The Magic Mask for Android
61.6k
Stars
17.9k
Forks
69
Open issues
100+
Contributors
AI Analysis
Magisk is an open-source Android customization suite that provides root access (MagiskSU), a module system for modifying read-only partitions, a boot image packing/unpacking tool (MagiskBoot), and Zygisk for injecting code into Android app processes. It is specifically designed for Android power users, ROM developers, and security researchers who need low-level system access on rooted Android devices running Android 6.0 and above. It is not intended for general Android users who do not intend...
Inferred from signals mentioned in the README (tests, CI, type safety) — not a review of the actual code.
AI's overall editorial judgment — not an average of the bars above, can weigh other factors too.
Magisk remains the dominant Android root and customization framework nearly a decade after launch
Magisk is a comprehensive Android customization suite providing systemless root access (MagiskSU), a module framework for modifying read-only partitions, boot image manipulation (MagiskBoot), and in-process code injection (Zygisk). It targets advanced Android users, developers, security researchers, and hobbyists who need root privileges or system-level modifications without permanently altering system partitions. With 61K+ GitHub stars, tens of millions of historical downloads, and a sprawling third-party module ecosystem, it is the reference implementation for Android root tooling as of mid-2026.
Created in September 2016 by topjohnwu as a way to pass SafetyNet checks while still achieving root, Magisk evolved from a single hack into a full platform. It absorbed community tools, defined the 'systemless' approach to Android modification, and spawned an entire module ecosystem and derivative projects.
Initial growth was driven by the demand for root access that could evade Google's SafetyNet attestation. Adoption accelerated as the module ecosystem matured, Android OEM fragmentation created demand for flexible boot image patching, and Magisk became the default expectation in custom ROM and rooting communities. Sustained ~246 stars/week in June 2026 indicates continued organic interest despite the project's maturity.
Download count badge links to a live JSON counter in a companion repository (magisk-files/count), which has historically shown tens of millions of installs. The project is referenced across major Android forums (XDA Developers), cited in security research papers on Android attestation bypass, and is a dependency assumption in the broader custom ROM ecosystem. Real-world adoption is extensively documented at scale.
Appears to be a multi-component suite: a Kotlin/Java Android application for management, a native daemon (likely C/C++ under the hood) for privileged operations, MagiskBoot as a standalone binary for boot image manipulation, and Zygisk as an in-process injection framework. The README references submodules, suggesting modular source organization. The mix of Kotlin (UI/app layer) and lower-level native code is consistent with the problem domain.
Not documented in README
Last push was 2026-06-11, approximately 9 days before the evaluation date — indicating active, recent maintenance. The project has been continuously updated for nearly 10 years, tracking Android version changes, new device quirks, and evolving attestation mechanisms. This is a well-maintained project, not a slow-growth stagnant one.
ADOPT IF: you need root access, boot image manipulation, or Android system-level modification on a device running Android 6.0+, especially if broad device compatibility and a large module ecosystem are priorities. AVOID IF: you are on a device with strong kernel-level integrity enforcement where KernelSU's kernel-based approach is more effective, or if you require a solution that passes current Play Integrity STRONG attestation without additional modules. MONITOR IF: you are tracking whether Google's evolving hardware attestation requirements eventually render userspace-based root hiding untenable compared to kernel-level approaches.
Independent dimensions
Mainstream potential
6/10
Technical importance
9/10
Adoption evidence
9/10
- Google's Play Integrity API (replacing SafetyNet) continues to raise the attestation bar with hardware-backed checks; Magisk's hide mechanisms may face increasing difficulty keeping pace on newer devices.
- KernelSU's kernel-level approach may become the preferred method on GKI-compatible devices, potentially shifting the community center of gravity away from Magisk over the next 2–3 Android generations.
- The project is effectively a single-maintainer effort (topjohnwu); bus-factor risk is real, though the GPL-3.0 license and active forks provide a continuity safety net.
- OEM bootloader lock policies (particularly on devices where bootloader unlocking voids warranty or is disallowed entirely) structurally limit the addressable device pool.
- Fragmentation of the root ecosystem (Magisk vs KernelSU vs forks) may split module development effort, reducing the quality advantage of Magisk's module ecosystem over time.
Magisk will likely remain the most widely installed root solution through 2027 due to ecosystem inertia and device breadth, but KernelSU-family solutions will continue gaining share on newer GKI devices. The Zygisk API's influence will persist regardless of which underlying root solution dominates.
Newsletter
Get analyses like this every Monday
Free weekly digest of the most interesting open-source discoveries.
Languages
Information
- Language
- Kotlin
- License
- GPL-3.0
- Last updated
- 4w ago
- Created
- 120mo ago
- Analyzed with
- anthropic/claude-sonnet-4-6
Stars over time
Contributors over time
Top 100 contributors only — repos with more will plateau at 100.
Open issues
Zygisk doesn't inject on Meta Quest 3 (partitioned zygote64_stub32 / stub_zygote): native.bridge cleared before the untrusted-app partition spawns
MagiskBoot removes Samsung SignerVer02 metadata causing "Secure Check Fail: boot.img" on SM-T290
trouble re-rooting lineageos device
Pixel 7 Android 17 CP31.260608.007: v30.7 patched init_boot returns to fastboot
Samsung devices may lose root access with OneUI 8.0 - add a warning when patching
Top contributors
Similar repos
Dr-TSNG/ZygiskNext
Zygisk Next is a standalone implementation of the Zygisk API for Android,...
LSPosed/MagiskOnWSALocal
This project integrates Magisk root access and Google Play Services into...
| Repository | Stars | Week Δ | Language | Score | Updated |
|---|---|---|---|---|---|
|
|
61.6k | +123 | Kotlin | 9/10 | 4w ago |
|
|
17.2k | — | Kotlin | 7/10 | 2d ago |
|
|
9.9k | — | — | 7/10 | 3w ago |
|
|
10.6k | — | Shell | 6/10 | 10mo ago |
|
|
7.6k | — | Kotlin | 7/10 | 4d ago |
|
|
5.8k | — | Kotlin | 7/10 | 4d ago |
KernelSU provides root via kernel module rather than boot image patching, offering stronger isolation and better bypass of userspace detection. It has gained significant traction (16K+ stars) and is increasingly adopted on newer devices. However, it requires kernel source availability or GKI compatibility, limiting device support. Magisk retains broader device compatibility and a far larger module ecosystem.
A KernelSU fork with additional features (5.6K stars). Represents community fragmentation in the kernel-root space. Narrower adoption than either Magisk or mainline KernelSU; targets users who want specific features not upstream.
ZygiskNext ports the Zygisk API to KernelSU and other root solutions, allowing Zygisk modules to run without Magisk. It is complementary rather than competitive in most scenarios — its existence reflects the influence of Magisk's Zygisk API as a de facto standard.
MagiskOnWSALocal (10.5K stars) integrates Magisk into Windows Subsystem for Android, extending Magisk's reach to a non-phone context. It is effectively a downstream integration tool, not a competitor.
A Magisk module for bypassing SafetyNet/Play Integrity. Complementary to Magisk, not competitive. Its existence (6.4K stars) illustrates the ecosystem built on top of Magisk rather than against it.
