I've got OnePlus 7T (no TWRP), OOS 11. Bank app - Citadele
1) Magisk "hide" enabled - Bank app, Google Play Services, McDonald's, other Google apps
2) Magisk itself is also hidden as APK with a different name and e.t.c
3) Safetynet passed (McDonald's app wasn't working at first, while Magisk wasn't hidden from it, can't find Netflix in Google Play)
4) The device is certified in Google Play
5) Canary Magisk and other versions don't work either
6) Tried uninstalling all the modules/reinstalling Magisk hide props
7) Cleared cache/reinstalled bank application
8) Tried disabling USB debugging
The only thing that worked for me - freezing hidden Magisk with a Titanium Backup
Related
What is SafetyNet?
"SafetyNet provides a set of services and APIs that help protect your app against security threats, including device tampering, bad URLs, potentially harmful apps, and fake users." -Android Developers
Like stated above, SafetyNet is a set of APIs embedded in Google Play Services to see whether a device has been tampered with from its factory state (e.g. a custom ROM is installed). Developers can use this API to block smartphones in which SafetyNet fails to pass.
How will this affect me and my usage of the device?
Several apps use this API to block users with custom ROMs, such as Google Pay, Netflix, and others, especially banking apps. If you don't use any of these, then failing SafetyNet probably won't matter to you. But if you do use some of these apps, you'll find that they often refuse to run.
How to pass SafetyNet:
You will need Magisk and Magisk Manager: https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445
You will need this ZIP:
https://forum.xda-developers.com/apps/magisk/universal-safetynet-fix-magisk-17-t3840680
After you have downloaded both of these, go ahead and flash Magisk through TWRP. After installation is complete, Go to the Modules section in Magisk Manager and press the + button and select the SafetyNet spoofer ZIP. After it's done, reboot your phone. Then go to Settings in Magisk Manager and turn Magisk Hide off and then on again. Go to the Magisk Hide section and select the following apps to hide Magisk from:
Google
Google Services Framework
Google Play Store
(and other apps requiring SafetyNet to pass)
Then go to Play Store>Settings and see if it says your Device is certified. If not, clear Play Store data and try again.
Done! Now you will have passed SafetyNet!
JarlPenguin said:
What is SafetyNet?
"SafetyNet provides a set of services and APIs that help protect your app against security threats, including device tampering, bad URLs, potentially harmful apps, and fake users." -Android Developers
Like stated above, SafetyNet is a set of APIs embedded in Google Play Services to see whether a device has been tampered with from its factory state (e.g. a custom ROM is installed). Developers can use this API to block smartphones in which SafetyNet fails to pass.
How will this affect me and my usage of the device?
Several apps use this API to block users with custom ROMs, such as Google Pay, Netflix, and others, especially banking apps. If you don't use any of these, then failing SafetyNet probably won't matter to you. But if you do use some of these apps, you'll find that they often refuse to run.
How to pass SafetyNet:
You will need Magisk and Magisk Manager: https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445
You will need this ZIP:
https://forum.xda-developers.com/apps/magisk/universal-safetynet-fix-magisk-17-t3840680
After you have downloaded both of these, go ahead and flash Magisk through TWRP. After installation is complete, Go to the Modules section in Magisk Manager and press the + button and select the SafetyNet spoofer ZIP. After it's done, reboot your phone. Then go to Settings in Magisk Manager and turn Magisk Hide off and then on again. Go to the Magisk Hide section and select the following apps to hide Magisk from:
Google
Google Services Framework
Google Play Store
(and other apps requiring SafetyNet to pass)
Then go to Play Store>Settings and see if it says your Device is certified. If not, clear Play Store data and try again.
Done! Now you will have passed SafetyNet!
Click to expand...
Click to collapse
I am on Lineage 15.1 based on 8.1, I followed every step you have mentioned but it shows ctsProfile : False and basicintegrity : true
For many apps magisk hide works, but not for Cofidis app.
Things I tried:
- removed app, reboot, install and before starting the app set it in magisk hide
- hide magisk mgr
- USB debugging off
- allow OEM unlock off
- turned off developer tools
- tried magisk canary
- renamed TWRP backup folder
It seems that during install the app already detects the root.
Hello,
I have found a solution that works for me.
Uninstall Cofidis, hide the Magisk application (see in the settings), install Cofidis then erase the application data (in case Play Store has restored them), configure Cofidis in Magisk Hide.
In my opinion, the Cofidis application checks if Magisk is installed.
Tell me if this was helpful to you.
Cordially
How to delete this message?
Ive got:
Galaxy s5
Lineage 18.1
Magisk 23.0.
Ive turned on magisk hide in settings.
Ive ticked M&S Bank (and turned on the two toggles in it).
Ive ticked Google Play Services (and turned on the 10 toggles in it).
Check Safetynet works and passes all ok.
The M&S bank app says it wont work on rooted phones.
This is the 1st banking app ive tried on this.
Do i need to provide any more information?
Is there anything else i can do or anything i am doing wrong?
thanks
In Magisk settings you have the option to hide the Magisk app. When you check this option, the apk will appear under another name such as "settings" or "manager". After doing this, wipe storage or uninstall and reinstall the Bank app. Some apps detect root by simply checking an app with the name Magisk among those installed. Don't install the app on external storage or Magisk hide won't work (at least in my case).
hi
thanks for the reply. ill try and re insatll the banking app and see if that works
Hello,
I'm want to use KIA connect on my Samsung S10+.
I tried LOS 18 and LOS19
Magisk 24.100
Zygisk
KIA, Google Play Store, GP-Service, Framework in "Verweigerungsliste"
MagiskHide Props v6.1-v137
Hide Magisk and frozen
but the App won't to start because of root
I use this app and Magisk on my rooted OnePlus without problems.
Any idea, how to fix this?
Thanks
Frank
Same problem, I managed to find a solution.
All I needed was to pass as SafetyNet test:
Install MagiskHide Props Config: https://github.com/Magisk-Modules-Repo/MagiskHidePropsConf (download and install as module in Magisk), reboot.
Open any terminal (e.g. Termux), run: `su -c props`
Grant superuser permission.
The MagiskHide Props Config is launched within the terminal, select 2: Force BASIC Key Attestation.
Find your device or leave default value (for my OnePlus One the value 'A001' was ok.
Confirm, reboot.
Ensure that Zygisk and Enforce deny list are enabled in Magisk settings.
Add Kia Connect to DenyList.
Download Universal SafetyNet Fix: https://github.com/kdrag0n/safetynet-fix
Install it as Magisk module.
Hide Magisk app (in Magisk settings)
Clear Google Play Service and Google Play Store data (app settings).
Install YASNAC from Play Store, run SafetyNet Attestation, all results should be green now.
I was now able to launch the Kia Connect app.
On Lineage OS 19 on Xiaomi A1 I needed to install Magisk 25.2 in LOS recovery. After that the installation of Universal Safetynet Fix was enough. So I could skip the 1 to 6.
Hello,
I've rooted my p7, how am i supposed to pass safety net?
I've used pixelflasher to root, install magisk and update.
In magisk, I've tried many times to set the "Google Play service" in the exclusion list, it always get uncheck.
I've installed the safety net fix in magisk.
Be sure to check play service, wallet... And empty their cache, all that in airplane mode and reboot.
But still... Play service become uncheck on exclude list and Google Play direct certified my device... Bank apps didn't work ...
What is different with the p7 than the p5?
My p5 is easy to do all that, i can flash the modified boot from magisk easily, which can't be done in cmd with the p7, only pixelflasher have been able to
Hide Magisk, use Zygisk denylist and Displax's universal safetynet fix.
https://forum.xda-developers.com/t/...nlock-bootloader-pass-safetynet-more.4505353/
1. Install displax's safetynetfix
2. Hide Magisk
3. Enable Zygisk
4. Enforce DenyList
5. Configure DenyList and check all your required apps (clear storage for apps already installed)
6. Install AirFrozen
7. Freeze Magisk in AirFrozen and now your banking apps should work fine
dewri21 said:
1. Install displax's safetynetfix
2. Hide Magisk
3. Enable Zygisk
4. Enforce DenyList
5. Configure DenyList and check all your required apps (clear storage for apps already installed)
6. Install AirFrozen
7. Freeze Magisk in AirFrozen and now your banking apps should work fine
Click to expand...
Click to collapse
I did like this but didn't use AirFrozen. I hid Magisk from within Magisk and my banking apps work fine and I'm device certified. Also, when using DenyList I expanded all the Google Play apps and made sure all the subcomponents were selected rather than just the one's picked by default. Accepted my choices with the arrow at the top of the screen rather than the nav button which seemed sometimes to not save my choices. YMMV.
Releases ยท Displax/safetynet-fix
Google SafetyNet attestation workarounds for Magisk - Displax/safetynet-fix
github.com
v2.3.1-mod_2.0 is required. Older version won't pass device integrity.
Hid magisk, enabled zygisk and denylist, but didn't need to deny any google apps. No shamiko either.
Use https://play.google.com/store/apps/details?id=gr.nikolasspyr.integritycheck to confirm you pass both device and basic integrity.
Still have L1 too
ktdt00 said:
I did like this but didn't use AirFrozen. I hid Magisk from within Magisk and my banking apps work fine and I'm device certified. Also, when using DenyList I expanded all the Google Play apps and made sure all the subcomponents were selected rather than just the one's picked by default. Accepted my choices with the arrow at the top of the screen rather than the nav button which seemed sometimes to not save my choices. YMMV.
Click to expand...
Click to collapse
I had to use AirFrozen for two of my banking apps. Rest were fine. So in case any banking app doesn't work, you know what to do.