Safetynet fail - Magisk

Hello,
today my phone suddenly wrote to me that it is no longer possible to use google pay.
Phone Pixel 5. Stock firmware.
Google pay reports that the device is certified.
I use magical canary 23001. I have the safetynet fix module installed.
Google pay does not work. And magisk reports an error when verifying the safetynet.
Any help please?

Just to say that the same occurred to me on a Oneplus 8 pro: Google Pay says the phone is not safe and Safetynet fails with basicintegrity (-), ctsProfile (-) and evaltype = basic. The cause seems to have been a Google Pay update two days ago (or, more probably, Google Play Services or the like, since I had disabled Google Pay updates). I have universal safetynet fix and magiskhide props config installed. If anyone could help, I'd appreciate. Let me know if I have to post more information. Thanks

UPDATE - A guy on Reddit says he fixed it by uninstalling EdXposed. Actually, I had that module and removed it and now I seem to pass the safetynet test, although Google Pay still has some issues (I will try cleaning data and cache, and possibly do the same to Google Play Services, I am also trying to put Google Services Framework under Magiskhide...). He says LSPosed (instead of EdXposed) should be fine, which it apparently is.

andrearesti said:
UPDATE - A guy on Reddit says he fixed it by uninstalling EdXposed. Actually, I had that module and removed it and now I seem to pass the safetynet test, although Google Pay still has some issues (I will try cleaning data and cache, and possibly do the same to Google Play Services, I am also trying to put Google Services Framework under Magiskhide...). He says LSPosed (instead of EdXposed) should be fine, which it apparently is.
Click to expand...
Click to collapse
Thanks for this update. Was having the same issue on my OP6T. I had already eyed at switching to a different Xposed clone since this keeps occuring every few weeks. Maybe now is a good time as ever.

Great. Thanks you so much.

Related

What is going to happen with Root and Google Playstore?

So now Netflix is out of Google Playstore, any clue how magisk going to work around this issue?
Thanks!
Most users can get Netflix, and other apps that use the same check, back by making sure SafetyNet passes (Magisk Hide), clearing data for the Play store and open it up again. A reboot is usually necessary before the apps show up and sometimes it takes a while. A few users have reported that it doesn't work, but I can consistently replicate this on a Nexus 6, Nexus 6P and a OnePlus 3T on different ROMs.
You can check in the Play store settings, at the bottom, if your device is certified or not. SafetyNet pass = certified.
Got Netflix working on the latest version with root using magisk... No problem there
Using Nexus 6p
Sent from my Nexus 6P using Tapatalk
Even if you are not able to get it through the Play Store, there are other ways to get the latest version of an app, like apkmirror. This check doesnt prevent the installation or usage of those Apps, it just hides them on the Play Store.
nemexs said:
So now Netflix is out of Google Playstore, any clue how magisk going to work around this issue?
Thanks!
Click to expand...
Click to collapse
As long as the SafetyNet checks are okay, the store and most apps don't know about root.
The one exception to this and I can't figure it out is an application called [email protected] by Mobile Iron.
Not matter what I do, it can see the compromised status of the phone.
Also Android Wear on my watch can detect the status so Android pay on my watch won't work, not matter what I do.
Yes, I've tried Magisk Hide on just about everything.
Didgeridoohan said:
Most users can get Netflix, and other apps that use the same check, back by making sure SafetyNet passes (Magisk Hide), clearing data for the Play store and open it up again. A reboot is usually necessary before the apps show up and sometimes it takes a while. A few users have reported that it doesn't work, but I can consistently replicate this on a Nexus 6, Nexus 6P and a OnePlus 3T on different ROMs.
You can check in the Play store settings, at the bottom, if your device is certified or not. SafetyNet pass = certified.
Click to expand...
Click to collapse
Interesting. I never noticed that before. However I just checked and my Play Store settings says Uncertified. SafetyNet passes both basic integrity and cts profile match. Netflix appears and downloads via Play Store for me. I even cleared data on the Play Store and rebooted as suggested. Still uncertified, weird.
RoyJ said:
Interesting. I never noticed that before. However I just checked and my Play Store settings says Uncertified. SafetyNet passes both basic integrity and cts profile match. Netflix appears and downloads via Play Store for me. I even cleared data on the Play Store and rebooted as suggested. Still uncertified, weird.
Click to expand...
Click to collapse
Interesting. Since your device can pass SafetyNet I'd expect Netflix (etc) to appear in the Play store, but from reports (and testing) you should first have to make it show as certified. Again: interesting...
About not being able to get "certified": Do you have multiuser active? If so I believe you'll have to clear Play store data for all users before it can show as certified.
Didgeridoohan said:
Interesting. Since your device can pass SafetyNet I'd expect Netflix (etc) to appear in the Play store, but from reports (and testing) you should first have to make it show as certified. Again: interesting...
About not being able to get "certified": Do you have multiuser active? If so I believe you'll have to clear Play store data for all users before it can show as certified.
Click to expand...
Click to collapse
Nope, just me. Can you get your play store to switch being certified or not by enabling and disabling hide? I'm wondering if I was on a ROM or something that was uncertified and it just permanently tagged my device as such?
RoyJ said:
Nope, just me. Can you get your play store to switch being certified or not by enabling and disabling hide? I'm wondering if I was on a ROM or something that was uncertified and it just permanently tagged my device as such?
Click to expand...
Click to collapse
Yes. I can 100% replicate getting my devices to certified or uncertified status by enabling or disabling Magisk Hide (passing or failing SafetyNet).
RoyJ said:
I'm wondering if I was on a ROM or something that was uncertified and it just permanently tagged my device as such?
Click to expand...
Click to collapse
You don't get permanently tagged. My device says uncertified until I enable Magisk hide, clear play store data and reboot. What device do you have and are you using a custom kernel?
Still no go for me. SELinux is set to enforcing, USB debugging disabled, play store certified, passed safetynet, used magisk hide on every apk that had the word "Google" on it, I have rebooted, waited, clear play store data (still certified), waited some more, rebooted again, waited some more... Idk what else to do.
Idc about Nexflix. I am however concerned that other apps will use the same detection method.
It working on mine. I can download and use Netflix.
Pure Nexus.
Franco Kernel.
Magisk 12.
Passes SafetyNet and is Google Playstore Certified.
Edit:
Just clean flashed SAOSP with Franco and Magisk 12.
Still passing SafetyNet but Google Playstore now reports Uncertified. BUT! I still can see, download and use Netflix.
Checking the play store in the magisk hide list worked for me.
mkhcb said:
Still no go for me. SELinux is set to enforcing, USB debugging disabled, play store certified, passed safetynet, used magisk hide on every apk that had the word "Google" on it, I have rebooted, waited, clear play store data (still certified), waited some more, rebooted again, waited some more... Idk what else to do.
Idc about Nexflix. I am however concerned that other apps will use the same detection method.
Click to expand...
Click to collapse
I'm also having this issue on my OnePlus One running unofficial Lineage build. Device shows certified, safetynet passes, magisk hide etc..... still wont show up.
however, for my Nexus 7 tablet running the official lineage build configured the same way, it shows up..
JRJ442 said:
You don't get permanently tagged. My device says uncertified until I enable Magisk hide, clear play store data and reboot. What device do you have and are you using a custom kernel?
Click to expand...
Click to collapse
I have the same situation with my Droid Turbo, I am on latest ROM for my device, MM 6.01 with a kernel to hide unlocked boot. I am on Magisk V12, Safetynet passes, I can see Netflix in playstore, I can also use Android Pay it is functional. Yet Google Playstore says uncertified.
Edit: I cleared playstore cash, rebooted, same result. I added playstore to hidden programs, rebooted same result.
i am on ROM Tesla with Arsenix Kernel on my Oneplus X and passing safety net with Magisk 13 (BETA) and also getting verified in play store can download Netflix but if i start it it says uncompatible with your device. Any suggestions ? should i try Magsik 12 ?
I am also experiencing this.
My OnePlus One running Sultan's unofficial lineageOS with magisk v13 passes safetynet, it also shows certified in google play, android pay works, etc.... but no netflix in gogole play....
My Nexus 7, rooted with magisk v13, it does show up.
My OnePlus 5, official OOS with magisk v13 passes safetynet, it also shows certified in google play, android pay, etc..... it DID have netflix, HOWEVER.... I played around a bit with different magisk versions and the latest magisk beta was not passing safetynet.... I wiped my phone and went back to using my previous setup but now no mater what I do, I can't get netflix to show back up.
I'm going to agree with others saying that their device gets flagged, because I believe this is what I am also experiencing with my OP5
EDIT: I cleared play store cache/data (which I have already been doing) and then restarted the phone before going back into the play store, that seemed to fix it for my OP5
I used to find netflix with magisk hide now it dont show anymore even through my safatynet is bypassed and phone is showing certified on playstore ...... Cleaned everything and restarted my phone múltiple times yet no netflix... Anyboby got a fix?
lexie90 said:
I used to find netflix with magisk hide now it dont show anymore even through my safatynet is bypassed and phone is showing certified on playstore ...... Cleaned everything and restarted my phone múltiple times yet no netflix... Anyboby got a fix?
Click to expand...
Click to collapse
There is always apkpure. An alternative to playstore with updates. That's how I got netflix back after my last clean flash since I forgot to back it up
NOt really a problem but Magisk Hide is on and SafetyNet check is a pass, but my play store shows uncertified.
I can still download Netflix and use it like normal.
EDIT; Clearing Play Store data seemed to fix it

Magisk, Google play and banking app

Hello,
my Oneplus 7+ is running stock Android 11. Magisk has been installed and since a month ago everything was working fine (even DKB TAN2go and other banking apps). Last month an update for Comdirects Photo TAN was released and it stopped working. Luckily I was not the only one to encounter it and the description from @ralphabt here solved the issue for me.
Since this morning Google Pay stopped working (of couse I only noticed when I tried to pay and had my wallet nearby). SafetyNet fails (basic and cts). If I disabled the modules that I installed for the PhotoTan fix, SafetyNet is working again.
I found the MagiskHide Props Config, which I don't have a problem installing and testing, but I was wondering if there anything else I can try before fixing an issues that is caused by a solution for another issue.
Thanks a lot!
If SafetyNet now triggers from the Riru/EdXposed stuff you'll likely have to wait for an update to those modules (or try the latest beta/alpha/canary releases). Or try LSPosed instead (seems like more people have success with that). It's a cat and mouse game...
Im still waiting for anyone to give me a valid reason to use Xposed of any sort....
I pulled it out recently after jettisoning Xposed back in Marshmallow days, and was completely unsurprised that in my attempts to avoid root detection when i was having bank app issues it just broke things harder
Your biggest issue is getting SafetyNet pass...
Getting Google Pay and banking apps is another level...
My current setup for working bank apps (my bank at least) and working Samsung Pay & Google Pay is, should you wish to have a crack:
Magisk Alpha - here (second most recent at time of posting) or here for latest:
Riru - here
Riru-Momohider - my own mod of that module attached to my post here (where i just added creation of the 4 optional config options to the installations script, to avoid manual jiggery pokery, touching 4 files in a terminal every ROM flash didnt seem like a fun thing after the 3 ROMS i tested that week i started using Riru-Momohider)
Im talking those are the only modules i use. Even a simple font replacement module will give up a system modification to most root detection apps. So no fonts, no emojis swapping, no fiddly shizz. Keep it simple.
You can get an idea of what may be setting things off via Magisk Detector here, or VD Infos here (apologies to Didge, as mentioning that may be a trigger )
And i now get to tell you that this only currently works on 2 ROM's for my device, all the others cough up the existence of root through modifications made by devs to build.prop etc
So even in the best circumstances, and with all the right magisk and riru modules, the ROM youre using can still betray you.
Isnt that fun?
Worth pointing out (so frequently am i pointing this out these days im thinking of removing the link to my GPay Magisk Module from my sig) that for like 6 months now its been unnecessary for a lot of people to
a) Use the Google Pay db fix originally sussed out by @BostonDan, or my Magisk Module that does the same thing
and
b) Enable MagiskHide for Google Pay...
Actually getting SafetyNet is rather easy - if I remove EdXposed and XPrivacyLua it is working again and Google Pay as well. I only installed (my only reason) it, as it was required to get that banking app running.
I am using different banking apps and it the past the one from german DKB was rather difficult, but with newest Magisk (23) and Magisk Hide it is working.

Did something change wrt G Play-services that breaks Zygisk Denylist?

I am using Google Pixel 6 Pro and my Google Pay stopped working and my Magisk installation was removed, I have no idea what triggered this. After re-installing the canary version of Magisk I noticed the following when configuring my Denylist:
- Google Play-services is now only listed under "Show OS apps". I might be mistaken but before it was under "Show systemapps"?
- Google Play-services is no longer selected after a powercycle
Although safetynet test apps PASS, it is clearly NOT working:
- Can no longer find Netflix app in Google Play store (good indicator certification is not in order)
- Google Pay complains about root detection after adding my card
Appreciate any advise/tips/suggestions
Magisk disappearing is interesting and I don't know what happened there.
No need to add Play services or other system processes to DenyList. Only deny Play Store, Gpay etc. If you deny Play services it'll end up unticked after a reboot which is normal. After a new Magisk installation including safetynet-fix and Props Config modules, clear Play Store cache and storage in Settings/Apps (I do this for Play services too although it may not be necessary). After some brief wait time your Pixel should show as certified in Play Store settings in addition to passing Safetynet.
Everything is working now, I also re-installed the modules. I might have indeed denied to many services, thank you for clarifying only App Store itself and banking apps is sufficiënt! If I lose root again suddenly I will attach ADB logfiles.
straumli said:
I am using Google Pixel 6 Pro and my Google Pay stopped working and my Magisk installation was removed, I have no idea what triggered this. After re-installing the canary version of Magisk I noticed the following when configuring my Denylist:
- Google Play-services is now only listed under "Show OS apps". I might be mistaken but before it was under "Show systemapps"?
- Google Play-services is no longer selected after a powercycle
Although safetynet test apps PASS, it is clearly NOT working:
- Can no longer find Netflix app in Google Play store (good indicator certification is not in order)
- Google Pay complains about root detection after adding my card
Appreciate any advise/tips/suggestions
Click to expand...
Click to collapse
If you have safetynetbfix flashed this is normal as it does it for you and unselects it. If you don't have saftey net fix flashed you can select it and it will stick

Google Wallet rolled out - device now not secure enough!

S21FE here, A12 rooted with Magisk 24.3 for several months. USNF and device is certified in Google Play Store, fully passing YASNAC.
Banking apps and Gpay on the deny list and all worked fine.
Today I get a notification from Google that my device is no longer secure enough for contactless pay. Figured it was because I'd been messing around with screen2auto in the car and rebooting a few times. Checked all other security sensitive apps and they all still worked fine.
Did the usual clearing of cache and data for Pay, Play Store and Play Services and ended up stuck on a screen saying that Google Pay was being updated and couldn't be used.
When I went to uninstall and reinstall, I realised it had been replaced with Google Wallet. Installed it. Added it to deny list, rebooted for good measure before opening but no dice.
Google wallet detects root despite passing SafetyNet and Device Cert.
At least now I'm fairly sure it's due to rollout rather than something dumb I've done, but is anyone else getting this now?
I updated Magisk and manager (which is hidden btw) after first unsuccessful try, then went through clearing caches, data and uninstalling and reinstalling then rebooting again but still no luck.
Yes it's being discussed in the 2 main Google Pay threads already here.
BootloopedMillennials said:
Yes it's being discussed in the 2 main Google Pay threads already here.
Click to expand...
Click to collapse
Yeah I realised shortly after posting! Thanks for replying though.

Question Is it possible to get Google Pay working at the moment while rooted?

I am able to get my phone to pass safety net (checking with YASNAC) but Google Pay still won't let me add my card so something is missing here. Is YASNAC no longer sufficient to check if you're actually able to pass safety net anymore? I used Google Pay for everything before rooting so it's kind of sucking not being able to use it. I have magisk hidden along with everything pertaining to Google along with the safety net modules that allow me to pass YASNAC
yes get magisk module UNIVERSALSAFETYNEXT FIX
Right. Zygisk enabled, Google Play Store + Google Wallet on DenyList and Module "Universal SafetyNet Fix" by kdrag0n
RealZac said:
Right. Zygisk enabled, Google Play Store + Google Wallet on DenyList and Module "Universal SafetyNet Fix" by kdrag0n
Click to expand...
Click to collapse
This is exactly what I did and I passed safety net but it still told me I couldn't add my card with the typical message, also for some reason my fingerprint scanner stops working with l universal safety net fix module on top of not working with Google pay and that's my only module besides systemless hosts
Cengiz67 said:
yes get magisk module UNIVERSALSAFETYNEXT FIX
Click to expand...
Click to collapse
That's exactly what I was doing, I don't know what happened but turning the module back on and trying again worked but it broke my fingerprint reader. Luckily I found this fix and it worked just fine
https://forum.xda-developers.com/attachments/safetynet-fix-v2-3-1-test-zip.5735587/
jld2k6 said:
This is exactly what I did and I passed safety net but it still told me I couldn't add my card with the typical message, also for some reason my fingerprint scanner stops working with l universal safety net fix module on top of not working with Google pay and that's my only module besides systemless hosts
Click to expand...
Click to collapse
I found this safetynet module that fixes the fingerprint scanner! For some reason after multiple attempts of doing the same thing I got Google Pay working and this fixed my fingerprint scanner while still keeping safetytnet working
https://forum.xda-developers.com/attachments/safetynet-fix-v2-3-1-test-zip.5735587/

Categories

Resources