You can use Snapchat without any issues
  • You can also play Pokemon Go on your rooted Android device
  • You can install OTA updates on your device
  • You can also install Systemless Xposed framework on your Lollipop and Marshmallow devices.
  • You can use Android Pay
  • You can also bypass Google SafetyNet Attestation checks

Source from https://magiskmanager.com/.

 

Conclusion

The appeal to use the Magisk method to root your Android device may be strong, but the immediate consequences of doing this and installing unsanctioned apps that are not rigorously vetted by the OEM for malicious content hidden in the app is just bad mojo. This is a commonly used threat vector for bad actors to take over your device without you knowing. Enterprises would not allow rooted Android devices to connect to the corporate network or cloud resources if the potential for threats living on the device is known. Allowing this means the malicious exploit could jump from the device to the corporate network to harvest more credentials or sensitive data.

The video below shows the power of MobileIron’s unified endpoint management (UEM) and mobile threat defense working in tandem to detect the Magisk systemless root, and highlights the importance of Android device management. UEM will detect the device health during its enrollment and then halt the onboarding process by blocking the installation of VPN, WiFi, email, identity certificates, managed apps, and content. If the device is already enrolled in UEM during the rooting process, MobileIron Threat Defense (MTD) can enforce a quarantine or selective wipe compliance action to protect the user’s personal and work data.

 

Magisk Systemless Root Detection and Remediation from MobileIron on Vimeo.

 

If you would like to learn more about MobileIron’s mobile device management (MDM) solutions, please contact a MobileIron Sales representative here.

James Saturnio

James Saturnio, Senior Solutions Architect at MobileIron

About the author

James Saturnio is a Senior Solutions Architect for the Technical Marketing Engineering team at MobileIron. He immerses himself in all things cybersecurity with equal parts mobility and IoT technologies. He has been with MobileIron for 5 years. Previously, he worked at Cisco Systems for 19 years where he started out as a Technical Assistance Center (TAC) engineer, then a software engineer, and as a Technical Leader in the Security Technology and Internet of Things (IoT) business units. He was the main architect for the IoT security framework that is still being used today by Cisco’s IoT customers.

Similar Blogs