As a root user, you have a lot of responsibilities to make sure your phone stays secure. Expectedly, some things may slip through the cracks. Remembering to check which apps have been granted root access is extremely important. All it takes is one bad app, so it's good to learn how to avoid that at all cost.
One thing you can do to increase security is to check on which apps currently have been granted superuser permissions. The Magisk Manager app has a specific area where you can view all apps on that list. The second thing involves combing through the entries in the logs for every time an app requested permission.
When you combine both of these things, you should be able to keep your system safe from any potential malware-ridden apps that try to gain root access. Being able to catch a rogue app by reviewing these things every now and then is the difference between staying safe and having your information at risk.
Start by opening the Magisk Manager app, tapping the menu icon on the left, then going to "Superuser." This is where you can view all the apps that currently have superuser access on your system.
Toggling the switch off will instantly deny all system-level permissions for that specific app. Useful in a pinch when you need to quickly revoke access to an app with one tap.
If you want some more fine-tuned control over specific functions without totally revoking access, tapping the app name will expand a new set of options. Disabling the bell icon will turn off any superuser notifications from an app. The bug icon setting will stop logging all requests for that app in the "Log" section of Magisk Manager.
The trash bin icon will not only revoke the superuser rights for an app, but it will also remove it from the list altogether. If you ever come across a questionable app that you know shouldn't have root access, you should delete it in this manner. Doing so will stop any further damage the app might be trying to do by eliminating the permissions. The next time the app requested superuser access, you would be prompted to allow or deny again.
To be clear, Termux is not a rogue app that will hijack your system in any way. This is just an example of what you should do if you run into such an app.
Tap the menu icon on the left again, then go into the "Log" section to begin viewing all your superuser interactions. Every time an app is granted or denied superuser rights, it will get logged on the list so you can keep track of the behavior for root apps. Comb through your log results to ensure only trusted apps have access to your system.
If you discover some jarring results and see a lot of "Grant" entries for an app that you didn't confirm, you need to revoke access immediately! Head back over to the "Superuser" section of Magisk Manager like before and revoke access to that app by tapping the trash bin icon. You definitely want to uninstall that rouge app right away to protect yourself and your data.
It's a solid plan to see what apps have superuser permissions once in a while if you use a lot of root apps. Going over your permissions and checking out the log entries can extremely helpful in keeping your device secure. You don't want any apps trying anything sneaky by hijacking your root permissions to carry out malicious actions — keep your personal data away from prying eyes at all times.