Closed soyunpavelfragil closed 5 years ago
topjohnwu
commented
5 years ago It is absolutely impossible for an app to automatically gain root access unless another app that is signed by the same private key (other apps from WeChat).
The simplest way to prevent them from asking for root access is to add them into the MagiskHide list.
soyunpavelfragil
commented
5 years ago It is absolutely impossible for an app to automatically gain root access unless another app that is signed by the same private key (other apps from WeChat).
The simplest way to prevent them from asking for root access is to add them into the MagiskHide list.
Of course I tried to add it to Magisk Hide list, but when I open EdXposed Log module, it still shows that [Wechat has been granted Superuser permission].
Ingan121
commented
5 years ago I think it could be a bug with MM's superuser notification. For me, when I run su on adb shell, 'Samsung Members has granted superuser rights.' appears instead of 'Shell has granted superuser rights.'
soyunpavelfragil
commented
5 years ago I think it could be a bug with MM's superuser notification. For me, when I run su on adb shell, 'Samsung Members has granted superuser rights.' appears instead of 'Shell has granted superuser rights.'
I tried to run su on adb shell/terminal app, it showed that Shell has granted superuser rights. But the first time I did this, it showed me a dialog with Grant and Deny for choice. I think it is different from the situation I faced with WeChat app/Magisk Superuser.
Ingan121
commented
5 years ago @soyunpavelfragil I meant that there is a bug on superuser notification which shows a different app, not the actual app used superuser (apps in this case seem to be random but constant). I think that the notification message should have shown EdXposed Manager(/Installer), not WeChat. (EdXposed Manager uses root for getting logs.)
soyunpavelfragil
commented
5 years ago @Ingan121 Got it. It could be like this, for in the Superuser list Wechat does not exist. Just do not know why and anxious about the POSSIBLE logging/uploading on behalf of root brought by Wechat (You know why lol)
@topjohnwu Would you mind please help check this problem for a second time, to make sure that no possibility for CN apps like Wechat to bypass Magisk to grant root access?
App name 'Wechat' only exists in:
Hello,
Recently I found that WeChat requested for Superuser (root) permission when I tried to view modules log of EdXposed Framework, and WeChat got it granted automatically, while the Magisk Manager app never asked me to grant that, and I cannot deny it in the module of Superuser like the other apps, which makes me very anxious.
Please consider help. I think adding one function just like 'Forbid Root Permission Request‘->Open application list to add an app, will help a lot. But I am also curious about the method that WeChat used to bypass the normal request process.
Device: Redmi 7 P, with ROM of xiaomi.eu (Android 9, MIUI 10.5) Environment: Magisk 19.3(19300), Magisk Manager 7.3.2(224), EdXposed Manager 90.0-v0.4.5.1_beta(4463,SandHook). Wechat is from Google Play, and in the Black List of EdXposed/Magisk Hide opened.
Attached files are screenshots from related scene, includes the installed modules of EdXposed, and (the one cannot manage WeChat) Superuser module of Magisk.
BTW, please be aware that the popular taxi hiring app in Mainland China, Caocao(曹操出行/曹操打车) will also request for root permission with no other description about that.