Database Develop

I cant get safetynet to pass no matter what I do.

I have a Galaxy S4 on Optimised CM14.1. I used the magisk that came with the ROM. I got safetynet to pass once, and have never been able to get it again.
Any help is appreciated!

BeastMode6 said:
I have a Galaxy S4 on Optimised CM14.1. I used the magisk that came with the ROM. I got safetynet to pass once, and have never been able to get it again.
Any help is appreciated!
Click to expand...
Click to collapse
Check to see if selinux is set to "Permissive", safetynet will fail if it detects a kernel with selinux set to permissive. To check this in the terminal type "getenforce" if it says "permissive", you can type "su" to get a root shell then type "setenforce 1" to enable Enforcing. In adb you can type the same, however you need to type "adb shell" prior to accomplish the same. Once enabled safetynet should pass. To set the selinux back to permissive type "setenforce 0" in a root shell. good luck!
Sent from my SM-T813 using Tapatalk

It says it's enforcing already.

BeastMode6 said:
It says it's enforcing already.
Click to expand...
Click to collapse
OK, make sure you have magisk-hide enabled in the magisk manager settings. I think safetynet checks for root as well, so if your rooted with magisksu, then all you should need to do is enable magisk-hide. If you don't have the magisk manager you can download it from google play.

I have hide on, still fails. I've also restarted like 5 times to no effect.

Check if Hide is working on your device by adding a root checker app to the Hide list. If it can't detect root, at least we know the Hide works.
After that, check SafetyNet with an app like SafetyNet Playground or SafetyNet Helper. Do you pass basic integrity?
Lastly, please upload a Magisk log.

When I added root checker to magisk hide, it can still detect root. The root request message pop'ed up, and I hit grant. Safetynet playground fails on absolutely everything.

BeastMode6 said:
When I added root checker to magisk hide, it can still detect root. The root request message pop'ed up, and I hit grant. Safetynet playground fails on absolutely everything.
Click to expand...
Click to collapse
if all else fails you might try uninstalling and reinstalling magisk, it might get rid of any errant files that maybe lingering around. You never really know whats really lies under the hood with pre-packed ROMs.

brians018883 said:
if all else fails you might try uninstalling and reinstalling magisk, it might get rid of any errant files that maybe lingering around. You never really know whats really lies under the hood with pre-packed ROMs.
Click to expand...
Click to collapse
I've already tried that, didn't work.

BeastMode6 said:
I've already tried that, didn't work.
Click to expand...
Click to collapse
hmm ... you might try enabling core only mode, it could be conflicting magisk modules, if it that's culprit then you would need to then re-enable each module one by one until you trigger the error. It could be an init script and unrelated to magisk. My best advice is to do a backup, do a clean install of lineage os, then install magisk, and see if that works.

(Removed)

brians018883 said:
hmm ... you might try enabling core only mode, it could be conflicting magisk modules, if it that's culprit then you would need to then re-enable each module one by one until you trigger the error. It could be an init script and unrelated to magisk. My best advice is to do a backup, do a clean install of lineage os, then install magisk, and see if that works.
Click to expand...
Click to collapse
YAY core only mode seemed to have fixed it. It's passing now with core only mode and magisk hide.
I've made an interesting discovery. When I go to magisk hide and try to enable hide for the google play store, it now no longer passes safety net (cts mismatch) until I reboot.

BeastMode6 said:
YAY core only mode seemed to have fixed it. It's passing now with core only mode and magisk hide.
I've made an interesting discovery. When I go to magisk hide and try to enable hide for the google play store, it now no longer passes safety net (cts mismatch) until I reboot.
Click to expand...
Click to collapse
good, glad you made some progress!
Best not to hide google play store, magisk hide by default hides safety net, blocking the store may screw with google play services.
Oh since you are on a cm/lineage based rom and to save you some headaches, avoid turning on magisk's busybox implementation, since cm roms use toybox a more enhanced version of busybox it confuses the OS by overlaying the busybox binaries over toybox's binaries and magisk eventually loses root until you do reboot, not mention makes the system sluggish and almost unusable. I learned that the hard way.
Happy Tweaking!

Bypass DBS banking App

Resently BDS banking app(India) is updated.is there any modules to make that work...

Aniruddhlr said:
Resently BDS banking app(India) is updated.is there any modules to make that work...
Click to expand...
Click to collapse
This isn't xposed, so probably not. As long as your passing safetynet and enabled magisk hide for that and rebooted, in theory you should be fine. The next thing you can try is force closing the app and in Magisk manager, tapping "hide magisk manager" but that's only a temporary fix, some apps now check to see if magisk is installed at all. This will fix that

manor7777 said:
This isn't xposed, so probably not. As long as your passing safetynet and enabled magisk hide for that and rebooted, in theory you should be fine. The next thing you can try is force closing the app and in Magisk manager, tapping "hide magisk manager" but that's only a temporary fix, some apps now check to see if magisk is installed at all. This will fix that
Click to expand...
Click to collapse
Magisk is installed and passes safety net.
Still many banking apps detected root like BHIM.
And is there any way to hide custom ROM?

Aniruddhlr said:
Magisk is installed and passes safety net.
Still many banking apps detected root like BHIM.
And is there any way to hide custom ROM?
Click to expand...
Click to collapse
You can make a script to change the build information in the rom to release-keys instead of test-keys, some apps detect that. Also make sure you tick your banking app in Magisk hide settings. I believe there is a module so ewhere on the forum to do this, I will link it if I see it. Also you can try universal safetynet bypass module

manor7777 said:
You can make a script to change the build information in the rom to release-keys instead of test-keys, some apps detect that. Also make sure you tick your banking app in Magisk hide settings. I believe there is a module so ewhere on the forum to do this, I will link it if I see it. Also you can try universal safetynet bypass module
Click to expand...
Click to collapse
Thank you.ill try and tell you results.

Aniruddhlr said:
Magisk is installed and passes safety net.
Still many banking apps detected root like BHIM.
And is there any way to hide custom ROM?
Click to expand...
Click to collapse
manor7777 said:
You can make a script to change the build information in the rom to release-keys instead of test-keys, some apps detect that. Also make sure you tick your banking app in Magisk hide settings. I believe there is a module so ewhere on the forum to do this, I will link it if I see it. Also you can try universal safetynet bypass module
Click to expand...
Click to collapse
MagiskHide already changes the prop to release-keys (and some other props). And since SafetyNet already passes there's no need for the Universal SafetyNet Fix module.
Only thing to do is to add the app to the Hide list (no module needed for that) and also hide the Magisk Manager (there's an option for that in the Manager settings). Also make sure to use the latest release (currently v14.6 beta) since there's often improvements being done.
It's also possible that the app detects things like Developer options and USB Debugging being enabled. That can't be hidden by Magisk, so try disabling those if they're enabled.

Didgeridoohan said:
MagiskHide already changes the prop to release-keys (and some other props). And since SafetyNet already passes there's no need for the Universal SafetyNet Fix module.
Only thing to do is to add the app to the Hide list (no module needed for that) and also hide the Magisk Manager (there's an option for that in the Manager settings). Also make sure to use the latest release (currently v14.6 beta) since there's often improvements being done.
It's also possible that the app detects things like Developer options and USB Debugging being enabled. That can't be hidden by Magisk, so try disabling those if they're enabled.
Click to expand...
Click to collapse
Yeah just now I saw that release keys in build prop.
I'm not on beta is it safe to install beta(magisk).
I'll try those debugging things.

It's saying runtime tampering.what does it mean?

Aniruddhlr said:
Yeah just now I saw that release keys in build prop.
I'm not on beta is it safe to install beta(magisk).
I'll try those debugging things.
Click to expand...
Click to collapse
Beta is safe... The worst that can happen (that I've seen so far) is a bootloop that can be fixed by flashing a clean boot image or an earlier release (v14.5).
There might also be problems with the su database, but that should be fixed by uninstalling the app (from within the Manager, press Uninstall and choose Uninstall App) and reinstalling it.
It's worth it, since the Hide feature is much improved in v14.6.
---------- Post added at 12:21 ---------- Previous post was at 12:21 ----------
Aniruddhlr said:
It's saying runtime tampering.what does it mean?
Click to expand...
Click to collapse
What is saying that?

https://i.imgur.com/e2rAlNI.png

Didgeridoohan said:
Beta is safe... The worst that can happen (that I've seen so far) is a bootloop that can be fixed by flashing a clean boot image or an earlier release (v14.5).
There might also be problems with the su database, but that should be fixed by uninstalling the app (from within the Manager, press Uninstall and choose Uninstall App) and reinstalling it.
It's worth it, since the Hide feature is much improved in v14.6.
---------- Post added at 12:21 ---------- Previous post was at 12:21 ----------
What is saying that?
Click to expand...
Click to collapse
I added a image.see

Aniruddhlr said:
I added a image.see
Click to expand...
Click to collapse
Hello again.
Yes, I saw the image... But, the only thing you could try is to update Magisk and use the improved hiding features.
There are a few issues with the latest stable v15.0. Many Samsung and Huawei users are experiencing bootloops and some users have had forced encryption issues. Don't think I've seen any issues mentioned for Xiaomi devices though... Just make sure to have a backup and the latest Magisk uninstaller zip available and you should be good to go.
If you're feeling unsure about updating, wait... The issues are under investigation.

Didgeridoohan said:
Hello again.
Yes, I saw the image... But, the only thing you could try is to update Magisk and use the improved hiding features.
There are a few issues with the latest stable v15.0. Many Samsung and Huawei users are experiencing bootloops and some users have had forced encryption issues. Don't think I've seen any issues mentioned for Xiaomi devices though... Just make sure to have a backup and the latest Magisk uninstaller zip available and you should be good to go.
If you're feeling unsure about updating, wait... The issues are under investigation.
Click to expand...
Click to collapse
Thanks for that warning.
I already updated to 15v and found forced encryption issue.
Does runtime tampering have anything to do with this root?

Aniruddhlr said:
Thanks for that warning.
I already updated to 15v and found forced encryption issue.
Does runtime tampering have anything to do with this root?
Click to expand...
Click to collapse
Have you gotten v15.0 up and running? If not you could try again and uncheck "Preserve forced encryption" in the Manager before updating, or if you're flashing from recovery you could run the following code in the recovery terminal first:
Code:
echo KEEPFORCEENCRYPT=false>>/data/.magisk
Runtime tampering is probably just DBS's way of saying your device is rooted.
After getting v15.0 running, add the app to the Hide list and hide the Manager (option in settings). You might also have to clear data for the DBS app.
Also make sure that MagiskHide is working by checking SafetyNet. If at least basic integrity passes we know it does. If it doesn't, toggle MagiskHide off and on in the Manager settings and try again.

Hi, I am also facing same issue. My device is Zuk Z2 and am on Dot-OS rom. Magisk passes SafetyNet, have enabled Magisk Hide but still this DBS bank app detects root.
I also tried after disabling Developer options. Same error. What extra can be done?

+1
I need access to this app too whilst rooted with Magisk

tomdot said:
+1
I need access to this app too whilst rooted with Magisk
Click to expand...
Click to collapse
https://forum.xda-developers.com/apps/magisk/guide-magisk-troubleshooting-t3641417

DBS banking app finally works with Magisk 16.0 (with Magiskhide)

Mine can't work.. there no error code appearing when opening the app but the app hangs at "log in " and "register" page.. anyone can help please
I'm using ressurectiin remix on redmi note 5

tomdot said:
DBS banking app finally works with Magisk 16.0 (with Magiskhide)
Click to expand...
Click to collapse
yes it's work for me,
1st i check it in my hide list
and then i hide my magisk
if only i did my 1st choice it still give some warning and force close the app
thanks

Magisk Hide not working

I recently rooted my new Mi A2 Lite using Magisk.
So my current banking app detected the root and now I cannot use it anymore. I tried Root Cloak and MagiskHide but both of them did not work either. It still shows the message saying my phone is rooted.
How do I debug that now. I need it to be working anyhow.
App: K-Plus; play.google.com/store/apps/details?id=com.kasikorn.retail.mbanking.wap

https://didgeridoohan.com/magisk/MagiskHideHidingRoot

arunsharmaofficial said:
I recently rooted my new Mi A2 Lite using Magisk.
So my current banking app detected the root and now I cannot use it anymore. I tried Root Cloak and MagiskHide but both of them did not work either. It still shows the message saying my phone is rooted.
How do I debug that now. I need it to be working anyhow.
App: K-Plus; play.google.com/store/apps/details?id=com.kasikorn.retail.mbanking.wap
Click to expand...
Click to collapse
I recently had the same problem, but with a different banking app.
What helped me in the past was to hide Magisk Manager with a random package name. It is an option in Magisk Manager itself. Unfortunately it doesn't work anymore but i could mask Magisk Manager with the Samsung app S Secure and now it's working again .
This was included in my Galaxy S7 ROM so you probably need to find the apk for the app or find a similiar working app for your phone model.
Hope this helps.

Daci54 said:
I recently had the same problem, but with a different banking app.
What helped me in the past was to hide Magisk Manager with a random package name. It is an option in Magisk Manager itself. Unfortunately it doesn't work anymore but i could mask Magisk Manager with the Samsung app S Secure and now it's working again .
This was included in my Galaxy S7 ROM so you probably need to find the apk for the app or find a similiar working app for your phone model.
Hope this helps.
Click to expand...
Click to collapse
Alright! Can you clarify what on how to hide Magisk with a different package name. I am still pretty new to Magisk. Thanks.

arunsharmaofficial said:
Alright! Can you clarify what on how to hide Magisk with a different package name. I am still pretty new to Magisk. Thanks.
Click to expand...
Click to collapse
Open Magisk Manager, go to settings and tap on Hide Magisk Manager. If your banking app doesn't work right away try a restart. If it still doesn't work try to mask Magisk Manager with S Secure or similiar apps.

The magisk hide feature does not work

nm180618 said:
The magisk hide feature does not work
Click to expand...
Click to collapse
It does work, the steps I took were:
1) Install Banking app
2) Open it and get notified about the phone being rooted
3) Use Magisk Hide feature to hide the Banking app
4) Go to phone's app settings
5) Baking app settings
6) Clear storage data (Clearing only the cache could work too, I didn't test it)
7) Profit!
Hope that works for you.

Magisk hide doesn't seem to be working for me. Magisk says it's working and safety net passes, but I've tested multiple apps and they can see that I'm rooted. Hiding magisk with a random package name doesn't work either.

Yesterday I installed magisk and went to hide options and checked my banking app. I was amazed to see banking app allowing me to do everything without limited functionality due to "root" like before. But today banking app detected root again and limited all functions, how? There haven't been any updates for banking app yet it seemed to no longer be fooled by magisk.

Same goes for me with the K-Plus app as well. (สวัสดีคับผม) Use Magisk Hide to hide the root access but it crashes the bank app instead.

Not sure what I've missed.
Gpay and banking are still detecting root/custom rom
Magisk and manager installed.
module SaMoDXv1 installed.
Safteynet is showing green
gpay and banking apps hidden
Using hide magisk function
removed all Magisk related stuff from SD card.
Cleared cache from gpay and banking apps .
Turned off usb debugging.
What else is there?
Just installed root checker basic, it sees root. I hide magisk from it and it still sees root. Is that right?

beythas said:
Same goes for me with the K-Plus app as well. (สวัสดีคับผม) Use Magisk Hide to hide the root access but it crashes the bank app instead.
Click to expand...
Click to collapse
Try following the 'Promon' section in https://github.com/Ingan121/UDSBypass

Hi,
I'ould like installing Fde.ai on my One plus 6 rooted with Ice Renovate 11.1 rom, but I'm not sure that installation is compatible with "Rice tweaks", a tweak app for this rom no my device.
Peraphs there is someone who does know the answer?
Tks and regards.
Roberto

What I do
Go to setting -> Magisk Hide -> disable then enable.
This way worked with me .
I used Magisk Manager v 7.2.0 (213).
Magisk v 19.3 (19300).

What worked for me is using the "Hide Magisk Manager" feature in settings. Now apps are not promoting about device being rooted and are running fine now.

Anyone solved this problem?
I still have a banking app with this problem. I tried many times but still not working.
Magisk hide dont work for this app.

nguyenlinh said:
Anyone solved this problem?
I still have a banking app with this problem. I tried many times but still not working.
Magisk hide dont work for this app.
Click to expand...
Click to collapse
So far there are very few apps that I've seen that can not be tricked with tips from the guide linked in the second post of this thread. Give it a shot...

Can you try it?
https://play.google.com/store/apps/details?id=vietcombank.itcenter.smartotpcorp
I Cannot run this app.
Thanks

nguyenlinh said:
Can you try it?
https://play.google.com/store/apps/details?id=vietcombank.itcenter.smartotpcorp
I Cannot run this app.
Thanks
Click to expand...
Click to collapse
Runs fine with the app on the Hide list and the Magisk Manager repackaged with a random name.
More:
https://www.didgeridoohan.com/magisk/MagiskHide#hn_Hiding_root_from_apps

Can someone check this for me?
https://play.google.com/store/apps/details?id=no.apps.dnbnor&hl=en_US
Iam using MH v60 with 19.3 still nothing. Iam fighting with that about 4 months now((((

clubhouse on rooted devices

Hi
I have a problem in the clubhouse app that login not complete on any rooted device ... no problem on Non Root devices
I hide magisk app add clubhouse to magisk hide and EDExposed blacklist but still not working.
also, the same issue is in Mcdonald's app.
any idea how to solve these issues
Note: My Bank app works after adding it to magisk hide and hide magisk app, which means i did it right.
thanks

anyone help me please

Have you tried removing the Magisk app? That's a popular way of detecting Magisk, even with a repackaged app. It's practically impossible to completely hide it on anything below Android 11, and even then it's necessary for the app to target A11 for full hiding to work (which won't happen until Google enforces that, maybe later this year).
Of course, Xposed/EdXposed/LSPosed tools can probably be used to hide the app fully...

Didgeridoohan said:
Have you tried removing the Magisk app? That's a popular way of detecting Magisk, even with a repackaged app. It's practically impossible to completely hide it on anything below Android 11, and even then it's necessary for the app to target A11 for full hiding to work (which won't happen until Google enforces that, maybe later this year).
Of course, Xposed/EdXposed/LSPosed tools can probably be used to hide the app fully...
Click to expand...
Click to collapse
thanks for your reply
if i removed magisk .. everything that use root will stop and i don't want that
also can you please tell me how to hide the app fully using EDXposed

I did not say "remove Magisk"... I said "remove the Magisk app". Just uninstall the app and try and see if Clubhouse still triggers. If it works we know it's looking for the app and you'll have to either freeze/uninstall the Magisk app when using Clubhouse and then reinstall it again afterwards, or use one of the available isolation methods. I've got a few of those mentioned here, but I'm sure you can find more if you search (it's been covered a lot):
https://www.didgeridoohan.com/magisk/MagiskHide#hn_Isolation_apps

zamlkawy said:
Hi
I have a problem in the clubhouse app that login not complete on any rooted device ... no problem on Non Root devices
I hide magisk app add clubhouse to magisk hide and EDExposed blacklist but still not working.
also, the same issue is in Mcdonald's app.
any idea how to solve these issues
Note: My Bank app works after adding it to magisk hide and hide magisk app, which means i did it right.
thanks
Click to expand...
Click to collapse
for Mcdonald's try this
[MOD][XPOSED][4.1+] McRoot (McDonalds Global App)
McRoot McDonalds Global App security fix Remove checks of: root unacceptable apps unacceptable device properties (developer options etc) Note: The app requests SafetyNet pass! Use Magisk+Riru+Riru-Unshare etc Install notes: install apk...
forum.xda-developers.com

Hi. I also have Magisk installed on my device. I uninstalled Magisk app, tried logging into clubhouse again, but still the issue persists.
After receiving the missed call while trying to sign in, I get the notification, 'There was an error please try again'
Clearing the clubhouse app data, uninstalling and reinstalling the app again hasn't helped at all. I get the same issue.
I have Magisk 23.0 installed on my Oneplus5T running Android 10.

Banking app (Starling) detecting Magisk

A banking app I've been using for years has always worked after putting it on the Deny List. I updated it recently and it now won't work with Magisk installed regardless of what I do.
As soon as I patch the boot image with Magisk it complains that the device is rooted and locks me out. That's without even installing the Magisk app, also without Zygisk etc.
I can pass SafetyNet and Play Protect certification with Universal Safety Net Fix and Magisk Hide Props Config modules. However that doesn't make the banking app work.
So far I've also tried:
* Magisk Delta, Zygisk off, with sulist on whitelist mode (also tried Delta's Magisk Hide)
* Shamiko
* Hide My Applist (various configs)
* Disabling root from Magisk app
* Renaming the Magisk app
* Downgrading the banking app (it no longer detects root but locks me out until I upgrade)
* Cloning the banking app to Work Profile with Shelter (this is the only thing that gets rid of the message about being rooted. But then it bizarrely claims it can't connect to the server to login!?)
I'm now at a loss as to what else to try. Any ideas please?

What's the banking app name?

Also install Ruru and see what might be the problem. Make the same steps you use to hide your banking apps. Also clear data of Ruru before each test.
Releases · byxiaorun/Ruru
An android sample app of detecting suspicious apps like magisk manager - byxiaorun/Ruru
github.com

makeyourself said:
A banking app I've been using for years has always worked after putting it on the Deny List. I updated it recently and it now won't work with Magisk installed regardless of what I do.
As soon as I patch the boot image with Magisk it complains that the device is rooted and locks me out. That's without even installing the Magisk app, also without Zygisk etc.
I can pass SafetyNet and Play Protect certification with Universal Safety Net Fix and Magisk Hide Props Config modules. However that doesn't make the banking app work.
So far I've also tried:
* Magisk Delta, Zygisk off, with sulist on whitelist mode (also tried Delta's Magisk Hide)
* Shamiko
* Hide My Applist (various configs)
* Disabling root from Magisk app
* Renaming the Magisk app
* Downgrading the banking app (it no longer detects root but locks me out until I upgrade)
* Cloning the banking app to Work Profile with Shelter (this is the only thing that gets rid of the message about being rooted. But then it bizarrely claims it can't connect to the server to login!?)
I'm now at a loss as to what else to try. Any ideas please?
Click to expand...
Click to collapse
I have found some banking apps are calling an external site and somehow they are detecting reporting back root. I had an issue with Halifax and Starling before.
Starling for me tripped over the last few days, and I used pcap droid to trace what hosts it was calling during app start up.
I found that when i blocked the following address:-
firebaseremoteconfig.googleapis.com
it all worked OK.
Try it if you use Adaway or a DNS provider and add this to your blacklist

spida_singh said:
I have found some banking apps are calling an external site and somehow they are detecting reportign back root. I had an issue with Haliafx and Starling before.
Starlign for me tripped over the last few days, and i used pcap droid to trace what hosts it was calling during app start up.
I found that when i blocked the following address:-
firebaseremoteconfig.googleapis.com
it all worked OK.
Try it if you use Adaway or a DNS provider and add this to your blacklist
Click to expand...
Click to collapse
I was wondering why Starling suddenly started failing - thanks!

Try hide root with some google apps on deny list. (u can search "html", "webview", "feedback" then enable hide them all apps which include these words.

giociampa said:
I was wondering why Starling suddenly started failing - thanks!
Click to expand...
Click to collapse
Ta
For ref - Process for Noobies is here;
MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0
Universal SafetyNet Fix Magisk module Magisk module to work around Google's SafetyNet attestation. This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS...
forum.xda-developers.com
Files and all

spida_singh said:
I have found some banking apps are calling an external site and somehow they are detecting reportign back root. I had an issue with Haliafx and Starling before.
Starlign for me tripped over the last few days, and i used pcap droid to trace what hosts it was calling during app start up.
I found that when i blocked the following address:-
firebaseremoteconfig.googleapis.com
it all worked OK.
Try it if you use Adaway or a DNS provider and add this to your blacklist
Click to expand...
Click to collapse
Thanks. Worked for me on my 6t using LOS20 and Starling

surajpai524 said:
What's the banking app name?
Click to expand...
Click to collapse
Starling
surajpai524 said:
Also install Ruru and see what might be the problem. Make the same steps you use to hide your banking apps. Also clear data of Ruru before each test.
Releases · byxiaorun/Ruru
An android sample app of detecting suspicious apps like magisk manager - byxiaorun/Ruru
github.com
Click to expand...
Click to collapse
If I rename/repackage the Magisk app and use Deny List then the only things Ruru detects is the Magisk app itself (even though it's renamed) and TWRP. TWRP doesn't seem to be the problem because the banking app doesn't seem to care if I've got that installed so long as Magisk isn't installed to ramdisk. And the banking app is clearly detecting something other than just the Magisk app because it trips after flashing Magisk from recovery, even if the Magisk app isn't installed.
I think @spida_singh may have a solution though!

spida_singh said:
I have found some banking apps are calling an external site and somehow they are detecting reporting back root. I had an issue with Halifax and Starling before.
Starling for me tripped over the last few days, and I used pcap droid to trace what hosts it was calling during app start up.
I found that when i blocked the following address:-
firebaseremoteconfig.googleapis.com
it all worked OK.
Try it if you use Adaway or a DNS provider and add this to your blacklist
Click to expand...
Click to collapse
Thanks very much, yes it's Starling I'm having the problem with! Have not tried your solution yet but will do when I have time. Edit: Just tried and it works !!
I did have a look at the DNS requests from the Starling app and I think I may have even noticed the domain name you mention. But wouldn't have guessed it was that causing it! I'd be interested to know how that works... Are Google apps (I have minimal amount installed) spying on my applist and reporting it to my bank!? Kind of creepy! Also quite weird seeing as Google Pay/Wallet doesn't complain!

makeyourself said:
Thanks very much, yes it's Starling I'm having the problem with! Have not tried your solution yet but will do when I have time.
I did have a look at the DNS requests from the Starling app and I think I may have even noticed the domain name you mention. But wouldn't have guessed it was that causing it! I'd be interested to know how that works... Are Google apps (I have minimal amount installed) spying on my applist and reporting it to my bank!? Kind of creepy! Also quite weird seeing as Google Pay/Wallet doesn't complain!
Click to expand...
Click to collapse
Starling will manage the API in how it works for their app, only they will know, i honesltly have no idea, i know Halifax have done this in the past, and now Starling, and simply blocking it allows the app to work, but, as you, im intrigued to know what the app is 'reading' and sending back to report the device is rooted.
PCAP droid can check the payload and dump it to see what was happening with that request, and whats being sent back.

spida_singh said:
Starling will manage the API in how it works for their app, only they will know, i honesltly have no idea, i know Halifax have done this in the past, and now Starling, and simply blocking it allows the app to work, but, as you, im intrigued to know what the app is 'reading' and sending back to report the device is rooted.
PCAP droid can check the payload and dump it to see what was happening with that request, and whats being sent back.
Click to expand...
Click to collapse
Id like to know too - But use my file from post #7 and it should work

I think I spoke to soon. It's still showing up for me when I quit the Starling app.

I tried Starling app and at first it detected root but once I added to Deny list in Magisk. It didn't detect and went to login page.
My root detection bypass configs:-
Magisk (Not hidden/ Name unchanged / Not Frozen)
Magisk Deny List
Shamiko 0.7
Hide My AppList (LSPosed Module)
Universal SafetyNet Fix mod by Displex
I don't know other behaviour like after login and stuff, since I don't have an account.
Ruru screenshot: even with xposed modules and Magisk app not hidden

Prof. Yaffle said:
I think I spoke to soon. It's still showing up for me when I quit the Starling app.
Click to expand...
Click to collapse
Do you have the the domain mentioned above blacklisted in Adaway and the app on Magisk Deny List with Deny List enforcing? All working fine here now.
I also have USNF (kdrag0n) and Magisk Hide Props Config installed. Magisk 26.1
Also you have to clear the app's data before that message will go away.

Yes, I've tried it added manually and also with the file. Same result both ways. I have the Magisk app hidden, Starling in the Deny list but Enforce disabled as I'm using Shamiko.
Edit
I've just cleared the Starling app data and it seems okay at the moment

FYI - Latest May update for Pixel and Starling latest update now break the method in this thread - Searching for workaround

fkofilee said:
FYI - Latest May update for Pixel and Starling latest update now break the method in this thread - Searching for workaround
Click to expand...
Click to collapse
I'm running the latest starling absolutely fine on my Pixel 6. Same set-up (latest linesgeos nightly)
Magisk Delta
USNF by displax
PCAP block list still contains this host
What is your setup?

Official Magisk, UNSF from Displax, Fingerprint Props.
Adaway still contains the host file I made.

My OnePlus 6t on the latest Lineageos 20 nightly seems fine with Shamiko, USNF Mod and the blocked host in Adaway