Magisk is a very sophisticated systemless rooting technique that can bypass Google's SafetyNet attestation and allow apps like Google Pay, many banking apps, and even Fortnite and Pokémon Go games to be installed on a rooted Android device. Rooting an Android device is popular to allow the user to customize and tweak their device by allowing the installation of third-party apps and tools, removal of bloatware, and speed up the processor and network.

The problem with rooting your device is malware and malicious exploits can also be downloaded and installed onto the device often without the user knowing. These specific apps mentioned previously, check that the device is not rooted and pass Google SafetyNet attestation before the app can run correctly on an Android device.

Magisk using the Magisk Hide feature attempts to evade root detection, but Ivanti UEM for Mobile and Mobile Threat Defense are able to detect and remediate this updated Magisk rooting technique. This helps protect the user’s personal and work data from being harvested by malicious threat actors by providing multiple layers of protection using our device machine learning, and is augmented by our cloud-based threat detection and intelligence engines.

For more information, check out the quick demo video below of Ivanti Unified Endpoint Manager and Ivanti Mobile Threat Defense in action, and request a full private demo through our website.

James Saturnio - Updated Magisk Systemless Root Detection and Remediation