Related
I was using the Xposed framework today and every app kept crashing so disabled Xposed framework and related modules.
However, afterwards my banking apps stopped working.
These apps are logging me off because they detect my phone has been jailbroken.
The app in question is Lloyds banking app (UK)
I have Magisk 16.0 on a Samsung S8 G950F with renovate ice 7.2 installed
Everything was working before
When I tap on safety net check i get all success
In Magisk hide the apps I want to hide the status of are checked (lloyds being one)
I uninstalled, cleared cache of the app, restart the phone and installed the app again, then before starting it up I checked the option in Magisk hide and then opened the app. However it didn't work.
Any idea what I am missing?
Thank you
http://www.didgeridoohan.com/magisk/MagiskHideHidingRoot
Tried those options already
Hide Magisk manager but didn't work
I would uninstall the banking app or delete it's memory completely. The app might have stored the root status and a phone usually does not unroot anymore.
Unfortunately the banks do not see that the owner of a rooted phone usually works more on keeping his phone safe and free of ads.
I'm going to try that again but doubt it will work as I have tried it already. Maybe there's something residual left that can't be removed even after cleaning the data. I see a lot of apps folder in my file manager from apps that I deleted ages ago.
LLoyds bank
went to bank info and cleared cache and data
Uninstalled app
went to file manager and removed residual files folders
installed clean master and did a cache junk file clean up
restart phone in recovery and cleared cache and dalvic cache
rebooted phone and installed lloyds banking app
opened magisk manager before opening lloyds and ticked lloyds app in magisk hide
opened app and inputted login information
same error: your device appears to be jailbroken etc
Have you tried with Magisk v16.7 (MagiskHide has been improved since v16.0)?
Have you tried repackaging the Manager?
Have you tested if the app is detecting Magisk in the Manager name?
Have you tried grabbing a logcat, to see if it's possible to figure out what's happening?
Etc...
In other words: All of the things that are found in the link I gave you earlier.
is your kernel set to permissive? ive noticed if i set kernel to enforcing then my banking app works with magisk hide. im with santander uk
dead0 said:
is your kernel set to permissive? ive noticed if i set kernel to enforcing then my banking app works with magisk hide. im with santander uk
Click to expand...
Click to collapse
That is interesting. MagiskHide should be able to hide a permissive SELinux. I wonder why it doesn't seem to work...
Didgeridoohan said:
That is interesting. MagiskHide should be able to hide a permissive SELinux. I wonder why it doesn't seem to work...
Click to expand...
Click to collapse
it is strange... seems on latest builds of banking apps, they are somehow still detecting if kernel is permissive or enforcing.
cpu2007 said:
I was using the Xposed framework today and every app kept crashing so disabled Xposed framework and related modules.
However, afterwards my banking apps stopped working.
These apps are logging me off because they detect my phone has been jailbroken.
The app in question is Lloyds banking app (UK)
I have Magisk 16.0 on a Samsung S8 G950F with renovate ice 7.2 installed
Everything was working before
When I tap on safety net check i get all success
In Magisk hide the apps I want to hide the status of are checked (lloyds being one)
I uninstalled, cleared cache of the app, restart the phone and installed the app again, then before starting it up I checked the option in Magisk hide and then opened the app. However it didn't work.
Any idea what I am missing?
Thank you
Click to expand...
Click to collapse
If it's anything like Barclays's App, once it detects a rooted phpne, that's it - you're stuffed, as the App sends the phone's identity to Barclays's blacklist. The only way out is a reflash, which will give the phone a new identity.
.
DaystromLIVR said:
If it's anything like Barclays's App, once it detects a rooted phpne, that's it - you're stuffed, as the App sends the phone's identity to Barclays's blacklist. The only way out is a reflash, which will give the phone a new identity.
.
Click to expand...
Click to collapse
To follow-up, it appears that Barclays doesn't use SafetyNet, but something called libShield (??!).
Whenever Barclays detects root on one of my phones, I have to reflash it to stock, thus giving it a new identity.
I have to follow this sequence, in order to prevent tripping:
Reflash the device to stock
Make sure you get Magisk installed BEFORE re-installing the banking app.
Once you've installed the banking app, DO NOT RUN IT yet.
Make sure MagiskHide is ticked for that banking app (and any related apps, like Pingit).
Do the 'randomise Magisk\'s package name' thing.
Set the Superuser thing to 'deny' by default (Barclays seems to trip if it detects that a user is pressing DENY, by the longer time taken).
Reboot
Make sure everything is working
Then, start the app, and begin the reregistration process.
It's happened on me to. On Bank Mandiri App. On other Bank running normaly. The issues happened after upgrade into Magisk 17.1
On Magisk 16.x it's Work without any issue.
Any clues what going on and how to fix it?
repackaging the Manage with a random name is the trick,i did it and its works
In my case (RaiPay in Romania) I did all things except reflashing and it did not work.
Logcat: https://gist.github.com/eusebiu/8110ef85b1d4093c557b32a101fac299
eusebium said:
In my case (RaiPay in Romania) I did all things except reflashing and it did not work.
Logcat: https://gist.github.com/eusebiu/8110ef85b1d4093c557b32a101fac299
Click to expand...
Click to collapse
Hi, I also have RaiPay (Czech rep.), please try to change SELinux to "enforcing" with this module, it works for me:
https://forum.xda-developers.com/apps/magisk/module-magisk-selinux-manager-t3760042
PlagueCz said:
Hi, I also have RaiPay (Czech rep.), please try to change SELinux to "enforcing" with this module, it works for me:
https://forum.xda-developers.com/apps/magisk/module-magisk-selinux-manager-t3760042
Click to expand...
Click to collapse
Hey! Thanks for replying! In my case it was already set to "enforcing". I tried changing it using KA-Mod from enforcing to permissive and back but still same result.
eusebium said:
Hey! Thanks for replying! In my case it was already set to "enforcing". I tried changing it using KA-Mod from enforcing to permissive and back but still same result.
Click to expand...
Click to collapse
Hi, sry I didn't reply, too busy.
Please try following Magisk modules:
Busybox for Android NDK
Magisk SELinux Manager (set to enforcing)
MagiskHide Props Config
SafetyPatch
SQLite for ARM aarch64
Modules can be found in Magisk "Downloads" tab (except SELinux manager).
I have these modules installed and my RaiPay works, in combination with enforcing SELinux. I think both our RaiPay apps are very similar if not the same.
PlagueCz said:
Hi, sry I didn't reply, too busy.
Please try following Magisk modules:
Busybox for Android NDK
Magisk SELinux Manager (set to enforcing)
MagiskHide Props Config
SafetyPatch
SQLite for ARM aarch64
Modules can be found in Magisk "Downloads" tab (except SELinux manager).
I have these modules installed and my RaiPay works, in combination with enforcing SELinux. I think both our RaiPay apps are very similar if not the same.
Click to expand...
Click to collapse
Thanks for answering! I think the SafetyPatch was not correctly installed as I get an error message at boot (something with Android has an internal system error. Contact the manufacturer) => not working...
eusebium said:
Thanks for answering! I think the SafetyPatch was not correctly installed as I get an error message at boot (something with Android has an internal system error. Contact the manufacturer) => not working...
Click to expand...
Click to collapse
Yes, I get the same message, is your RaiPay working? And have you tried RaiPay without Magisk installed on your device?
I recently rooted my new Mi A2 Lite using Magisk.
So my current banking app detected the root and now I cannot use it anymore. I tried Root Cloak and MagiskHide but both of them did not work either. It still shows the message saying my phone is rooted.
How do I debug that now. I need it to be working anyhow.
App: K-Plus; play.google.com/store/apps/details?id=com.kasikorn.retail.mbanking.wap
https://didgeridoohan.com/magisk/MagiskHideHidingRoot
arunsharmaofficial said:
I recently rooted my new Mi A2 Lite using Magisk.
So my current banking app detected the root and now I cannot use it anymore. I tried Root Cloak and MagiskHide but both of them did not work either. It still shows the message saying my phone is rooted.
How do I debug that now. I need it to be working anyhow.
App: K-Plus; play.google.com/store/apps/details?id=com.kasikorn.retail.mbanking.wap
Click to expand...
Click to collapse
I recently had the same problem, but with a different banking app.
What helped me in the past was to hide Magisk Manager with a random package name. It is an option in Magisk Manager itself. Unfortunately it doesn't work anymore but i could mask Magisk Manager with the Samsung app S Secure and now it's working again .
This was included in my Galaxy S7 ROM so you probably need to find the apk for the app or find a similiar working app for your phone model.
Hope this helps.
Daci54 said:
I recently had the same problem, but with a different banking app.
What helped me in the past was to hide Magisk Manager with a random package name. It is an option in Magisk Manager itself. Unfortunately it doesn't work anymore but i could mask Magisk Manager with the Samsung app S Secure and now it's working again .
This was included in my Galaxy S7 ROM so you probably need to find the apk for the app or find a similiar working app for your phone model.
Hope this helps.
Click to expand...
Click to collapse
Alright! Can you clarify what on how to hide Magisk with a different package name. I am still pretty new to Magisk. Thanks.
arunsharmaofficial said:
Alright! Can you clarify what on how to hide Magisk with a different package name. I am still pretty new to Magisk. Thanks.
Click to expand...
Click to collapse
Open Magisk Manager, go to settings and tap on Hide Magisk Manager. If your banking app doesn't work right away try a restart. If it still doesn't work try to mask Magisk Manager with S Secure or similiar apps.
The magisk hide feature does not work
nm180618 said:
The magisk hide feature does not work
Click to expand...
Click to collapse
It does work, the steps I took were:
1) Install Banking app
2) Open it and get notified about the phone being rooted
3) Use Magisk Hide feature to hide the Banking app
4) Go to phone's app settings
5) Baking app settings
6) Clear storage data (Clearing only the cache could work too, I didn't test it)
7) Profit!
Hope that works for you.
Magisk hide doesn't seem to be working for me. Magisk says it's working and safety net passes, but I've tested multiple apps and they can see that I'm rooted. Hiding magisk with a random package name doesn't work either.
Yesterday I installed magisk and went to hide options and checked my banking app. I was amazed to see banking app allowing me to do everything without limited functionality due to "root" like before. But today banking app detected root again and limited all functions, how? There haven't been any updates for banking app yet it seemed to no longer be fooled by magisk.
Same goes for me with the K-Plus app as well. (สวัสดีคับผม) Use Magisk Hide to hide the root access but it crashes the bank app instead.
Not sure what I've missed.
Gpay and banking are still detecting root/custom rom
Magisk and manager installed.
module SaMoDXv1 installed.
Safteynet is showing green
gpay and banking apps hidden
Using hide magisk function
removed all Magisk related stuff from SD card.
Cleared cache from gpay and banking apps .
Turned off usb debugging.
What else is there?
Just installed root checker basic, it sees root. I hide magisk from it and it still sees root. Is that right?
beythas said:
Same goes for me with the K-Plus app as well. (สวัสดีคับผม) Use Magisk Hide to hide the root access but it crashes the bank app instead.
Click to expand...
Click to collapse
Try following the 'Promon' section in https://github.com/Ingan121/UDSBypass
Hi,
I'ould like installing Fde.ai on my One plus 6 rooted with Ice Renovate 11.1 rom, but I'm not sure that installation is compatible with "Rice tweaks", a tweak app for this rom no my device.
Peraphs there is someone who does know the answer?
Tks and regards.
Roberto
What I do
Go to setting -> Magisk Hide -> disable then enable.
This way worked with me .
I used Magisk Manager v 7.2.0 (213).
Magisk v 19.3 (19300).
What worked for me is using the "Hide Magisk Manager" feature in settings. Now apps are not promoting about device being rooted and are running fine now.
Anyone solved this problem?
I still have a banking app with this problem. I tried many times but still not working.
Magisk hide dont work for this app.
nguyenlinh said:
Anyone solved this problem?
I still have a banking app with this problem. I tried many times but still not working.
Magisk hide dont work for this app.
Click to expand...
Click to collapse
So far there are very few apps that I've seen that can not be tricked with tips from the guide linked in the second post of this thread. Give it a shot...
Can you try it?
https://play.google.com/store/apps/details?id=vietcombank.itcenter.smartotpcorp
I Cannot run this app.
Thanks
nguyenlinh said:
Can you try it?
https://play.google.com/store/apps/details?id=vietcombank.itcenter.smartotpcorp
I Cannot run this app.
Thanks
Click to expand...
Click to collapse
Runs fine with the app on the Hide list and the Magisk Manager repackaged with a random name.
More:
https://www.didgeridoohan.com/magisk/MagiskHide#hn_Hiding_root_from_apps
Can someone check this for me?
https://play.google.com/store/apps/details?id=no.apps.dnbnor&hl=en_US
Iam using MH v60 with 19.3 still nothing. Iam fighting with that about 4 months now((((
Hi
I have a problem in the clubhouse app that login not complete on any rooted device ... no problem on Non Root devices
I hide magisk app add clubhouse to magisk hide and EDExposed blacklist but still not working.
also, the same issue is in Mcdonald's app.
any idea how to solve these issues
Note: My Bank app works after adding it to magisk hide and hide magisk app, which means i did it right.
thanks
anyone help me please
Have you tried removing the Magisk app? That's a popular way of detecting Magisk, even with a repackaged app. It's practically impossible to completely hide it on anything below Android 11, and even then it's necessary for the app to target A11 for full hiding to work (which won't happen until Google enforces that, maybe later this year).
Of course, Xposed/EdXposed/LSPosed tools can probably be used to hide the app fully...
Didgeridoohan said:
Have you tried removing the Magisk app? That's a popular way of detecting Magisk, even with a repackaged app. It's practically impossible to completely hide it on anything below Android 11, and even then it's necessary for the app to target A11 for full hiding to work (which won't happen until Google enforces that, maybe later this year).
Of course, Xposed/EdXposed/LSPosed tools can probably be used to hide the app fully...
Click to expand...
Click to collapse
thanks for your reply
if i removed magisk .. everything that use root will stop and i don't want that
also can you please tell me how to hide the app fully using EDXposed
I did not say "remove Magisk"... I said "remove the Magisk app". Just uninstall the app and try and see if Clubhouse still triggers. If it works we know it's looking for the app and you'll have to either freeze/uninstall the Magisk app when using Clubhouse and then reinstall it again afterwards, or use one of the available isolation methods. I've got a few of those mentioned here, but I'm sure you can find more if you search (it's been covered a lot):
https://www.didgeridoohan.com/magisk/MagiskHide#hn_Isolation_apps
zamlkawy said:
Hi
I have a problem in the clubhouse app that login not complete on any rooted device ... no problem on Non Root devices
I hide magisk app add clubhouse to magisk hide and EDExposed blacklist but still not working.
also, the same issue is in Mcdonald's app.
any idea how to solve these issues
Note: My Bank app works after adding it to magisk hide and hide magisk app, which means i did it right.
thanks
Click to expand...
Click to collapse
for Mcdonald's try this
[MOD][XPOSED][4.1+] McRoot (McDonalds Global App)
McRoot McDonalds Global App security fix Remove checks of: root unacceptable apps unacceptable device properties (developer options etc) Note: The app requests SafetyNet pass! Use Magisk+Riru+Riru-Unshare etc Install notes: install apk...
forum.xda-developers.com
Hi. I also have Magisk installed on my device. I uninstalled Magisk app, tried logging into clubhouse again, but still the issue persists.
After receiving the missed call while trying to sign in, I get the notification, 'There was an error please try again'
Clearing the clubhouse app data, uninstalling and reinstalling the app again hasn't helped at all. I get the same issue.
I have Magisk 23.0 installed on my Oneplus5T running Android 10.
I can't get anywhere with the AZ Mobile ID (https://play.google.com/store/apps/details?id=com.idemia.mobileid.us.az&hl=en_US&gl=US). I have a OnePlus 9 Android 11, rooted with stable v23. Passes Safertynet. Every other app works for me - banking (citi, wells fargo, amex), payment (paypal, venmo, cashapp), stores (wawa, quickchek, circle k).
The AZ Mobile ID app will not start at all. Click on the icon, and nothing happens - it like I didn't even click on it. It I click on it again, I get the android popup "AZ Mobile ID keeps stopping."
Has anyone gotten this app to work, or possibly another app by Idemia R&D?
mx597turbo said:
I can't get anywhere with the AZ Mobile ID (https://play.google.com/store/apps/details?id=com.idemia.mobileid.us.az&hl=en_US&gl=US). I have a OnePlus 9 Android 11, rooted with stable v23. Passes Safertynet. Every other app works for me - banking (citi, wells fargo, amex), payment (paypal, venmo, cashapp), stores (wawa, quickchek, circle k).
The AZ Mobile ID app will not start at all. Click on the icon, and nothing happens - it like I didn't even click on it. It I click on it again, I get the android popup "AZ Mobile ID keeps stopping."
Has anyone gotten this app to work, or possibly another app by Idemia R&D?
Click to expand...
Click to collapse
I have a Pixel 3a running Android 11, Magisk v23 stable and passes Safetynet. I also have the Magisk app hidden since I was having problems with another app giving warnings that my phone was rooted.
I was able to get the app working. I installed the app but did not open it. Then went to Magisk hide and hid the app. After hiding the app, you should be able to open the app. I did notice that I had to click on the app twice before it initially opened but that could have been my problem and not necessarily the app.
mx597turbo said:
I can't get anywhere with the AZ Mobile ID (https://play.google.com/store/apps/details?id=com.idemia.mobileid.us.az&hl=en_US&gl=US). I have a OnePlus 9 Android 11, rooted with stable v23. Passes Safertynet. Every other app works for me - banking (citi, wells fargo, amex), payment (paypal, venmo, cashapp), stores (wawa, quickchek, circle k).
The AZ Mobile ID app will not start at all. Click on the icon, and nothing happens - it like I didn't even click on it. It I click on it again, I get the android popup "AZ Mobile ID keeps stopping."
Has anyone gotten this app to work, or possibly another app by Idemia R&D?
Click to expand...
Click to collapse
If you have installed the titanium backup and/or AFWall then either hid them with HMA or uninstall in addition to adding AZ Mbile ID to the MagikHide and you will got it works as i did.
@desertcat and @Eng.Raman thank you both for the help. I followed both your suggestions, including deleting my twrp folder, hiding AZ MID in magisk, renaming magisk, freezing magisk manager with Airfrozen, and deleting TiBackup. Nothing helped so far, getting the same exact behavior as before - click on the icon, and nothing happens. Click again and get the android popup.
Would you mind sharing what modules you're running in Magisk? Maybe one of mine is causing the issue...
mx597turbo said:
@desertcat and @Eng.Raman thank you both for the help. I followed both your suggestions, including deleting my twrp folder, hiding AZ MID in magisk, renaming magisk, freezing magisk manager with Airfrozen, and deleting TiBackup. Nothing helped so far, getting the same exact behavior as before - click on the icon, and nothing happens. Click again and get the android popup.
Would you mind sharing what modules you're running in Magisk? Maybe one of mine is causing the issue...
Click to expand...
Click to collapse
I use Universal SafetyNet Fix (2.1.0), Riru, Riru Enhanced mode for Magisk Hide, MagiskHide Props Config, CloudflareDNS4Magisk, Universal GMS Doze and Systemless Hosts.
@desertcat Thank you so much. I was able to get that app working. I had to add the modules Universal SafetyNet Fix and Riru Enhanced mode for Magisk Hide. I also disabled busybox (although I don't know if this made a difference.
Funny that I had no problems with any other app that I used, and was able to pass safetynet with just MagiskHide Props Config and hide.
mx597turbo said:
@desertcat Thank you so much. I was able to get that app working. I had to add the modules Universal SafetyNet Fix and Riru Enhanced mode for Magisk Hide. I also disabled busybox (although I don't know if this made a difference.
Funny that I had no problems with any other app that I used, and was able to pass safetynet with just MagiskHide Props Config and hide.
Click to expand...
Click to collapse
Good to see that you were able to successfully get the app to work.
Without Universal SafetyNet Fix and Riru I wasn't reliably passing SafetyNet. Riru Enhanced mode for Magisk Hide helped with one app that kept giving annoying messages about my phone being rooted.
The only app that I've used that required BusyBox was Titanium Backup. I uninstalled Titanium Backup since it doesn't work on Android 11 and thus BusyBox also was uninstalled.
I got the app to work, but I can't get the link to register with the app to continue. The link sent to my phone just says bad link when opening in browser
A banking app I've been using for years has always worked after putting it on the Deny List. I updated it recently and it now won't work with Magisk installed regardless of what I do.
As soon as I patch the boot image with Magisk it complains that the device is rooted and locks me out. That's without even installing the Magisk app, also without Zygisk etc.
I can pass SafetyNet and Play Protect certification with Universal Safety Net Fix and Magisk Hide Props Config modules. However that doesn't make the banking app work.
So far I've also tried:
* Magisk Delta, Zygisk off, with sulist on whitelist mode (also tried Delta's Magisk Hide)
* Shamiko
* Hide My Applist (various configs)
* Disabling root from Magisk app
* Renaming the Magisk app
* Downgrading the banking app (it no longer detects root but locks me out until I upgrade)
* Cloning the banking app to Work Profile with Shelter (this is the only thing that gets rid of the message about being rooted. But then it bizarrely claims it can't connect to the server to login!?)
I'm now at a loss as to what else to try. Any ideas please?
What's the banking app name?
Also install Ruru and see what might be the problem. Make the same steps you use to hide your banking apps. Also clear data of Ruru before each test.
Releases · byxiaorun/Ruru
An android sample app of detecting suspicious apps like magisk manager - byxiaorun/Ruru
github.com
makeyourself said:
A banking app I've been using for years has always worked after putting it on the Deny List. I updated it recently and it now won't work with Magisk installed regardless of what I do.
As soon as I patch the boot image with Magisk it complains that the device is rooted and locks me out. That's without even installing the Magisk app, also without Zygisk etc.
I can pass SafetyNet and Play Protect certification with Universal Safety Net Fix and Magisk Hide Props Config modules. However that doesn't make the banking app work.
So far I've also tried:
* Magisk Delta, Zygisk off, with sulist on whitelist mode (also tried Delta's Magisk Hide)
* Shamiko
* Hide My Applist (various configs)
* Disabling root from Magisk app
* Renaming the Magisk app
* Downgrading the banking app (it no longer detects root but locks me out until I upgrade)
* Cloning the banking app to Work Profile with Shelter (this is the only thing that gets rid of the message about being rooted. But then it bizarrely claims it can't connect to the server to login!?)
I'm now at a loss as to what else to try. Any ideas please?
Click to expand...
Click to collapse
I have found some banking apps are calling an external site and somehow they are detecting reporting back root. I had an issue with Halifax and Starling before.
Starling for me tripped over the last few days, and I used pcap droid to trace what hosts it was calling during app start up.
I found that when i blocked the following address:-
firebaseremoteconfig.googleapis.com
it all worked OK.
Try it if you use Adaway or a DNS provider and add this to your blacklist
spida_singh said:
I have found some banking apps are calling an external site and somehow they are detecting reportign back root. I had an issue with Haliafx and Starling before.
Starlign for me tripped over the last few days, and i used pcap droid to trace what hosts it was calling during app start up.
I found that when i blocked the following address:-
firebaseremoteconfig.googleapis.com
it all worked OK.
Try it if you use Adaway or a DNS provider and add this to your blacklist
Click to expand...
Click to collapse
I was wondering why Starling suddenly started failing - thanks!
Try hide root with some google apps on deny list. (u can search "html", "webview", "feedback" then enable hide them all apps which include these words.
giociampa said:
I was wondering why Starling suddenly started failing - thanks!
Click to expand...
Click to collapse
Ta
For ref - Process for Noobies is here;
MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0
Universal SafetyNet Fix Magisk module Magisk module to work around Google's SafetyNet attestation. This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS...
forum.xda-developers.com
Files and all
spida_singh said:
I have found some banking apps are calling an external site and somehow they are detecting reportign back root. I had an issue with Haliafx and Starling before.
Starlign for me tripped over the last few days, and i used pcap droid to trace what hosts it was calling during app start up.
I found that when i blocked the following address:-
firebaseremoteconfig.googleapis.com
it all worked OK.
Try it if you use Adaway or a DNS provider and add this to your blacklist
Click to expand...
Click to collapse
Thanks. Worked for me on my 6t using LOS20 and Starling
surajpai524 said:
What's the banking app name?
Click to expand...
Click to collapse
Starling
surajpai524 said:
Also install Ruru and see what might be the problem. Make the same steps you use to hide your banking apps. Also clear data of Ruru before each test.
Releases · byxiaorun/Ruru
An android sample app of detecting suspicious apps like magisk manager - byxiaorun/Ruru
github.com
Click to expand...
Click to collapse
If I rename/repackage the Magisk app and use Deny List then the only things Ruru detects is the Magisk app itself (even though it's renamed) and TWRP. TWRP doesn't seem to be the problem because the banking app doesn't seem to care if I've got that installed so long as Magisk isn't installed to ramdisk. And the banking app is clearly detecting something other than just the Magisk app because it trips after flashing Magisk from recovery, even if the Magisk app isn't installed.
I think @spida_singh may have a solution though!
spida_singh said:
I have found some banking apps are calling an external site and somehow they are detecting reporting back root. I had an issue with Halifax and Starling before.
Starling for me tripped over the last few days, and I used pcap droid to trace what hosts it was calling during app start up.
I found that when i blocked the following address:-
firebaseremoteconfig.googleapis.com
it all worked OK.
Try it if you use Adaway or a DNS provider and add this to your blacklist
Click to expand...
Click to collapse
Thanks very much, yes it's Starling I'm having the problem with! Have not tried your solution yet but will do when I have time. Edit: Just tried and it works !!
I did have a look at the DNS requests from the Starling app and I think I may have even noticed the domain name you mention. But wouldn't have guessed it was that causing it! I'd be interested to know how that works... Are Google apps (I have minimal amount installed) spying on my applist and reporting it to my bank!? Kind of creepy! Also quite weird seeing as Google Pay/Wallet doesn't complain!
makeyourself said:
Thanks very much, yes it's Starling I'm having the problem with! Have not tried your solution yet but will do when I have time.
I did have a look at the DNS requests from the Starling app and I think I may have even noticed the domain name you mention. But wouldn't have guessed it was that causing it! I'd be interested to know how that works... Are Google apps (I have minimal amount installed) spying on my applist and reporting it to my bank!? Kind of creepy! Also quite weird seeing as Google Pay/Wallet doesn't complain!
Click to expand...
Click to collapse
Starling will manage the API in how it works for their app, only they will know, i honesltly have no idea, i know Halifax have done this in the past, and now Starling, and simply blocking it allows the app to work, but, as you, im intrigued to know what the app is 'reading' and sending back to report the device is rooted.
PCAP droid can check the payload and dump it to see what was happening with that request, and whats being sent back.
spida_singh said:
Starling will manage the API in how it works for their app, only they will know, i honesltly have no idea, i know Halifax have done this in the past, and now Starling, and simply blocking it allows the app to work, but, as you, im intrigued to know what the app is 'reading' and sending back to report the device is rooted.
PCAP droid can check the payload and dump it to see what was happening with that request, and whats being sent back.
Click to expand...
Click to collapse
Id like to know too - But use my file from post #7 and it should work
I think I spoke to soon. It's still showing up for me when I quit the Starling app.
I tried Starling app and at first it detected root but once I added to Deny list in Magisk. It didn't detect and went to login page.
My root detection bypass configs:-
Magisk (Not hidden/ Name unchanged / Not Frozen)
Magisk Deny List
Shamiko 0.7
Hide My AppList (LSPosed Module)
Universal SafetyNet Fix mod by Displex
I don't know other behaviour like after login and stuff, since I don't have an account.
Ruru screenshot: even with xposed modules and Magisk app not hidden
Prof. Yaffle said:
I think I spoke to soon. It's still showing up for me when I quit the Starling app.
Click to expand...
Click to collapse
Do you have the the domain mentioned above blacklisted in Adaway and the app on Magisk Deny List with Deny List enforcing? All working fine here now.
I also have USNF (kdrag0n) and Magisk Hide Props Config installed. Magisk 26.1
Also you have to clear the app's data before that message will go away.
Yes, I've tried it added manually and also with the file. Same result both ways. I have the Magisk app hidden, Starling in the Deny list but Enforce disabled as I'm using Shamiko.
Edit
I've just cleared the Starling app data and it seems okay at the moment
FYI - Latest May update for Pixel and Starling latest update now break the method in this thread - Searching for workaround
fkofilee said:
FYI - Latest May update for Pixel and Starling latest update now break the method in this thread - Searching for workaround
Click to expand...
Click to collapse
I'm running the latest starling absolutely fine on my Pixel 6. Same set-up (latest linesgeos nightly)
Magisk Delta
USNF by displax
PCAP block list still contains this host
What is your setup?
Official Magisk, UNSF from Displax, Fingerprint Props.
Adaway still contains the host file I made.
My OnePlus 6t on the latest Lineageos 20 nightly seems fine with Shamiko, USNF Mod and the blocked host in Adaway