Related
So now Netflix is out of Google Playstore, any clue how magisk going to work around this issue?
Thanks!
Most users can get Netflix, and other apps that use the same check, back by making sure SafetyNet passes (Magisk Hide), clearing data for the Play store and open it up again. A reboot is usually necessary before the apps show up and sometimes it takes a while. A few users have reported that it doesn't work, but I can consistently replicate this on a Nexus 6, Nexus 6P and a OnePlus 3T on different ROMs.
You can check in the Play store settings, at the bottom, if your device is certified or not. SafetyNet pass = certified.
Got Netflix working on the latest version with root using magisk... No problem there
Using Nexus 6p
Sent from my Nexus 6P using Tapatalk
Even if you are not able to get it through the Play Store, there are other ways to get the latest version of an app, like apkmirror. This check doesnt prevent the installation or usage of those Apps, it just hides them on the Play Store.
nemexs said:
So now Netflix is out of Google Playstore, any clue how magisk going to work around this issue?
Thanks!
Click to expand...
Click to collapse
As long as the SafetyNet checks are okay, the store and most apps don't know about root.
The one exception to this and I can't figure it out is an application called [email protected] by Mobile Iron.
Not matter what I do, it can see the compromised status of the phone.
Also Android Wear on my watch can detect the status so Android pay on my watch won't work, not matter what I do.
Yes, I've tried Magisk Hide on just about everything.
Didgeridoohan said:
Most users can get Netflix, and other apps that use the same check, back by making sure SafetyNet passes (Magisk Hide), clearing data for the Play store and open it up again. A reboot is usually necessary before the apps show up and sometimes it takes a while. A few users have reported that it doesn't work, but I can consistently replicate this on a Nexus 6, Nexus 6P and a OnePlus 3T on different ROMs.
You can check in the Play store settings, at the bottom, if your device is certified or not. SafetyNet pass = certified.
Click to expand...
Click to collapse
Interesting. I never noticed that before. However I just checked and my Play Store settings says Uncertified. SafetyNet passes both basic integrity and cts profile match. Netflix appears and downloads via Play Store for me. I even cleared data on the Play Store and rebooted as suggested. Still uncertified, weird.
RoyJ said:
Interesting. I never noticed that before. However I just checked and my Play Store settings says Uncertified. SafetyNet passes both basic integrity and cts profile match. Netflix appears and downloads via Play Store for me. I even cleared data on the Play Store and rebooted as suggested. Still uncertified, weird.
Click to expand...
Click to collapse
Interesting. Since your device can pass SafetyNet I'd expect Netflix (etc) to appear in the Play store, but from reports (and testing) you should first have to make it show as certified. Again: interesting...
About not being able to get "certified": Do you have multiuser active? If so I believe you'll have to clear Play store data for all users before it can show as certified.
Didgeridoohan said:
Interesting. Since your device can pass SafetyNet I'd expect Netflix (etc) to appear in the Play store, but from reports (and testing) you should first have to make it show as certified. Again: interesting...
About not being able to get "certified": Do you have multiuser active? If so I believe you'll have to clear Play store data for all users before it can show as certified.
Click to expand...
Click to collapse
Nope, just me. Can you get your play store to switch being certified or not by enabling and disabling hide? I'm wondering if I was on a ROM or something that was uncertified and it just permanently tagged my device as such?
RoyJ said:
Nope, just me. Can you get your play store to switch being certified or not by enabling and disabling hide? I'm wondering if I was on a ROM or something that was uncertified and it just permanently tagged my device as such?
Click to expand...
Click to collapse
Yes. I can 100% replicate getting my devices to certified or uncertified status by enabling or disabling Magisk Hide (passing or failing SafetyNet).
RoyJ said:
I'm wondering if I was on a ROM or something that was uncertified and it just permanently tagged my device as such?
Click to expand...
Click to collapse
You don't get permanently tagged. My device says uncertified until I enable Magisk hide, clear play store data and reboot. What device do you have and are you using a custom kernel?
Still no go for me. SELinux is set to enforcing, USB debugging disabled, play store certified, passed safetynet, used magisk hide on every apk that had the word "Google" on it, I have rebooted, waited, clear play store data (still certified), waited some more, rebooted again, waited some more... Idk what else to do.
Idc about Nexflix. I am however concerned that other apps will use the same detection method.
It working on mine. I can download and use Netflix.
Pure Nexus.
Franco Kernel.
Magisk 12.
Passes SafetyNet and is Google Playstore Certified.
Edit:
Just clean flashed SAOSP with Franco and Magisk 12.
Still passing SafetyNet but Google Playstore now reports Uncertified. BUT! I still can see, download and use Netflix.
Checking the play store in the magisk hide list worked for me.
mkhcb said:
Still no go for me. SELinux is set to enforcing, USB debugging disabled, play store certified, passed safetynet, used magisk hide on every apk that had the word "Google" on it, I have rebooted, waited, clear play store data (still certified), waited some more, rebooted again, waited some more... Idk what else to do.
Idc about Nexflix. I am however concerned that other apps will use the same detection method.
Click to expand...
Click to collapse
I'm also having this issue on my OnePlus One running unofficial Lineage build. Device shows certified, safetynet passes, magisk hide etc..... still wont show up.
however, for my Nexus 7 tablet running the official lineage build configured the same way, it shows up..
JRJ442 said:
You don't get permanently tagged. My device says uncertified until I enable Magisk hide, clear play store data and reboot. What device do you have and are you using a custom kernel?
Click to expand...
Click to collapse
I have the same situation with my Droid Turbo, I am on latest ROM for my device, MM 6.01 with a kernel to hide unlocked boot. I am on Magisk V12, Safetynet passes, I can see Netflix in playstore, I can also use Android Pay it is functional. Yet Google Playstore says uncertified.
Edit: I cleared playstore cash, rebooted, same result. I added playstore to hidden programs, rebooted same result.
i am on ROM Tesla with Arsenix Kernel on my Oneplus X and passing safety net with Magisk 13 (BETA) and also getting verified in play store can download Netflix but if i start it it says uncompatible with your device. Any suggestions ? should i try Magsik 12 ?
I am also experiencing this.
My OnePlus One running Sultan's unofficial lineageOS with magisk v13 passes safetynet, it also shows certified in google play, android pay works, etc.... but no netflix in gogole play....
My Nexus 7, rooted with magisk v13, it does show up.
My OnePlus 5, official OOS with magisk v13 passes safetynet, it also shows certified in google play, android pay, etc..... it DID have netflix, HOWEVER.... I played around a bit with different magisk versions and the latest magisk beta was not passing safetynet.... I wiped my phone and went back to using my previous setup but now no mater what I do, I can't get netflix to show back up.
I'm going to agree with others saying that their device gets flagged, because I believe this is what I am also experiencing with my OP5
EDIT: I cleared play store cache/data (which I have already been doing) and then restarted the phone before going back into the play store, that seemed to fix it for my OP5
I used to find netflix with magisk hide now it dont show anymore even through my safatynet is bypassed and phone is showing certified on playstore ...... Cleaned everything and restarted my phone múltiple times yet no netflix... Anyboby got a fix?
lexie90 said:
I used to find netflix with magisk hide now it dont show anymore even through my safatynet is bypassed and phone is showing certified on playstore ...... Cleaned everything and restarted my phone múltiple times yet no netflix... Anyboby got a fix?
Click to expand...
Click to collapse
There is always apkpure. An alternative to playstore with updates. That's how I got netflix back after my last clean flash since I forgot to back it up
NOt really a problem but Magisk Hide is on and SafetyNet check is a pass, but my play store shows uncertified.
I can still download Netflix and use it like normal.
EDIT; Clearing Play Store data seemed to fix it
Introduction
Fix UNCERTIFIED status in Play Store for OP2/OP3/Note4 and maybe more.
Uncertified status may lead to some restrictions on specific apps (saying Netflix). It is not only judged by SafetyNet status but also some build props in your ROM. So this module does NOT may or may not help you to pass SafetyNet.
More specifically, to pass SafetyNet, if you are on a custom ROM/Kernel,
a patch in your kernel like this is REQUIRED (maybe optional because of MagiskHide?)
If you are on stock ROM or other ROMs that enabled dm-verity, never touch system part.
SELinux is always enforcing
Installation
Search for "Play Store Visa" in Magisk Manager or download at Github.
Support for New Devices
This module made it by injecting proper build fingerprint properties per device, most commonly ro.build.fingerprint. So device support is highly dependent on a working build fingerprint from a certified stock ROM. You can test and find a combination by your own and add to service.sh accordingly.
I used to find those fingerprints hard to search around. Although one fingerprint may work for all devices of a kind, but people barely shares it. Pull requests are very welcomed so we may help one another!
Define: a working fingerprint
For the time being, I test the prop edits working by:
clean data of Play Store
reboot for the module to apply (or invoke resetprop through adb)
open and check certification status in settings. (may have some delay)
search for Netflix in Play Store.
If you can see Netflix in search results after wiping store's data, then your props edits are good to go!
Enjoy
Q&A
Q:
Only for OP2/OP3/note4? Not support for other device?
A:
To support other device, we need the value of `ro.build.fingerprint` from a stock ROM. I don't own other devices so I may not have chance to extract it. Contributions are welcomed, and I may search for other useful ones in the future..
Q:
What's the difference between this module and this one?
A:
We both solved part of the problem, see my explanation below. I'm happy to contribution my parts, if necessary, to prevent reinventing the wheels.
XDA:DevDB Information
Play Store Visa, App for all devices (see above for details)
Contributors
ttimasdf
Source Code: https://github.com/Magisk-Modules-Repo/playstore_certification_bypass
Version Information
Status: Beta
Created 2018-03-26
Last Updated 2018-03-31
Only for OP2/OP3/note4?
Not support for other device?
What's the difference between this module and this one?
ttimasdf said:
More specifically, to pass SafetyNet, if you are on a custom ROM/Kernel,
a patch in your kernel like this is REQUIRED
If you are on stock ROM or other ROMs that enabled dm-verity, never touch system part.
SELinux is always enforcing
Click to expand...
Click to collapse
That patch you're talking about is unnecessary if you use Magisk. MagiskHide already changes ro.boot.verifiedbootstate to "green".
MagiskHide also hides a permissive SELinux, so keeping it enforcing isn't necessary to pass SafetyNet if you use Magisk. Although keeping SELinux enforcing is highly advisable...
I'm also curious as to what observations you've made about SafetyNet and a certified Play Store. From my own (very light) research I've found that it relies on SafetyNet. Not directly, but the CTS profile matching part. From the link to Google support in the OP:
If your device is uncertified, Google doesn’t have a record of the Android compatibility test results.
Click to expand...
Click to collapse
If your device hasn't passed the Android compatibility test, it won't be reported as certified in the Play Store, and it won't pass SafetyNet. On the other hand, if you pass SafetyNet, your device has passed the compatibility test, and then it'll also be certified in the Play Store.
Would love the hear your findings if you're up to sharing.
---------- Post added at 13:27 ---------- Previous post was at 13:25 ----------
abacate123 said:
What's the difference between this module and this one?
Click to expand...
Click to collapse
Quite similar in that we both change the device fingerprint. We go about it a bit different, and mine has a couple of other features as well.
My play store don't have "Device certification" tab :'(
zerlkung said:
My play store don't have "Device certification" tab :'(
Click to expand...
Click to collapse
Can you find and install Netflix? If so, your device is certified. If not, it's uncertified.
Was this created in response to Google blocking GApps on uncertified devices/roms? If so then that is great, I didn't expect a solution to come out so fast.
That being said, based on current reports it would not be hard to create a universal "coyote mode" by getting the existing ro.build.fingerprint and then modifying the build date portion so that it is before March 2018. Said mode would not make the device certified if it wasn't already but would allow GApps to run normally thus the term "coyote mode" (a coyote is a person who smuggles other people across the border).
nl3142 said:
Was this created in response to Google blocking GApps on uncertified devices/roms? If so then that is great, I didn't expect a solution to come out so fast.
Click to expand...
Click to collapse
Google is not blocking gapps for custom roms. At least not yet.
In fact, you can actually register an uncertified device using a custom rom (it says android id, but it'll accept the imei number) here: https://www.google.com/android/uncertified/
abacate123 said:
Google is not blocking gapps for custom roms. At least not yet.
In fact, you can actually register an uncertified device using a custom rom (it says android id, but it'll accept the imei number) here: https://www.google.com/android/uncertified/
Click to expand...
Click to collapse
Though since the Android ID is regenerated after either every factory reset (pre-Oreo) or even every boot (Oreo) it will be pretty easy to run into the 100 Android ID limit.
nl3142 said:
Though since the Android ID is regenerated after either every factory reset (pre-Oreo) or even every boot (Oreo) it will be pretty easy to run into the 100 Android ID limit.
Click to expand...
Click to collapse
IMEI fellow...
abacate123 said:
IMEI fellow...
Click to expand...
Click to collapse
Which wifi only devices like tablets don't have, so obviously that isn't going to work.
Cbk | Unknown said:
Only for OP2/OP3/note4?
Not support for other device?
Click to expand...
Click to collapse
As said above, to support other device, we need the value of `ro.build.fingerprint` from a stock ROM.
I don't own other devices so I may not have chance to extract it. So we only need some contributions
abacate123 said:
What's the difference between this module and this one?
Click to expand...
Click to collapse
Oh, I know that module but didn't read it's doc until you mentioned. In a word, the same solution for different questions.
My problems is, my ctsProfile is True for my phone but I cannot get Netflix from the store. But after some props edit it just works so I published my solution. Maybe I could make a PR into it
Didgeridoohan said:
That patch you're talking about is unnecessary if you use Magisk. MagiskHide already changes ro.boot.verifiedbootstate to "green".
MagiskHide also hides a permissive SELinux, so keeping it enforcing isn't necessary to pass SafetyNet if you use Magisk. Although keeping SELinux enforcing is highly advisable...
I'm also curious as to what observations you've made about SafetyNet and a certified Play Store. From my own (very light) research I've found that it relies on SafetyNet. Not directly, but the CTS profile matching part. From the link to Google support in the OP:
If your device hasn't passed the Android compatibility test, it won't be reported as certified in the Play Store, and it won't pass SafetyNet. On the other hand, if you pass SafetyNet, your device has passed the compatibility test, and then it'll also be certified in the Play Store.
Would love the hear your findings if you're up to sharing.
---------- Post added at 13:27 ---------- Previous post was at 13:25 ----------
Quite similar in that we both change the device fingerprint. We go about it a bit different, and mine has a couple of other features as well.
Click to expand...
Click to collapse
Your project goes a lot further than mine but I didn't notice it as a key to my problem :silly:
From my finding, SafetyNet ctsProfile seems to rely solely on ro.build.fingerprint and the "certified" status does the same. The rom I used on Note4 patched the fingerprint and passed SafetyNet from the very beginning.
But Play Store seems to have more verifications on other build props, in my case, ro.build.version.release, ro.build.version.incremental to match the ones in fingerprint. The patch I used for OP3 did not patched them (for I have no time to inspect) so I passed SN, get certified, but still cannot search for Netflix. I don't know it's a more strict policy enforced by Netflix or Google but it makes the certification imperfect. Maybe we shall look into this together
ttimasdf said:
Oh, I know that module but didn't read it's doc until you mentioned. In a word, the same solution for different questions.
My problems is, my ctsProfile is True for my phone but I cannot get Netflix from the store. But after some props edit it just works so I published my solution. Maybe I could make a PR into it
Your project goes a lot further than mine but I didn't notice it as a key to my problem :silly:
From my finding, SafetyNet ctsProfile seems to rely solely on ro.build.fingerprint and the "certified" status does the same. The rom I used on Note4 patched the fingerprint and passed SafetyNet from the very beginning.
But Play Store seems to have more verifications on other build props, in my case, ro.build.version.release, ro.build.version.incremental to match the ones in fingerprint. The patch I used for OP3 did not patched them (for I have no time to inspect) so I passed SN, get certified, but still cannot search for Netflix. I don't know it's a more strict policy enforced by Netflix or Google but it makes the certification imperfect. Maybe we shall look into this together
Click to expand...
Click to collapse
Hm... I'm wondering. From what I've tested and seen reported, all that is needed is to pass SafetyNet for your device to be certified. On that we're on the same page though.
I've also seen reported (and experienced) that even after getting your device certified in the Play Store, it can take several reboots and/or up to a whole day before the apps that rely on the certification status (Netflix, etc) to show up/install. Could it be that you were simply experiencing a delay when you couldn't install Netflix? It's possible that any other props are part of the new Gapps blocking on uncertified devices, but somehow I don't think so... I will do more research and report back.
And as a side note, about the CTS profile test:
Changing the device fingerprint is only one part of making a device pass. That causes the devices to be recognised as a certified device with trusted software, even if the manufacturer hasn't certified the device or if you've installed a custom ROM (both would normally cause ctsProfile to be false). It will also report false if your bootloader is unlocked or if you've rooted your device, but both of these will be taken care of by MagiskHide. Xposed will of course also cause issues, but for the ctsProfile check this can actually be fooled by the No Device Check Xposed module. It'll still cause a basic integrity failure though, and be detected in other ways.
I'll be back...
Didgeridoohan said:
Hm... I'm wondering. From what I've tested and seen reported, all that is needed is to pass SafetyNet for your device to be certified. On that we're on the same page though.
I've also seen reported (and experienced) that even after getting your device certified in the Play Store, it can take several reboots and/or up to a whole day before the apps that rely on the certification status (Netflix, etc) to show up/install. Could it be that you were simply experiencing a delay when you couldn't install Netflix? It's possible that any other props are part of the new Gapps blocking on uncertified devices, but somehow I don't think so... I will do more research and report back.
And as a side note, about the CTS profile test:
Changing the device fingerprint is only one part of making a device pass. That causes the devices to be recognised as a certified device with trusted software, even if the manufacturer hasn't certified the device or if you've installed a custom ROM (both would normally cause ctsProfile to be false). It will also report false if your bootloader is unlocked or if you've rooted your device, but both of these will be taken care of by MagiskHide. Xposed will of course also cause issues, but for the ctsProfile check this can actually be fooled by the No Device Check Xposed module. It'll still cause a basic integrity failure though, and be detected in other ways.
I'll be back...
Click to expand...
Click to collapse
Thanks for the hint. I do a few tests today. My module seems to be broken today but after added Play Store and `com.google.android.gsf` to MagiskHide list it works again.
And most interestingly, the fingerprint for my Note4 from the ROM seems to be blacklisted by Google.
I wiped data, disabled module, reboot. Device become uncertified and even cannot pass `basic integrity`. wipe-enable-reboot become certified and able to download again.
It's a cat and mouse game after all:angel:
Also I tested for the "delay" you mentioned. After a wiped reboot, tested 2 out of 3 times the Netflix shows in result. However, whether it can start download still depends on the certification status. If uncertified, download will say error after some time. With module enabled, the download succeeded normally. So Netflix is the most timely and accurate way to speak if your device is certified.
For I have not yet used any apps that check SafetyNet status at runtime, maybe I'll check it later.
Profound Thanks For You. Your Module Was Useful To Make A Specified One For My Phone. :good:
After installing this module, I get force close popup in most Google and non Google apps. FYI, I also have Youtube Vanced installed via Magisk module. I uninstalled the module but I still get the same popups. Also, the device remains certified. Is there any way to actually undo everything? From what I can understand, my device should remain uncertified for everything to work.
GeorgePr said:
After installing this module, I get force close popup in most Google and non Google apps. FYI, I also have Youtube Vanced installed via Magisk module. I uninstalled the module but I still get the same popups. Also, the device remains certified. Is there any way to actually undo everything? From what I can understand, my device should remain uncertified for everything to work.
Click to expand...
Click to collapse
This module merely changed some build props, if and only if your device is supported. Theoretically it should not mess other things around. Check your logcat if there's anything worth notice and clear app data if necessary
ttimasdf said:
As said above, to support other device, we need the value of `ro.build.fingerprint` from a stock ROM.
I don't own other devices so I may not have chance to extract it. So we only need some contributions
Click to expand...
Click to collapse
I made a screenshot from my Pixel 8.1 stock - april security patch
Maybe can help for pixel support :good:
Sent from my Google Pixel using XDA Labs
It is working on my Nexus 7 2013 WiFi tablet. Running Flo classic asop 8.1 r28 May 2018 version with Ground Zero Gapps. Did the clear data (clear cache alone didn't work) rebooted and open Playstore, my apps updates and installed tabs show zero item. A few hours later, check again and I get a Certified in Playstore settings.
Thank you, good job! :good:
Also trying on OnePlus One running AEX 8.1 v5.5. currently updates and installed tabs are also zero item. Going to let it be and see if it will populate over time. Under Playstore version build number, nothing under. Before installing Visa module, it say uncertified.
Library tabs on both show my history of apps.
Hello.
I used the Santander UK banking app quite frequently.
I recently rooted my S7 Edge (SM-G935F) with Magisk and installed LineageOS 15.1. I pass safetynet completely, Google Play says my device is certified, and, with Magisk Hide, I pass all checks in RootBeer Sample.
I have enabled Magisk Hide on the Santander UK app, force stopped it, cleared its data, and rebooted my phone.
But when I try to open it, it detects my device as rooted. Are there any ways to get around this, or will I have to use the web version?
Thanks.
You're not alone!
Lots of people are having the same issue, I have already opened a thread for this and have listed the link is below. Feel free to update us when you have further information!
https://forum.xda-developers.com/apps/magisk/magisk-hide-longer-hiding-root-t3823214
Regards
Check this out peeps, i might be onto smt: https://forum.xda-developers.com/showpost.php?p=77240186&postcount=93
Permanent fix
To all those people who are having this issue, there is now a permanent fix to get around this. Please see the following post/thread:
https://forum.xda-developers.com/showpost.php?p=77331765&postcount=99
Mo
Hello,
today my phone suddenly wrote to me that it is no longer possible to use google pay.
Phone Pixel 5. Stock firmware.
Google pay reports that the device is certified.
I use magical canary 23001. I have the safetynet fix module installed.
Google pay does not work. And magisk reports an error when verifying the safetynet.
Any help please?
Just to say that the same occurred to me on a Oneplus 8 pro: Google Pay says the phone is not safe and Safetynet fails with basicintegrity (-), ctsProfile (-) and evaltype = basic. The cause seems to have been a Google Pay update two days ago (or, more probably, Google Play Services or the like, since I had disabled Google Pay updates). I have universal safetynet fix and magiskhide props config installed. If anyone could help, I'd appreciate. Let me know if I have to post more information. Thanks
UPDATE - A guy on Reddit says he fixed it by uninstalling EdXposed. Actually, I had that module and removed it and now I seem to pass the safetynet test, although Google Pay still has some issues (I will try cleaning data and cache, and possibly do the same to Google Play Services, I am also trying to put Google Services Framework under Magiskhide...). He says LSPosed (instead of EdXposed) should be fine, which it apparently is.
andrearesti said:
UPDATE - A guy on Reddit says he fixed it by uninstalling EdXposed. Actually, I had that module and removed it and now I seem to pass the safetynet test, although Google Pay still has some issues (I will try cleaning data and cache, and possibly do the same to Google Play Services, I am also trying to put Google Services Framework under Magiskhide...). He says LSPosed (instead of EdXposed) should be fine, which it apparently is.
Click to expand...
Click to collapse
Thanks for this update. Was having the same issue on my OP6T. I had already eyed at switching to a different Xposed clone since this keeps occuring every few weeks. Maybe now is a good time as ever.
Great. Thanks you so much.
Hello,
my Oneplus 7+ is running stock Android 11. Magisk has been installed and since a month ago everything was working fine (even DKB TAN2go and other banking apps). Last month an update for Comdirects Photo TAN was released and it stopped working. Luckily I was not the only one to encounter it and the description from @ralphabt here solved the issue for me.
Since this morning Google Pay stopped working (of couse I only noticed when I tried to pay and had my wallet nearby). SafetyNet fails (basic and cts). If I disabled the modules that I installed for the PhotoTan fix, SafetyNet is working again.
I found the MagiskHide Props Config, which I don't have a problem installing and testing, but I was wondering if there anything else I can try before fixing an issues that is caused by a solution for another issue.
Thanks a lot!
If SafetyNet now triggers from the Riru/EdXposed stuff you'll likely have to wait for an update to those modules (or try the latest beta/alpha/canary releases). Or try LSPosed instead (seems like more people have success with that). It's a cat and mouse game...
Im still waiting for anyone to give me a valid reason to use Xposed of any sort....
I pulled it out recently after jettisoning Xposed back in Marshmallow days, and was completely unsurprised that in my attempts to avoid root detection when i was having bank app issues it just broke things harder
Your biggest issue is getting SafetyNet pass...
Getting Google Pay and banking apps is another level...
My current setup for working bank apps (my bank at least) and working Samsung Pay & Google Pay is, should you wish to have a crack:
Magisk Alpha - here (second most recent at time of posting) or here for latest:
Riru - here
Riru-Momohider - my own mod of that module attached to my post here (where i just added creation of the 4 optional config options to the installations script, to avoid manual jiggery pokery, touching 4 files in a terminal every ROM flash didnt seem like a fun thing after the 3 ROMS i tested that week i started using Riru-Momohider)
Im talking those are the only modules i use. Even a simple font replacement module will give up a system modification to most root detection apps. So no fonts, no emojis swapping, no fiddly shizz. Keep it simple.
You can get an idea of what may be setting things off via Magisk Detector here, or VD Infos here (apologies to Didge, as mentioning that may be a trigger )
And i now get to tell you that this only currently works on 2 ROM's for my device, all the others cough up the existence of root through modifications made by devs to build.prop etc
So even in the best circumstances, and with all the right magisk and riru modules, the ROM youre using can still betray you.
Isnt that fun?
Worth pointing out (so frequently am i pointing this out these days im thinking of removing the link to my GPay Magisk Module from my sig) that for like 6 months now its been unnecessary for a lot of people to
a) Use the Google Pay db fix originally sussed out by @BostonDan, or my Magisk Module that does the same thing
and
b) Enable MagiskHide for Google Pay...
Actually getting SafetyNet is rather easy - if I remove EdXposed and XPrivacyLua it is working again and Google Pay as well. I only installed (my only reason) it, as it was required to get that banking app running.
I am using different banking apps and it the past the one from german DKB was rather difficult, but with newest Magisk (23) and Magisk Hide it is working.