2. When an user start the #Aadhaar #Android app on a rooted phone, he will obtain a toast with the following message: "Your device is rooted. For security purpose you can not use this application"pic.twitter.com/Mb0Qypqqe4
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
2. When an user start the #Aadhaar #Android app on a rooted phone, he will obtain a toast with the following message: "Your device is rooted. For security purpose you can not use this application"pic.twitter.com/Mb0Qypqqe4
3. In the splash screen activity you are checking if the device is rooted with 3 different methods.pic.twitter.com/GLIR1hWzML
4. In the CheckRootUtil class, you implemented 5 different methods to check if the device is rooted but only 3 are used
https://gist.github.com/fs0c131y/b8e3d3f16d2cb9df46707e8fd1f65217 …
5. I guess the @UIDAI and @KhoslaLabs developers are working with emulators when they developed the app. So they implemented a way to bypass this root check...
If the flag isEmulator is set to true, the method will always return false and you bypass the root check
pic.twitter.com/D2yivWbgF2
6. You just have to:
- unpack the #Aadhaar #Android app with #apktool
- change v1 to v0 in one line
- repack the app with apktool
- resign the app
You can run the app on a rooted phone!pic.twitter.com/Hay77rX3EA
7. A basic protection against this unpack/repack is to check if the apk certificate had been modified. If this mechanism detect that your app had been modified, it will not start the app.
They have a getApkCertificateDigestSha256 method in their app but it's not used...
pic.twitter.com/bTecaOtm2z
I think you can just use magisk rootless feature to hide root from Aadhar anyway . I haven't tried it though. Gve it a try.
Hahaha , it's hassle free for people who are not developers .
Dude, you're awesome 

Thank you for revealing the flaws, hope they work on these this asap
@ceo_uidai you really should thank him with a gift.
Thanks for the entertaining read. Here have a gif. :phttps://twitter.com/oddtazz/status/951771553036816384 …
Please check: @republic @aajtak @ZeeNews @News18India @PMOIndia @narendramodi @rsprasad Lives of 1 billion are on stake with a massive exposed.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.