Shortly after Pokemon Go launched in the summer of 2016, Niantic updated the app to block all Android phones that had been rooted. This didn’t come as much of a surprise, considering roots can lead to cheating (especially in online games), but this past weekend, Niantic took its war on rooted phones one step further.

On August 17th, a user on the XDA Developers forum revealed that after he updated his stock, unrooted Galaxy Note 4 to v 0.115.2 (the latest version of Pokemon Go on Android), he received an unauthorized device error and could not log in. Now, here’s where we have to note that the user had rooted his phone in the past, but had since unrooted and reflashed it. He couldn’t find any “root residue” left on his phone, yet he was still unable to log in.

Unsure of what to do next, the user decided to scrub the external and internal SD cards of his Note 4 as well to see if a file or folder in his storage might somehow be the culprit. Lo and behold, the next time he tried to log in, the error message had vanished. Here’s why this is significant, in the words of .NetRolller 3D:

Bottom line: Pokemon Go is abusing its storage read permissions to scan the storage for evidence of rooting. Magisk will need to redirect Pokemon Go’s storage accesses to controlled “sandbox” directories, and prevent it from reading the real internal or external storage. (Simply blocking storage access won’t work, as the game actually writes to internal storage.)

In other words, Niantic is taking advantage of the permissions that you grant the app when you run it to sift through your storage and check for any files that might suggest your phone is or has been rooted. Android Police tested the theory by simply creating a blank folder titled “MagiskManager” (a tool for rooting Android devices) and was promptly locked out of the game. Even legitimate players are being punished with this update.

Comments