Earlier today, reports started coming in of Google updating their Play Services and causing current “safe” root methods like Magisk to fail SafetyNet checks again. This meant that devices with root and other modifications once again got detected by SafetyNet, and subsequently, got blocked when attempting to use SafetyNet-reliant applications such as Android Pay.
XDA Recognized Developer topjohnwu has commented in the Magisk forum thread to assure users that he is aware of the changes and has already completed the requisite modifications to bypass Google’s SafetyNet check again while still retaining root and Magisk module functionality.
In a subsequent clarification post, topjohnwu mentions that the SafetyNet failures were caused by Google making their detection even stricter, but the developer was able to work around it. There are currently no builds available for users to flash and bypass the new policies just yet, but we can expect one in the future. The situation is under topjohnwu‘s control, so all we can do at the moment is wait for the next Magisk beta.
Topjohnwu further expands that there may not exist any effective method to completely prevent magiskhide from working. So when Google introduces new checks for SafetyNet, magiskhide needs but an update to go back to being one step ahead. This is made possible because Magisk can run as root, while the SafetyNet checks cannot. The privilege advantage allows Magisk much more control over what the SafetyNet process can see.
What is difficult is finding out a good way to hide the main Magisk Manager application. Several apps have started detecting the presence of the Magisk Manager app through its package name as Android allows any app to know what other apps are installed on a device. This “check” is rather rudimentary as changing package names is a trivial task for the main app developer (though it remains a decision which comes with its own drawbacks). The action of simply having a particular app installed also does not substantially prove the existence of modifications, so the “check” also yields a fair amount of false positives.
But because this type of checking is rudimentary, implementing it is easy for developers who are looking for “modication-free” devices for their apps. Magisk can hide itself from these apps by simply changing its package name, but the apps can then start checking for the modified package name; and so on and so forth, thus providing no real end to this problem to either side.
A possible solution for Magisk against this rudimentary checking is to inject code into Android’s PackageManager to filter out Magisk Manager from the installed apps list. This can be done either through Xposed (but Xposed itself breaks SafetyNet, and Xposed is limited to older Android versions) or by directly patching the framework’s Java code through modified oat/dex files.
For now, Topjohnwu does not wish to focus on bypassing these rudimentary checks as the main point of interest for magiskhide is bypassing Google’s SafetyNet checks. Users can look forward to an update soon that will allow SafetyNet reliant apps to start working again alongside root and Magisk modules, though we request users to not trouble the developer by asking for ETAs on the same.
What are your thoughts on this cat-and-mouse game between Google’s SafetyNet and Magiskhide? Let us know in the comments below!Source: Magisk Forums