The root detection in application can be bypassed using Magisk Hide option

[dimustriz]

Hi Team,

The Magisk Hide option allows to bypass the root check.

Please find a description from our Penetration test result:

1. Open the Magisk Manager application and navigate to "Settings" option.
   https://www.xda-developers.com/how-to-use-magisk/
2. Enable "Magisk Hide" option and restart the application.
3. Checkmark the application under "Magisk Hide" activity.
4. Now, open the application, log in and browse all the functionalities. Now, connect your rooted Android device with local system.
5. Run the following command using adb:

adb shell
$ su
# ps | grep com.deloitte.dnmobile.deloitteconnect.uat # id

Observe that the application is running on the rooted device as a process.

I have found a suggestion on this: https://darvincitech.wordpress.com/2019/11/04/detecting-magisk-hide/ (see the implementation here: https://github.com/darvincisec/DetectMagiskHide/blob/master/app/src/main/c/native-lib.c)

Could you try to check and fix the issue?

Thank you in advance,
Dmitry

[mina5500]

@nmilcoff