This isn’t going to end well…
I’ve nothing but respect for XDA recognized developer topjohnwu, but brazenly tweeting Google to boast that you’ve thwarted their tampering detection for Android is kinda dumb. I mean, it’s fantastic that he was able to do it, just dumb to brag about it.
I first wrote about topjohnwu’s Magisk last month, and have been relying on it ever since. It’s killer feature, Magisk Hide, does what no other Android rooting solution has been able to: hide root from SafetyNet-enabled apps. So Android Pay now works with root; ditto for other banking apps, Netflix, Nintendo games, and so on.
The first hurdle for Magisk came two weeks ago, when the Magisk Manager app was pulled from the Play Store, not a huge deal because the flashable zip file—which includes the Magisk Manager apk—remains on XDA. Now a SafetyNet update seems to have broken Magisk Hide, but the issue is easily solved by updating to a beta version of Magisk. The sole developer of this incredible effort took to XDA to assure users:
I personally think there really is no effective method to prevent magiskhide to work, unless there exist some ways that’s beyond my knowledge; they add more checks, and I hide more. Since Magisk is running as root but the SafetyNet checks are not, we are more privileged than the detection method, and as a result we have MUCH more control over what the SN process can see.
I don’t doubt any of this, but I really hope that topjohnwu’s Twitter braggadocio doesn’t draw the ire of Google and end up ruining Magisk for everyone.