Pokemon Go Check for Empty ‘MagiskManager’ Folder, it May Root your Phone and Get Access to Personal Files

Trainers, reports are coming in and you might not be happy with the final result – it looks like Pokemon Go is abusing its permissions to read internal storage on your device!

With the latest Pokemon Go update, 0.115.2 the company behind Pokemon Go can now go through your device’s internal storage, trying to identify any files related to rooting your phone and will proceed to lock you out once it has decided it found something it didn’t ‘like.’

Based on the findings of .NetRolller 3D, it looks like Pokemon Go might be scanning the entirety of your personal data. After reading the findings below, you might think why does everyone seem so sure that the game/app is abusing the storage permission setting? Well, “It’s not just looking for folders, it’s looking for files too and I don’t think a mobile game has any business doing that, especially if their ToS only outlines gathering “information about third-party applications installed on your device,” explains fw85.

Alright, this is nasty.

I’ve updated to v0.115.2 on my _stock, unrooted_ Note 4 (it was rooted before, and has its Knox fuse blown,. but has been compoletely unrooted and reflashed to stock since then; system status is “Official”). It immediately gave me the unauthorized device error. I double-checked to make sure nothing was left behind from the former root – I even went as far as installing TWRP to check the data & cache partitions for any root residue, finding nothing, and then again reflashing a full stock ROM using Odin. I checked again for root-related apps, as well as anything Niantic may consider a cheating app (like Calcy IV), and get rid of everything that could even be remotely suspicious. No dice, still unauthorized device.

What finally got it to work shocked me beyond belief. I went through the internal & external SD card, and deleted everything related to rooting (flashable-looking zips, APKs of root-related apps, logfiles, Titanium Backup, any folder with “root”, “magisk” or “xposed” in its name, etc – many of them stuff I copied over from my previous phone, never installed on this one). And magically, Pokemon Go started working!

Bottom line: Pokemon Go is abusing its storage read permissions to scan the storage for evidence of rooting. Magisk will need to redirect Pokemon Go’s storage accesses to controlled “sandbox” directories, and prevent it from reading the real internal or external storage. (Simply blocking storage access won’t work, as the game actually writes to internal storage.)

Now, try to repackage the manager app, delete its directory on the internal storage, along with any other flashable .zip files and you’ll no longer have a problem with the game.

For last, I would like to thank fw85 for his hard work and for making this clear for everyone!