SuperSU updated to v2.13

Holy wall of text, Batman!

Time for a 'stable' SuperSU update! There have been quite a few beta releases the past few months, with lots of under-the-hood changes, lots of bug fixes, lots of compatibility additions, etc.

Again, a fair amount of work has been done to keep SuperSU operational on the latest AOSP builds, as security-related changes to AOSP are likely to end up in retail L. The changes are quite extensive and a departure from previous strategies to keep SuperSU operational on AOSP. As a side-effect of this, it may ultimately actually increase compatibility for root apps between different Android versions (and be less work for root app devs to support), as if it ends up working well on L, I will back-port these changes down to 4.2. It should be noticed that these patches are already in-use and tested against 4.4.

Cryptic and unspecific, I know. I will write about these things in detail once L is released (any day now?), if I don't have to revert them.

So what are the chances of this working on L at release? If we're lucky, the CF-Auto-Root's for  the Nexus devices will work out-of-the-box, but there's no way of knowing yet. There are dozens of things that could still go wrong, in fact, I have some concerns that ultimately we may need to have modified boot.img's to have root at all. We'll see when we'll see!

One thing I can tell you is that OTA survival mode will be very unlikely to work between 4.4 and L, at least initially.

Architecture specific binaries
SuperSU now comes with architecture specific binaries for: arm (v5), arm-v7a, arm64 (v8a), x86, x64, mips and mips64. The 64-bit variants are officially supported from L onward, so obviously they have not been tested on production devices yet.

CF-Auto-Root currently still always installs the arm (v5) binaries. "su -h" will display the specific version you are using.

Amazon now distributes SuperSU as well, but their vetting process is more extensive and much slower than Play, so expect Amazon releases to generally lag behind Play releases.

Android TV
Aside from adding the CF-Auto-Root for it to my extensive list, this version of SuperSU brings some minor but much-needed improvements that just make it behave significantly better.

SuperSU now cleans up leftover packages from the root list at boot (if re-authentication is enabled). While this really is a minor thing, I want to point it out explicitly because on some devices and Android versions, if you move root apps to the SD card, this cleanup will be performed before Android has scanned the SD card for the apps. So from the perspective of SuperSU, these apps do not exist, get removed from the root list, and well re-request root access when run. 

A proper solution is still under investigation, and it does not happen for me on any of my 4.4 devices. Either way, if you find apps are losing root access on reboot, a work-around for now is turning off the 're-authentication' feature. Please do report this and your device and firmware details to the SuperSU threads on XDA if it happens to you.

The latest (stable) flashable ZIP is available from as always. All CF-Auto-Roots have already been updated.

I will update Play tomorrow, assuming no showstoppers are found by those flashing the ZIPs, which will probably be a staged rollout. So best-case scenario, everyone should be updated come Monday.

The main thread is here:

The thread for beta releases can be found here:

Special thanks to all the beta testers

Flashable ZIP
For the modders and exploiters amongst you, I have added some documentation to the update-binary script. It's not complete yet, and there are a number of changes and improvements I still want to make, but I'm sure it's more helpful now than it was before.

There have been a few changes to the CF-Auto-Root installer as well. One noteworthy one is that in preparation for L having encryption enabled by default, it no longer touches /data. This is both good and bad.

The good is that it doesn't need to know your decryption key, the process remains automatic, and encrypted phones are no longer wiped on usage of CF-Auto-Root.

The bad is that this means some /data cleanup code is run on first boot after rooting, which may trigger a (one) reboot in the process. I do not expect bootloops because of this, it works fine on all the devices I have tested it on, but you never know.

Additionally, because CF-Auto-Root cannot distinguish between a garbage and an encrypted partition, it no longer fixes OEM unlock issues. On several fastboot based devices, the OEM unlock command, instead of formatting /data and /cache, wipes them. Android will not automatically re-format them anymore (used to in 2.x days), which means that your device will forever bootloop until you manually format /data and /cache (which CF-Auto-Root did for you automatically in the past).

Last but not least, some changes have been made to allow the progress to be visible on some new Qualcomm based devices. While I would normally not waste words on something as trivial as this, I would like to point out that these devices no longer support fbdev to put content on screen, but instead use something called Qualcomm overlay. Nothing basically wrong with that either, aside from the absolutely horrid fact that the interface to this changes between different kernels in a completely incompatible way, pretty much requiring a userspace program to use the exact right version of kernel headers to do something as basic as putting anything onscreen. Making a non-kernel specific binary that support a wide range of devices is thus now nigh impossible unless some very ugly code and errorprone methods are employed. As such, I expect that ultimately there will be no visual progress for CF-Auto-Root anymore on Qualcomm based devices, as I certainly can't be bothered keeping track of these shenanigans.

- Improved support for Android TV (adjusted icon, disable some features, use device default theme by default, etc)
- Parse UID names to numbers manually if the system fails to do it
- Fix system user not gaining root even if "trust system user" enabled
- Transition to init context if started in init_shell context (if possible)
- Adjust boot sequence for encrypted devices
- Support MCS for -cn/--context switch
- Silence a larger number of audits on latest AOSP/L
- Many small changes to fix support for latest AOSP/L
- Secondary users are no longer able to change trust system or respect CM settings
- Added experimental supolicy binary
- Check for removed apps at boot, and forget their settings if re-authentication is enabled
- Amazon Appstore support
- Remove APK restriction to install to ARM and X86 only (issue for MIPS)
- Notify interested apps (with root granted) when overlays need to be hidden
- Transition to init context if started in kernel context
- Experimental builds for armeabi-v7a, arm64-v8a, x86-64, mips, mips64
- Fixed erroneous fd close that could cause su session freezes
- Fixed occasional freezes and wrong exit code in sugote
- Remove busybox dependency in TWRP/CWM binary updater
- Fixed missing sugote-mksh in backupscript
- Fixed install script wiping out SuperSU Pro
- Added option to disable mount namespace separation
- Fix bug where grant as default access still showed a prompt 
- Added reboot button in dialog after binary update
- Added tapjacking protection - may cause issues with screen dimming apps!
- Added removing Team Venom SU
- Added new dalvik-cache paths to clear on package maintenance
- Fix exitcode sometimes being wrong when full content logging is enabled
- Fix automatic OTA survival
- Updated language files
Shared publiclyView activity