diff --git a/kernel/allowlist.c b/kernel/allowlist.c
index 4a3dbc47..83ddc867 100644
--- a/kernel/allowlist.c
+++ b/kernel/allowlist.c
@@ -18,7 +18,7 @@
 #include "allowlist.h"
 
 #define FILE_MAGIC 0x7f4b5355 // ' KSU', u32
-#define FILE_FORMAT_VERSION 2 // u32
+#define FILE_FORMAT_VERSION 3 // u32
 
 #define KSU_APP_PROFILE_PRESERVE_UID 9999 // NOBODY_UID
 
@@ -108,6 +108,11 @@ static bool profile_valid(struct app_profile *profile)
 		return false;
 	}
 
+	if (profile->version < KSU_APP_PROFILE_VER) {
+		pr_info("Unsupported profile version: %d\n", profile->version);
+		return false;
+	}
+
 	if (profile->allow_su) {
 		if (profile->rp_config.profile.groups_count > KSU_MAX_GROUPS) {
 			return false;
diff --git a/kernel/ksu.h b/kernel/ksu.h
index e4191ea9..dae32738 100644
--- a/kernel/ksu.h
+++ b/kernel/ksu.h
@@ -34,7 +34,7 @@
 #define EVENT_POST_FS_DATA 1
 #define EVENT_BOOT_COMPLETED 2
 
-#define KSU_APP_PROFILE_VER 1
+#define KSU_APP_PROFILE_VER 2
 #define KSU_MAX_PACKAGE_NAME 256
 // NGROUPS_MAX for Linux is 65535 generally, but we only supports 32 groups.
 #define KSU_MAX_GROUPS 32
@@ -44,8 +44,8 @@ struct root_profile {
 	int32_t uid;
 	int32_t gid;
 
-	int32_t groups[KSU_MAX_GROUPS];
 	int32_t groups_count;
+	int32_t groups[KSU_MAX_GROUPS];
 
 	// kernel_cap_t is u32[2] for capabilities v3
 	struct {