it used to be one of the most popular things to do in the android world, besides the plethora of custom roms. rooting allows all sorts of new functionality to any device, and it’s still really useful even now in 2026

ive grown up with supersu and the enormous amount of ‘1 click roots’ (kingoroot kingroot wtv) during the android 4.x.x era especially, when cyanogenmod was still predominant and people were still using clockworks recovery (is that how it was called?)

nowadays, android and rooting have both evolved, alongside the linux kernel itself. we now have systemless root solutions, systemless modules, safe zygote injections, kernel-level root, etc. its way easier to apply and use root now than it used to be.

safetynet

then came google’s attempt at killing this off. modders were breaking apps and people started thinking android is an unsafe platform (i suppose) so google implemented something called SafetyNet. it involved checking for exposed su binaries and validating props, both of each were spoofable

it didnt really take too long before google pushed for hw-backed safetynet, but root users found that they could force basic attestation regardless if they had hw-backed attestation available, meaning they could still pass it with ease

but now we’re in 2026. google’s safetynet has transformed into ‘play integrity api’. theres 3 levels of attestation: basic, device, strong.

• basic means that key attestation worked at least
• device - ka verified the device that its genuine
• strong - ka verified the device is recent and a safe environment.

all of those checks are made using hw directly, so it cant be spoofed as easily as before. those require valid ‘keyboxes’ which are not only harder to extract, but also get revoked really easily and fast once leaked.

then there’s a new thing called ‘rka’ or ‘remote key attestation’ where instead of using google’s servers for ka, you use someone elses (or a proxy? still unsure tbh). but its gatekeeped, the server code is obviously proprietary, and its mostly a paid service. though, RKA keys do last longer than keyboxes, even when paid.

complexity

as root solutions have evolved, they’ve been getting more and more sparse and complex. your first step in rooting any modern phone nowadays (besides unlocking bl and flashing a custom recovery) is choosing which solution you should use:

• magisk (original, alpha, delta, kitsune) - quite literally the standard atp, its not bad but i honestly dont really like it
• apatch (former kernelpatch) - for older kernels n stuff, its nice and functions decently well
• kernel su (-next, rksu, sukisu, resukisu, etc.) - probably my favorite despite having so many forks

after that youll need to choose your zygisk implementation (either magisk’s builtin, or zygisk-next, rezygisk, etc.), and usually youll also need an *posed solution (lsposed, lsposed it, vector, lsposed next, relsposed, etc.)

and honestly, thats fine, its still pretty easy, but if you wish to use certain apps off the playstore (banks, E-ID’s, mcdonalds), youll need a few more modules:

• tricky store (or tee simulator) - fakes ur stuff using a keybox, needed to pass PI API
• (optionally) playstrong if youre using rka instead
• youll also need corepatch and having to downgrade google play if youre using playstrong
• hide my applist (-OSS) - legit says what it does, needed to pass PI
• PIF inject since it fixes basic and device integrity usually
• (magisk only) shamiko or some other module to hide magisk
• (apatch only) nohello + cherish peekapoo (no idea what they truly do, i never bothered to check + i dont use apatch)
• (ksu) susfs with a susfs patched kernel; not always necessary, nowadays you should be able to hide root even w/o susfs, but it sometimes eases the process
• unironically probably a few more i missed, and some of those r probably *posed modules but eh

okay done i did it what now

congrats! youre fine for now. its all well and good until your keybox or rka token gets revoked, and youre stuck with basic or device integrity. its not that big of a problem since some banks dont care about it that much, but certain apps require you to have strong integrity. it really varies from person to person, but one may either lose access to their 2fa (authy, just switch to sth like aegis pls) or their E-ID (IO, italian thing).

and also, this entire play integrity bullshit also affects sw like graphene os, which is widely known as being vastly safer than any other google device. ironic, really.

oh and dont get me started on google wallet. ive been getting used to the convenience of using it (i dont care about google knowing all my purchase data) and now im paying contactless primarily via phone. and guess what! wallet requires device integrity, but if it hates you, it’ll still straight up not work and refuse to do payments! even though it should! theres no fucking reason why it shouldnt!

so why even root now

with stuff like shizuku, rooting seems and feels pointless nowadays. but it really isnt. theres still so much stuff you CANT do with adb privileges, and they also vary from manufacturer to manufacturer, not to mention even google may start restricting adb permissions whenever theyll feel like it.

im a modder and a user of app mods, and always have been. stuff from tiktok to youtube to even stuff like camscanner are all modded. and while non-root solutions (URV/morphe, lspatch) exist, they cannot be applied to system apps, and they also cant have dynamic updates. take instagram + instaeclipse for example. instagram updates almost daily, and in order to keep up with features id need to repatch the app every single time, which is tedious. *posed solutions themselves are much MUCH more convenient.

then theres stuff like pairipfix (or another module i cant remember the name of) which bypass that stupid “get this app from play” prompt, despite the app being installed under com.android.vending via adb.

and rooting also means you have an unlocked bl, which in theory means you can switch to a custom rom (e.g. xiaomi.eu for hyperos) which may have plenty of other features, among which could even be performance and battery improvements.

theres definitely at least one reason why youd want to root nowadays, but its really mostly because of convenience. you can automate tasks way more easily with root perms than you would with adb perms. and you can also access app’s /data/data folders, without them being debuggable (really useful for certain apps! camscanner for example keeps its ‘vip’ state in a shared_pref lolll)