Related
What is SafetyNet?
"SafetyNet provides a set of services and APIs that help protect your app against security threats, including device tampering, bad URLs, potentially harmful apps, and fake users." -Android Developers
Like stated above, SafetyNet is a set of APIs embedded in Google Play Services to see whether a device has been tampered with from its factory state (e.g. a custom ROM is installed). Developers can use this API to block smartphones in which SafetyNet fails to pass.
How will this affect me and my usage of the device?
Several apps use this API to block users with custom ROMs, such as Google Pay, Netflix, and others, especially banking apps. If you don't use any of these, then failing SafetyNet probably won't matter to you. But if you do use some of these apps, you'll find that they often refuse to run.
How to pass SafetyNet:
You will need Magisk and Magisk Manager: https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445
You will need this ZIP:
https://forum.xda-developers.com/apps/magisk/universal-safetynet-fix-magisk-17-t3840680
After you have downloaded both of these, go ahead and flash Magisk through TWRP. After installation is complete, Go to the Modules section in Magisk Manager and press the + button and select the SafetyNet spoofer ZIP. After it's done, reboot your phone. Then go to Settings in Magisk Manager and turn Magisk Hide off and then on again. Go to the Magisk Hide section and select the following apps to hide Magisk from:
Google
Google Services Framework
Google Play Store
(and other apps requiring SafetyNet to pass)
Then go to Play Store>Settings and see if it says your Device is certified. If not, clear Play Store data and try again.
Done! Now you will have passed SafetyNet!
JarlPenguin said:
What is SafetyNet?
"SafetyNet provides a set of services and APIs that help protect your app against security threats, including device tampering, bad URLs, potentially harmful apps, and fake users." -Android Developers
Like stated above, SafetyNet is a set of APIs embedded in Google Play Services to see whether a device has been tampered with from its factory state (e.g. a custom ROM is installed). Developers can use this API to block smartphones in which SafetyNet fails to pass.
How will this affect me and my usage of the device?
Several apps use this API to block users with custom ROMs, such as Google Pay, Netflix, and others, especially banking apps. If you don't use any of these, then failing SafetyNet probably won't matter to you. But if you do use some of these apps, you'll find that they often refuse to run.
How to pass SafetyNet:
You will need Magisk and Magisk Manager: https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445
You will need this ZIP:
https://forum.xda-developers.com/apps/magisk/universal-safetynet-fix-magisk-17-t3840680
After you have downloaded both of these, go ahead and flash Magisk through TWRP. After installation is complete, Go to the Modules section in Magisk Manager and press the + button and select the SafetyNet spoofer ZIP. After it's done, reboot your phone. Then go to Settings in Magisk Manager and turn Magisk Hide off and then on again. Go to the Magisk Hide section and select the following apps to hide Magisk from:
Google
Google Services Framework
Google Play Store
(and other apps requiring SafetyNet to pass)
Then go to Play Store>Settings and see if it says your Device is certified. If not, clear Play Store data and try again.
Done! Now you will have passed SafetyNet!
Click to expand...
Click to collapse
I am on Lineage 15.1 based on 8.1, I followed every step you have mentioned but it shows ctsProfile : False and basicintegrity : true
This app (https://play.google.com/store/apps/details?id=com.TMBTOUCH.PRODUCTION&hl=en) has found a way to detect magisk WITH magisk hide hide and package rename.
I don't really know how, I've just updated the app, then BOOM.
I've recheck everything, reinstall, even remove magisk doesn't help.
PS. all with latest magisk 20.3.
Well, Magisk can hide from it just fine (I just tested and had no issues). Which means it's likely something else about your device that's triggering the app.
First make sure that MagiskHide is working properly (test SafetyNet), and if it doesn't try toggling MagiskHide off and on again. More tips here:
https://didgeridoohan.com/magisk/MagiskHide#hn_Hiding_root_from_apps
No it's not.
I did hide it, also change repack name.
Attached screenshot.
As my test shows, Magisk is perfectly capable of hiding from the app. But, as I said, there's likely something about your setup/device that is triggering it.
Have you tested if MagiskHide works? Have you checked for tips in the link I posted?
Yes Magisk hide works with all other of my bank apps, 5 of them, so far.
Actually, Magisk hide worked with this app since 3 years ago, when I've started using Magisk. But a couple days ago, the app was updated, and boom!!! So, I think they find a way to bypass the hide.
Unless your device is outdated and can't utilise the full potential of Magisk's capabilities (full app obfuscation isn't available on Android versions less than 9, for example, but that info is already covered in the linked guide), the app is not circumventing MagiskHide.
There are many other ways of detecting "root" that has nothing directly to do with Magisk (again, see the linked guide).
Maybe magisk is works fine but this application has some problem in inside. "this device does not to meet the minimum security requirements for this app" it's mean security patch is older than this app require as i think, or maybe this app is broken.
UPDATE!NO MORE COMPLICATED SCRIPTS, JUST USE MAGISK 24.1 WITH DENY LIST!
1. Enable Zygisk, add the apps to the deny list
2. Hide Magisk App
3. Install SafetyNet Fix by kdrag0n (Might still need Magisk Hide Props if your device is a little older)
Working on: Poco X3 Pro + Lineage 18.1 (Android 11)
Aurora Store | F-Droid - Free and Open Source Android App Repository
A Google Playstore Client
f-droid.org
^Use aurora store to get the older version of Singapass that's likely to work, I'm using build 100.
V-Key Pte Ltd is basically a IT security technology based in Singapore I suppose.
Some softwares in Singapore, i.e. OCBC Banking, SingPass and maybe some other SEA banking softwares have v-key components which detects magisk.
This is a guide on how to use such softwares with Magisk, because I firmly believe that I get to choose what features I wish to have for my phone, and it is not fair for these banking companies to deny their services just because my device is rooted, I mean, if my banking stuff gets compromised because my phone is rooted and exploited, I'm willing to take the risk.
This guide aims to help mostly Singaporean users or anyone using such softwares with v-key components.
To make things work, the following things must be done:
1. Make sure Magisk manager is hidden
2. Make sure device fingerprint is certified by google (Check out the MagiskHide Props Config module) Please contribute fingerprints to this module for the benefit of everyone, checkout the GitHub page for more details.
3. Add the apps to Magisk Hide list.
4. Use package manager (pm) to disable the following v-key components in terminal (Using POSB Banking App as an example:
pm disable com.dbs.sg.posbmbanking/vkey.android.vos.MgService
pm disable com.dbs.sg.posbmbanking/com.vkey.android.support.permission.VGuardPermissionActivity
pm disable com.dbs.sg.posbmbanking/com.vkey.android.vguard.VGDialogActivity
pm disable com.dbs.sg.posbmbanking/com.vkey.android.internal.vguard.cache.ProcessHttpRequestIntentService
*Some apps may not have one or two v-key components listed above (i.e. SingPass), so getting an error on one or two components being not found should not be a big issue. If things works out you should see out puts on new states being disabled
*Attached a script that deals with OCBC, POSB and SingPass, if you have some weird errors make sure the encoding or format (Not sure of the jargon for it) is Unix or sth and not Windows
Credits:
Reddit User u/Inscythe for giving me a vague idea on the existence of v-key components
Muntashir Akon for his App Manager, allowed me to search for v-key components of apps(tried the disabling features of this app but didn't work, hence the script with pm command)
@Didgeridoohan for MagiskHide Props Config
@vurtomatic for giving me the idea of creating a guide on this.
Hi @Xanth0k1d , thanks for the guide.
I have a rooted LOS 18.1 (OnePlus 3), with magisk 22.1, magisk hide on and magisk manager hidden. All my bank apps work correctly excepts K-PLUS app, the retail bank app from Kasikorn Bank in Thailand.
I can see in the logs of magisk that some vkey components are linked to the app. I followed you guide and was able to disable 2/4 components you listed (2 didn't exist).
Unfortunately this didn't fix the issue.
Do you know how I can search in my phone if other vkey components exist that I might need to disable?
Thanks
Hey @Xanth0k1d, does this still work for you? I noticed that VGuard services are visible with App Manager for DBS but not Government apps. I could disable those services via ADB Root without the use of Magisk just fine.
Seems like GovTech has caught up to this trick :/
erOzeOz said:
Hi @Xanth0k1d , thanks for the guide.
I have a rooted LOS 18.1 (OnePlus 3), with magisk 22.1, magisk hide on and magisk manager hidden. All my bank apps work correctly excepts K-PLUS app, the retail bank app from Kasikorn Bank in Thailand.
I can see in the logs of magisk that some vkey components are linked to the app. I followed you guide and was able to disable 2/4 components you listed (2 didn't exist).
Unfortunately this didn't fix the issue.
Do you know how I can search in my phone if other vkey components exist that I might need to disable?
Thanks
Click to expand...
Click to collapse
Disabling the existing vkey components should be enough.
Did you spoof the device signature with the magisk hideprops module?
KrishvY said:
Hey @Xanth0k1d, does this still work for you? I noticed that VGuard services are visible with App Manager for DBS but not Government apps. I could disable those services via ADB Root without the use of Magisk just fine.
Seems like GovTech has caught up to this trick :/
Click to expand...
Click to collapse
All my apps are working fine, could you please be clear of your problem? i.e. what's working, what's not etc
Xanth0k1d said:
All my apps are working fine, could you please be clear of your problem? i.e. what's working, what's not etc
Click to expand...
Click to collapse
I'm using a OP6, LineageOS 17.1, latest nightly build. I can't use SingPass and Standard Chartered but I can use DBS just fine. I did not root my phone and I don't have Magisk installed either.
I just can't find V-key components in SingPass with App Manager.
KrishvY said:
I'm using a OP6, LineageOS 17.1, latest nightly build. I can't use SingPass and Standard Chartered but I can use DBS just fine. I did not root my phone and I don't have Magisk installed either.
I just can't find V-key components in SingPass with App Manager.
Click to expand...
Click to collapse
The App Mananger by Muntashir Akon?
I think I need to explain this properly, SIngapass and some apps may not work in the following situations:
You installed a custom rom without a Google approved device ID
You rooted your phone
You have Magisk
etc
For your case, Singpass does not work because you installed Lineage - a custom rom, which should not have a Google approved device prop by default. It doesn't matter if you are rooted or you have install Magisk at this point.
My suggestion to you is to install Magisk and follow my guide-hide magisk and spoof you device fingerprint so it looks like you are running a stock rom.
hi @Xanth0k1d. Have been using your method to hide singpass in the past. But the app just recently was able to detect root. As someone mentioned above, the updated app has no v-key components listed in the service. Any idea how to circumvent the situation and what services to disable?
Holy ****, I just saw the update.
Probably some dude saw this post...
I have yet updated so I can't test, if anyone's finding any solutions to this pls update as well.
Xanth0k1d said:
V-Key Pte Ltd is basically a IT security technology based in Singapore I suppose.
Some softwares in Singapore, i.e. OCBC Banking, SingPass and maybe some other SEA banking softwares have v-key components which detects magisk.
This is a guide on how to use such softwares with Magisk, because I firmly believe that I get to choose what features I wish to have for my phone, and it is not fair for these banking companies to deny their services just because my device is rooted, I mean, if my banking stuff gets compromised because my phone is rooted and exploited, I'm willing to take the risk.
This guide aims to help mostly Singaporean users or anyone using such softwares with v-key components.
To make things work, the following things must be done:
1. Make sure Magisk manager is hidden
2. Make sure device fingerprint is certified by google (Check out the MagiskHide Props Config module) Please contribute fingerprints to this module for the benefit of everyone, checkout the GitHub page for more details.
3. Add the apps to Magisk Hide list.
4. Use package manager (pm) to disable the following v-key components in terminal (Using POSB Banking App as an example:
pm disable com.dbs.sg.posbmbanking/vkey.android.vos.MgService
pm disable com.dbs.sg.posbmbanking/com.vkey.android.support.permission.VGuardPermissionActivity
pm disable com.dbs.sg.posbmbanking/com.vkey.android.vguard.VGDialogActivity
pm disable com.dbs.sg.posbmbanking/com.vkey.android.internal.vguard.cache.ProcessHttpRequestIntentService
*Some apps may not have one or two v-key components listed above (i.e. SingPass), so getting an error on one or two components being not found should not be a big issue. If things works out you should see out puts on new states being disabled
*Attached a script that deals with OCBC, POSB and SingPass, if you have some weird errors make sure the encoding or format (Not sure of the jargon for it) is Unix or sth and not Windows
Credits:
Reddit User u/Inscythe for giving me a vague idea on the existence of v-key components
Muntashir Akon for his App Manager, allowed me to search for v-key components of apps(tried the disabling features of this app but didn't work, hence the script with pm command)
@Didgeridoohan for MagiskHide Props Config
@vurtomatic for giving me the idea of creating a guide on this.
Click to expand...
Click to collapse
heya, I'm the reddit user... I had updated the app, but so far has no luck finding where the detection is hiding now... I might just try turning off services one-by-one with servicely, but I'll keep you all updated if I get any success.
@Xanth0k1d since you haven't updated your singpass, can you check what are the available services and listeners currently your version is using? I want to compare the difference with the latest version.
I managed to get Singapore's GPay app to work by blocking this `com.google.android.gms.gmscompliance.ui.UncertifiedDeviceActivity`. Do your devices pass SafetyNet?
The recent Singpass update requires disabling o.InvalidRegistrarException for root detection to be circumvented.
stevenkyk said:
The recent Singpass update requires disabling o.InvalidRegistrarException for root detection to be circumvented.
Click to expand...
Click to collapse
Thanks! Can confirm that this works!
Singpass is a really weird app.
Recently google nuke the api so magisk stopped working, can't pass the safetynet. Magisk released a canary release that fix that.
Yet, singpass continue to stop working so I thought maybe I need do more? Then I coincidently force stop the app to run it again, it magically working again! That is after I reboot twice before that. So now I learn the rebooting and force stop do different things.
I didn't apply anything from this thread, it is really a weird app.
Lu5ck said:
Singpass is a really weird app.
Recently google nuke the api so magisk stopped working, can't pass the safetynet. Magisk released a canary release that fix that.
Yet, singpass continue to stop working so I thought maybe I need do more? Then I coincidently force stop the app to run it again, it magically working again! That is after I reboot twice before that. So now I learn the rebooting and force stop do different things.
I didn't apply anything from this thread, it is really a weird app.
Click to expand...
Click to collapse
The safetynet api did not get nuked, the api changed so code that use the old api won't work, even on the latest stable build safetynet will still pass when using another checker app. While I won't go into the technical details, singpass spawns a new isolated process to check for root, exploiting the fact that isolated processes are treated differently and is difficult for magisk to hide itself. So the solution is to disable the offending process and not let it spawn. There are several other requirements necessary for singpass to run, which are largely beyond the scope of discussion in this thread.
Any idea how to bypass Citibank sg root detection? I am able to use vkey method for posb and ocbc but Citibank doesn't have a vkey service
auggie246 said:
Any idea how to bypass Citibank sg root detection? I am able to use vkey method for posb and ocbc but Citibank doesn't have a vkey service
Click to expand...
Click to collapse
The trick here is to decompile the APK using apktool and inspect the Androidmanifest.xml manually. Search for "ISOLATED" and in the same line you should be able to find the name of the service to be disabled. Of course this assumes that citibank's app used a similar tactic as the other apps.
Edit: I tried the citibank sg app, magisk hide + rename package is sufficient for me to launch the app, don't have an account so I can't test any further.
stevenkyk said:
The recent Singpass update requires disabling o.InvalidRegistrarException for root detection to be circumvented.
Click to expand...
Click to collapse
I guess there's another update to Singpass that circumvent this circumvention as well lol
Apparently it's now using a service called o.ImmutableSetMultimap for checking root (confirmed by magiskhide entry) and it works for a few seconds after loading Singpass before failing again with different error message. I think it checks for both whether the service is active and found a root (gives error T0), or whether the service is running at all (gives error T-1). I think we need something else to block this.
Well, i don't have any particular issue regarding safetynet being failed. I am just curious if this combination is possible?
As i have noticed from various threads that the major purpose of safetynet pass is to get the device certified in play store.
Correct me if i am wrong.
Info:
Samsung A30; Android 10; Bliss Rom 12.10
Magisk 20.4
Riru 25.3.4
Edxposed 0.5.2.2.2
Magisk hide enabled in app [22.1] and working fine for apps [pubg mobile, in my case] that detects root.
No special module installed to pass safetynet like [Magiskhide props config/ HiddenCore module/ safetynet fix/ riru unshare]
Shihabus Sakib Rad said:
Well, i don't have any particular issue regarding safetynet being failed. I am just curious if this combination is possible?
As i have noticed from various threads that the major purpose of safetynet pass is to get the device certified in play store.
Correct me if i am wrong.
Info:
Samsung A30; Android 10; Bliss Rom 12.10
Magisk 20.4
Riru 25.3.4
Edxposed 0.5.2.2.2
Magisk hide enabled in app [22.1] and working fine for apps [pubg mobile, in my case] that detects root.
No special module installed to pass safetynet like [Magiskhide props config/ HiddenCore module/ safetynet fix/ riru unshare]
Click to expand...
Click to collapse
This is one of the reasons, if your device is not certified, you can't install (at least not officially) some apps like Netflix. Additionally, failing safetynet results in that you can't use Google Pay or other paying services or banking apps which rely on safetynet check
It is perfectly possible to have a certified Play store even though SafetyNet fails (and vice versa). Eventually it will catch up though...
that's a bug ... the Device is Certified from Play Store is not accurate it doesn't update realtime if you clear Play Store data it would say Device is not Certified
the Magisk SafetyNet Test is accurate
Didgeridoohan said:
It is perfectly possible to have a certified Play store even though SafetyNet fails (and vice versa). Eventually it will catch up though...
Click to expand...
Click to collapse
Actually, the device showed certified from very beginning of root. I never tested safetynet until today. I checked safetynet just out of curiosity. Now i flashed three modules: Magiskhide props config(vendor fingerprint treble gsi), HiddenCore module and riru unshare. Safetynet is passed in Magisk app due to HiddenCore module but as others have pointed out in other threads, this might be only in a magisk app.
Lord Sithek said:
This is one of the reasons, if your device is not certified, you can't install (at least not officially) some apps like Netflix. Additionally, failing safetynet results in that you can't use Google Pay or other paying services or banking apps which rely on safetynet check
Click to expand...
Click to collapse
I just checked that Netflix app is not available on my device!
Shihabus Sakib Rad said:
I just checked that Netflix app is not available on my device!
Click to expand...
Click to collapse
have you tried doing my recommendation?
ineedroot69 said:
have you tried doing my recommendation?
Click to expand...
Click to collapse
Let it be as it is. I don't use Netflix or any other apps that requires certified device. I play pubg mobile which works fine with magisk hide.
ineedroot69 said:
have you tried doing my recommendation?
Click to expand...
Click to collapse
Please what's your recommendation?
A banking app I've been using for years has always worked after putting it on the Deny List. I updated it recently and it now won't work with Magisk installed regardless of what I do.
As soon as I patch the boot image with Magisk it complains that the device is rooted and locks me out. That's without even installing the Magisk app, also without Zygisk etc.
I can pass SafetyNet and Play Protect certification with Universal Safety Net Fix and Magisk Hide Props Config modules. However that doesn't make the banking app work.
So far I've also tried:
* Magisk Delta, Zygisk off, with sulist on whitelist mode (also tried Delta's Magisk Hide)
* Shamiko
* Hide My Applist (various configs)
* Disabling root from Magisk app
* Renaming the Magisk app
* Downgrading the banking app (it no longer detects root but locks me out until I upgrade)
* Cloning the banking app to Work Profile with Shelter (this is the only thing that gets rid of the message about being rooted. But then it bizarrely claims it can't connect to the server to login!?)
I'm now at a loss as to what else to try. Any ideas please?
What's the banking app name?
Also install Ruru and see what might be the problem. Make the same steps you use to hide your banking apps. Also clear data of Ruru before each test.
Releases · byxiaorun/Ruru
An android sample app of detecting suspicious apps like magisk manager - byxiaorun/Ruru
github.com
makeyourself said:
A banking app I've been using for years has always worked after putting it on the Deny List. I updated it recently and it now won't work with Magisk installed regardless of what I do.
As soon as I patch the boot image with Magisk it complains that the device is rooted and locks me out. That's without even installing the Magisk app, also without Zygisk etc.
I can pass SafetyNet and Play Protect certification with Universal Safety Net Fix and Magisk Hide Props Config modules. However that doesn't make the banking app work.
So far I've also tried:
* Magisk Delta, Zygisk off, with sulist on whitelist mode (also tried Delta's Magisk Hide)
* Shamiko
* Hide My Applist (various configs)
* Disabling root from Magisk app
* Renaming the Magisk app
* Downgrading the banking app (it no longer detects root but locks me out until I upgrade)
* Cloning the banking app to Work Profile with Shelter (this is the only thing that gets rid of the message about being rooted. But then it bizarrely claims it can't connect to the server to login!?)
I'm now at a loss as to what else to try. Any ideas please?
Click to expand...
Click to collapse
I have found some banking apps are calling an external site and somehow they are detecting reporting back root. I had an issue with Halifax and Starling before.
Starling for me tripped over the last few days, and I used pcap droid to trace what hosts it was calling during app start up.
I found that when i blocked the following address:-
firebaseremoteconfig.googleapis.com
it all worked OK.
Try it if you use Adaway or a DNS provider and add this to your blacklist
spida_singh said:
I have found some banking apps are calling an external site and somehow they are detecting reportign back root. I had an issue with Haliafx and Starling before.
Starlign for me tripped over the last few days, and i used pcap droid to trace what hosts it was calling during app start up.
I found that when i blocked the following address:-
firebaseremoteconfig.googleapis.com
it all worked OK.
Try it if you use Adaway or a DNS provider and add this to your blacklist
Click to expand...
Click to collapse
I was wondering why Starling suddenly started failing - thanks!
Try hide root with some google apps on deny list. (u can search "html", "webview", "feedback" then enable hide them all apps which include these words.
giociampa said:
I was wondering why Starling suddenly started failing - thanks!
Click to expand...
Click to collapse
Ta
For ref - Process for Noobies is here;
MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0
Universal SafetyNet Fix Magisk module Magisk module to work around Google's SafetyNet attestation. This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS...
forum.xda-developers.com
Files and all
spida_singh said:
I have found some banking apps are calling an external site and somehow they are detecting reportign back root. I had an issue with Haliafx and Starling before.
Starlign for me tripped over the last few days, and i used pcap droid to trace what hosts it was calling during app start up.
I found that when i blocked the following address:-
firebaseremoteconfig.googleapis.com
it all worked OK.
Try it if you use Adaway or a DNS provider and add this to your blacklist
Click to expand...
Click to collapse
Thanks. Worked for me on my 6t using LOS20 and Starling
surajpai524 said:
What's the banking app name?
Click to expand...
Click to collapse
Starling
surajpai524 said:
Also install Ruru and see what might be the problem. Make the same steps you use to hide your banking apps. Also clear data of Ruru before each test.
Releases · byxiaorun/Ruru
An android sample app of detecting suspicious apps like magisk manager - byxiaorun/Ruru
github.com
Click to expand...
Click to collapse
If I rename/repackage the Magisk app and use Deny List then the only things Ruru detects is the Magisk app itself (even though it's renamed) and TWRP. TWRP doesn't seem to be the problem because the banking app doesn't seem to care if I've got that installed so long as Magisk isn't installed to ramdisk. And the banking app is clearly detecting something other than just the Magisk app because it trips after flashing Magisk from recovery, even if the Magisk app isn't installed.
I think @spida_singh may have a solution though!
spida_singh said:
I have found some banking apps are calling an external site and somehow they are detecting reporting back root. I had an issue with Halifax and Starling before.
Starling for me tripped over the last few days, and I used pcap droid to trace what hosts it was calling during app start up.
I found that when i blocked the following address:-
firebaseremoteconfig.googleapis.com
it all worked OK.
Try it if you use Adaway or a DNS provider and add this to your blacklist
Click to expand...
Click to collapse
Thanks very much, yes it's Starling I'm having the problem with! Have not tried your solution yet but will do when I have time. Edit: Just tried and it works !!
I did have a look at the DNS requests from the Starling app and I think I may have even noticed the domain name you mention. But wouldn't have guessed it was that causing it! I'd be interested to know how that works... Are Google apps (I have minimal amount installed) spying on my applist and reporting it to my bank!? Kind of creepy! Also quite weird seeing as Google Pay/Wallet doesn't complain!
makeyourself said:
Thanks very much, yes it's Starling I'm having the problem with! Have not tried your solution yet but will do when I have time.
I did have a look at the DNS requests from the Starling app and I think I may have even noticed the domain name you mention. But wouldn't have guessed it was that causing it! I'd be interested to know how that works... Are Google apps (I have minimal amount installed) spying on my applist and reporting it to my bank!? Kind of creepy! Also quite weird seeing as Google Pay/Wallet doesn't complain!
Click to expand...
Click to collapse
Starling will manage the API in how it works for their app, only they will know, i honesltly have no idea, i know Halifax have done this in the past, and now Starling, and simply blocking it allows the app to work, but, as you, im intrigued to know what the app is 'reading' and sending back to report the device is rooted.
PCAP droid can check the payload and dump it to see what was happening with that request, and whats being sent back.
spida_singh said:
Starling will manage the API in how it works for their app, only they will know, i honesltly have no idea, i know Halifax have done this in the past, and now Starling, and simply blocking it allows the app to work, but, as you, im intrigued to know what the app is 'reading' and sending back to report the device is rooted.
PCAP droid can check the payload and dump it to see what was happening with that request, and whats being sent back.
Click to expand...
Click to collapse
Id like to know too - But use my file from post #7 and it should work
I think I spoke to soon. It's still showing up for me when I quit the Starling app.
I tried Starling app and at first it detected root but once I added to Deny list in Magisk. It didn't detect and went to login page.
My root detection bypass configs:-
Magisk (Not hidden/ Name unchanged / Not Frozen)
Magisk Deny List
Shamiko 0.7
Hide My AppList (LSPosed Module)
Universal SafetyNet Fix mod by Displex
I don't know other behaviour like after login and stuff, since I don't have an account.
Ruru screenshot: even with xposed modules and Magisk app not hidden
Prof. Yaffle said:
I think I spoke to soon. It's still showing up for me when I quit the Starling app.
Click to expand...
Click to collapse
Do you have the the domain mentioned above blacklisted in Adaway and the app on Magisk Deny List with Deny List enforcing? All working fine here now.
I also have USNF (kdrag0n) and Magisk Hide Props Config installed. Magisk 26.1
Also you have to clear the app's data before that message will go away.
Yes, I've tried it added manually and also with the file. Same result both ways. I have the Magisk app hidden, Starling in the Deny list but Enforce disabled as I'm using Shamiko.
Edit
I've just cleared the Starling app data and it seems okay at the moment
FYI - Latest May update for Pixel and Starling latest update now break the method in this thread - Searching for workaround
fkofilee said:
FYI - Latest May update for Pixel and Starling latest update now break the method in this thread - Searching for workaround
Click to expand...
Click to collapse
I'm running the latest starling absolutely fine on my Pixel 6. Same set-up (latest linesgeos nightly)
Magisk Delta
USNF by displax
PCAP block list still contains this host
What is your setup?
Official Magisk, UNSF from Displax, Fingerprint Props.
Adaway still contains the host file I made.
My OnePlus 6t on the latest Lineageos 20 nightly seems fine with Shamiko, USNF Mod and the blocked host in Adaway