Many powerful Android utilities need system-level access — but full root is often too risky, too invasive, or simply unavailable. Shizuku by RikkaW is the elegant middle ground: a system service that runs a privileged app_process and lets apps call system APIs through a controlled Binder IPC layer — no permanent root grants required. Available via Wireless Debugging on Android 11+ with zero root needed, or via root for persistent always-on operation.
Core Capabilities
Privileged system API access for any app — controlled, scoped, and revocable. Without permanently granting root.
No Root Required — Wireless Debugging
On Android 11 and above, Shizuku starts entirely on-device via Wireless Debugging — no computer, no ADB cable, no root needed. Android 13+ even supports auto-start when connected to a trusted WLAN, making Shizuku persistent without root access.
Binder IPC Middleware
Shizuku starts a app_process Java process with elevated (ADB or root) identity. Apps send API requests to the Shizuku service via Binder IPC — Shizuku relays them to the system server with elevated privilege and returns the result. Apps interact with system APIs as if they called them directly.
Scoped, Per-App Permission
Apps must explicitly request Shizuku permission — a dialog appears for each app, just like a regular Android permission. Users can grant or revoke Shizuku access per-app at any time. This is fundamentally safer than root: Shizuku-enabled apps cannot run arbitrary shell commands.
rish — Interactive Shell
Shizuku ships with rish — an interactive shell that runs with ADB or root privileges inside any terminal app. Run rish from Termux to get a fully privileged shell without needing a separate ADB connection or root access configured in the terminal.
Ecosystem of Shizuku Apps
Hundreds of apps use the Shizuku API: Ice Box (app freezer), Canta (debloater), Hail (app hibernation), aShell (terminal), Swift Backup, App Manager, HideMyApplist, and many more — all gaining system-level power without requiring root themselves.
Developer API
Shizuku provides a well-documented public API for developers. Add the Shizuku API dependency, declare the ShizukuProvider in your manifest, request permission at runtime, and call system APIs with elevated identity through ShizukuBinderWrapper — full documentation at shizuku.rikka.app.
How Shizuku Works
Normally, when an Android app calls a system API like PackageManager#getInstalledPackages(), the Android framework handles the Binder IPC to the system server on the app's behalf. The system server sees the app's UID and checks if it has the necessary permissions.
Shizuku starts a separate Java process using Android's app_process command — the same mechanism Android uses to start the system server itself. This process runs with ADB identity (which has far more permissions than regular apps) or full root identity. It holds Binder references to system services directly.
When an app with Shizuku permission calls a system API, it goes through ShizukuBinderWrapper — which forwards the Binder transaction to the Shizuku service process. The service relays it to the real system server with the Shizuku process's elevated identity. The result is returned to the app transparently. The app gets system API access; no full root is exposed; the user controls which apps can do this via the permission dialog.
How to Start Shizuku
- Enable Developer Options
- Enable Wireless Debugging
- Open Shizuku → tap Start via Wireless Debugging
- Approve the pairing dialog
- Connect device to PC via USB
- Run the ADB command shown in Shizuku
- Shizuku starts immediately
- Must repeat after each reboot
- Install Shizuku
- Open Shizuku → tap Start via Root
- Grant root permission
- Auto-starts on every boot
Frequently Asked Questions
app_process. It acts as a Binder IPC middleware — apps that support the Shizuku API can call system-level Android APIs through Shizuku's service without needing permanent root access themselves.