Pokemon Go Check for Empty ‘MagiskManager’ Folder, it May Root your Phone and Get Access to Personal Files

Trainers, reports are coming in and you might not be happy with the final result – it looks like Pokemon Go is abusing its permissions to read internal storage on your device!

With the latest Pokemon Go update, 0.115.2 the company behind Pokemon Go can now go through your device’s internal storage, trying to identify any files related to rooting your phone and will proceed to lock you out once it has decided it found something it didn’t ‘like.’

Based on the findings of .NetRolller 3D, it looks like Pokemon Go might be scanning the entirety of your personal data. After reading the findings below, you might think why does everyone seem so sure that the game/app is abusing the storage permission setting? Well, “It’s not just looking for folders, it’s looking for files too and I don’t think a mobile game has any business doing that, especially if their ToS only outlines gathering “information about third-party applications installed on your device,” explains fw85.

Alright, this is nasty.

I’ve updated to v0.115.2 on my _stock, unrooted_ Note 4 (it was rooted before, and has its Knox fuse blown,. but has been compoletely unrooted and reflashed to stock since then; system status is “Official”). It immediately gave me the unauthorized device error. I double-checked to make sure nothing was left behind from the former root – I even went as far as installing TWRP to check the data & cache partitions for any root residue, finding nothing, and then again reflashing a full stock ROM using Odin. I checked again for root-related apps, as well as anything Niantic may consider a cheating app (like Calcy IV), and get rid of everything that could even be remotely suspicious. No dice, still unauthorized device.

What finally got it to work shocked me beyond belief. I went through the internal & external SD card, and deleted everything related to rooting (flashable-looking zips, APKs of root-related apps, logfiles, Titanium Backup, any folder with “root”, “magisk” or “xposed” in its name, etc – many of them stuff I copied over from my previous phone, never installed on this one). And magically, Pokemon Go started working!

Bottom line: Pokemon Go is abusing its storage read permissions to scan the storage for evidence of rooting. Magisk will need to redirect Pokemon Go’s storage accesses to controlled “sandbox” directories, and prevent it from reading the real internal or external storage. (Simply blocking storage access won’t work, as the game actually writes to internal storage.)

Now, try to repackage the manager app, delete its directory on the internal storage, along with any other flashable .zip files and you’ll no longer have a problem with the game.

For last, I would like to thank fw85 for his hard work and for making this clear for everyone!

Hello, fellow readers! If you want to get in touch with us and participate in our discussion boards, make sure you visit our Forums. We are more than sure you will find something useful there, as most of the news are coming in there first. The forum is new, so be among the first ones to say Hello!

Dejan Kacurov

Hi, gamers! You can call me Mr. DComplex. I'm a gamer, a hardcore gamer. My favorite genres are Action RPG and MMORPG. At the moment I'm using my PC as my only gaming platform, but soon I might get a new PS4 from Angel. Update - Angel did get me a PS4, oh wait, it's the PS4 PRO 1TB!!! Much love bro!


    1. And that somehow excuses it reading files it wasn’t authorized to read. Right?

      And yes, please repeat “idiot” as many times as you can.

    2. Only Idiots like you don’t understand rooting
      Some phones come with bloatware that take up most of the storage, some people want to make their kindle fire a better device, and some people want to add mods to their games. I will say the idiots are also the ones that root to hack stuff.

  1. Your title it outright incorrect. At what point does Pokemon Go attempt to root your phone?

    Secondly, what the fuck. At this point, it should be treated as an invasion of privacy.
    Root is required for many of my development processes, and a company taking it upon themselves to block users is outright bullshit. Is extracting every last penny from users that important? If they want to check IVs, or move to locations they can’t physically access, so be it. It should not be Niactic’s job nor problem that needs fixing.

    How about investing some development time into stable servers, battery optimization, or literally anything else?

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button