Root tool Magisk may not be as powerful as it once was ever since Magisk Hide is all but dead, but as long as you don’t rely on apps that you need to hide the rooted status of your Android phone from, it’s still great to get more control over the device you own. And now, the tool has received a big release as part of version 25.0, which comprises a full rewrite of how the software initializes itself during the boot process.

As Magisk developer John Wu shared in the release notes for Magisk beta version 25.0, a big part of magiskinit has been rewritten. The problem is that since Android 8 and the introduction of Project Treble, it has been increasingly difficult to maintain clean code in the face of ever more complex file storage structures and more action during the boot process, with Wu admitting that no single person, including himself, really truly grasped how magiskinit truly works. With this software increasingly hard to maintain, it was time for a full rewrite. Wu notes that as this is a significant tweak to how Magisk hot-patches a device during the boot process, root app developers will have to arrange themselves with some changes. For a more technical deep dive, be sure to check out the release notes yourself.

Another big change comes in the form of superuser security enhancements, i.e. the way that Magisk grants root permissions has been improved. The rewritten system makes it harder for malicious code to take advantage of root privileges, using a new package tracking system and a new root manager APK signature verification that’s meant to stop unofficial Magisk app mods, since Wu considers these a security problem. Since Magisk has full unchecked access to root, a modded Magisk app could potentially open backdoors to your device. The goal here isn’t to lock users into the official Magisk app, but rather to ensure that both the underlying root implementation and the Magisk app itself come from the same vendor. Wu notes that developers can sign their own keys to provide alternatives to the official Magisk implementation, and there are official debug builds that skip any signature verification for development

Other than these big changes, Magisk v25.0 also adds a few smaller updates. It now supports generic kernel images of Android 13, allowing you to root away on Google’s latest OS release. The Oculus Go is also now in the roster of supported devices. Further changes are listed in the detailed changelog:

  • [MagiskInit] Update 2SI implementation, significantly increase device compatibility (e.g. Sony Xperia devices)
  • [MagiskInit] Introduce new sepolicy injection mechanism
  • [MagiskInit] Support Oculus Go
  • [MagiskInit] Support Android 13 GKIs (Pixel 6)
  • [MagiskBoot] Fix vbmeta extraction implementation
  • [App] Fix stub app on older Android versions
  • [App] [MagiskSU] Properly support apps using sharedUserId
  • [MagiskSU] Fix a possible crash in magiskd
  • [MagiskSU] Prune unused UIDs as soon as system_server restarts to prevent UID reuse attacks
  • [MagiskSU] Verify and enforce the installed Magisk app’s certificate to match the distributor’s signature
  • [MagiskSU] [Zygisk] Proper package management and detection
  • [Zygisk] Fix function hooking on devices running Android 12 with old kernels
  • [Zygisk] Fix Zygisk’s self code unloading implementation
  • [DenyList] Fix DenyList on shared UID apps
  • [BusyBox] Add workaround for devices running old kernels

Rooting Android isn’t as necessary as it used to be in the past, but it’s nevertheless something that will give you full control over your phone, especially once you learn everything about how to install and use Magisk modules on your phone.