deny list google Google Play services unchecks itself - Magisk

Google Play services keeps unchecking itself in the Zygisk deny list after a reboot. I recentely factory reset my device and afterwards this problem occured. I'm pretty sure that it worked before and I'm sure that i was able to setup contaactless payment with Google Pay / Google Wallet before which isn't possible anymore. I'm fairily confident that this is due to Google Play services unchecking itself. I already tried factory resetting the device again and flashing a "clean" image (the original firmware without Magisk) and then going through the process of installing Magsik again. It didnt help!
Device: Galaxy A42 5G (A246B)
Magisk Version: 25.2 (not 100% sure that Magisk was up to date when it worked)

@EmilEmilchen Are you using USNF (Universal SafetyNet Fix)? If yes, the module is designed to remove GMS from the denylist. See here.

Yes, I am usimg USNF. I wasnt aware that it initentionally deletes GMS... Thank you! But why? And I was using USNF before as well and it was working perfectely fine. I have no idea why.

Related

Apps refuse to start because phone being rooted but it isn't!

At least 2 of my Apps refuse to start. One is my banking app and they do not offer any other way of interaction.
The problem is that the phone in fact is not rooted! It's just "OEM unlocked" to be prepared for root (which I need for E.g. titanium backup, but only maybe once a month).
Please give me a way out of this vicious circle!
I cannot remove the OEM unlock because it requires full wipe every time. Or is there a way?
Or what can I possibly tell the App Provider to improved their Code so that Oneplus phone state is being recognized (more) correctly?
Any help would be greatly appreciated.
Use Magisk I guess? Use it to hide root from that app.
Reeb_Lam said:
Use Magisk I guess? Use it to hide root from that app.
Click to expand...
Click to collapse
In fact I already flashed an official image and still (with no zip installed via TWRP) I'm getting refusals from these apps.
So for sure some apps decide from something else then simply an installed "root" manager or the installed "su" binaries.
What else could they decide from? "OEM unlock" was my first guess (and it would also be the worst, because as far as I know it can't be "hidden" temporarily, or can it?), but maybe there are other settings. Does anybody know more?
ako673de said:
In fact I already flashed an official image and still (with no zip installed via TWRP) I'm getting refusals from these apps.
So for sure some apps decide from something else then simply an installed "root" manager or the installed "su" binaries.
What else could they decide from? "OEM unlock" was my first guess (and it would also be the worst, because as far as I know it can't be "hidden" temporarily, or can it?), but maybe there are other settings. Does anybody know more?
Click to expand...
Click to collapse
You need to do some reading about Safetynet. If you're OEM unlocked you fail Verified Boot checks. Most custom Kernels include a bypass for this. Magisk alone should also work. I think you missed one important step:
Open Play Store Settings. Scroll down. It says 'Uncertified' at the bottom, right? Now install and set up Magisk. Go to system App Settings and clear Data and Cache for Play Store. Return to the Play Store Settings and scroll down. Now it should say 'Certified'. It might not be immediate, but it will happen. Now your Banking Apps work.
If you don't want, or have no luck with Magisk, simply flash a Custom Kernel that bypasses Verified Boot, and works with OOS.
Simple.
Thank you. That was for sure a major part of the overall issue. Unfortunately it didn't yet fix it. I'm now certified in play store and magisk succeeds with both safety net checks (which however it also did before). And root is disabled in magisk. dm-verity does not show the warning during Boot and the Check itself should be disabled (I followed the recommendation in another Thread to Patch the Boot Image).
Anything else you can imagine?
ako673de said:
Thank you. That was for sure a major part of the overall issue. Unfortunately it didn't yet fix it. I'm now certified in play store and magisk succeeds with both safety net checks (which however it also did before). And root is disabled in magisk. dm-verity does not show the warning during Boot and the Check itself should be disabled (I followed the recommendation in another Thread to Patch the Boot Image).
Anything else you can imagine?
Click to expand...
Click to collapse
Link to other Thread?
I don't know Magisk but are you hiding Root from your Banking App? Have you cleared Data and Cache for the Banking App since getting Certified?
First my phone did not Boot any more after installing superSU. Fixed that by patching Boot.img (to disable dm-verity) according to this thread: https://forum.xda-developers.com/oneplus-3t/how-to/disable-dm-verity-force-encryption-op3t-t3688748
Now data and cache of all (now) 3 affected Apps has been cleared and Magisk is configured to be hidden for them, but still no change.
However, in Magisk there is the "extended" option "AVB 2.0/keep dm-verity", which is unticked. I'm not sure, should I try to set it?
Any other idea?
ako673de said:
Any other idea?
Click to expand...
Click to collapse
Nope. If Play Store says Certified you should be good to go. I can only imagine it's a Magisk issue. Post screenshots of your config and let the Magisk experts pick through them. Maybe there's something not set up correctly.
ako673de said:
First my phone did not Boot any more after installing superSU. Fixed that by patching Boot.img (to disable dm-verity) according to this thread: https://forum.xda-developers.com/oneplus-3t/how-to/disable-dm-verity-force-encryption-op3t-t3688748
Now data and cache of all (now) 3 affected Apps has been cleared and Magisk is configured to be hidden for them, but still no change.
However, in Magisk there is the "extended" option "AVB 2.0/keep dm-verity", which is unticked. I'm not sure, should I try to set it?
Any other idea?
Click to expand...
Click to collapse
Hide Magisk Manager. I had to do that to get my banking app to work.
Edit: you may need to reboot after hiding Magisk Manager and clear you banking app's data before it works.
Sent from my OnePlus3T using XDA Labs
Thank you, indeed that WORKED! Well, at least for 2 out of 3 Apps. I think I can tell which one: "HVB banking". Maybe could somebody cross-check this one on his/her phone?
After firmware update to OOS 5.0.5 I now have the problem that my PlayStore can no longer be convinced in any way to show that it's certified. But interestingly my banking Apps work (currently really no root app installed). I even waited for one day because earlier in this thread somebody mentioned that it might take awhile. Is there anything special I need to care about under the new OS version?
ako673de said:
After firmware update to OOS 5.0.5 I now have the problem that my PlayStore can no longer be convinced in any way to show that it's certified. But interestingly my banking Apps work (currently really no root app installed). I even waited for one day because earlier in this thread somebody mentioned that it might take awhile. Is there anything special I need to care about under the new OS version?
Click to expand...
Click to collapse
Did you reflash custom kernel after update?
I'm not using any. What I did right after the update is to disable dm-verity (with a patched boot.img), like I did last time. But magisk is not yet re-installed because I wanted to see at least once the HypoVereinsbank App working, which it in fact does (different to last time when the phone was not rooted as well, and the store not certified!).
ako673de said:
But magisk is not yet re-installed
Click to expand...
Click to collapse
That's why... You can't pass the ctsProfile check if your bootloader is unlocked, and if you can't pass the ctsProfile check the Play Store won't be certified. You need Magisk for that...
Now I'm getting confused. The initial mail of this thread explains the situation as it was when I opened this thread:
--> Original ROM, no root, and banking apps didn't work <--
The advice to clear data of the PlayStore immediately brought the PlayStore back to "certified".
This is clearly in contrast to what you're saying now.
I can imagine only one reason: Maybe the older PlayStore had a bug and therefore was able to "certify" even with unlocked bootloader?
Sidenote: My main intention to do the firmware upgrade was that the "safety net checks" in Magisk suddenly stopped working one day (with the error message "invalid response", most probably you know what I'm talking about, I've read some comments from you on this issue). Therefore it's maybe really not too unlikely that Google has changed something very basic. Could you please confirm?
Edit: Now magisk is back, version 16.7, and in fact PlayStore is back to "certified" AND now even the HypoVereinsbank App works. Just one thing remains: magisk safety net check still says "invalid response" (after it downloaded some "FOSS" code, which it didn't do last time, when it was still working).
ako673de said:
Edit: Now magisk is back, version 16.7, and in fact PlayStore is back to "certified" AND now even the HypoVereinsbank App works. Just one thing remains: magisk safety net check still says "invalid response" (after it downloaded some "FOSS" code, which it didn't do last time, when it was still working).
Click to expand...
Click to collapse
https://www.didgeridoohan.com/magisk/MagiskHide#hn_The_response_is_invalid
Sorry, now comes a probably often asked question: do I need the safetynet check option in magisk for something real? Or do the alternative apps fulfill all possible needs? What are these needs? Isn't that exactly what the PlayStore does to determine "certified"?
After quite some months of absolutely no "root" problems with any of my apps, since today o2banking again doesn't work.
I tried to update Magisk, but after update of the Magisk manager app to v7.1.1(203) it reports that Magisk is not installed at all, and any update of Magisk itself resulted in just the same. So I reverted back to v6.1.0(165) and everything seems to be okay, except that o2banking doesn't work. SafetyNet is clean, Magisk is hidden for o2banking and Magisk manager is repacked.
Does anybody know what the problem might be? Especially with that new version of the manager app, but also with Magisk v19.0 which cannot be installed from v6.1.0 (max. is v18.1). Any ideas welcome! I'm now on OOS 5.0.8 by the way.
SOLVED it myself: As mentioned somewhere in the update FAQ of Magisk there was a bug in manager v6.1.0 that causes the updated v7.1.1 to co-exist with the old version if the old version has been re-packed. If anybody encounters the same problem, the solution is at the bottom of this page: https://www.didgeridoohan.com/magisk/ManagerIssues.
o2banking will then still not work. Update to v19.0 is mandatory. But that is no problem then any more...
probably your banking app identified oxygen os as custom rom and have root. 1 out of 3 banking app in my phone doesn't work with lineageos even though i already hide magisk, but when running oxygen os with magisk hide, and also hide magisk manager (turn it on in magisk manager setting) all 3 banking app work just fine. maybe try sending a message to bank app developer to add oxygen os as exception.
Did you notice my edit? It was a problem with magisk manager update and magisk main version. Now everything is back up and running.

Magisk problem with SafetyNet control

Good morning all
I just installed on my Note 9 "Guinea Pig" SM-N960F the new version of the 5DTB6 XEF rom and I have a problem with SafetyNet control.
I have this under Magisk Manager v7.5.1:
- Successful SafetyNet Control
- CtsProfile: False
- BasicIntegrity: True
And in Google Play Store, under "Settings" it says "The device is not certified"
(I deleted the data from the Google Play Store app and reboot without solving the problem)
Besides now I have the same problem with my other Galaxy Note 9 SM-N960F under 4DTA5 XEF for which SafetyNet was OK when installing this version last month.
Test 1: I reinstall Odin version 5DTB6 with CSC_xxx to reset everything, without the Root -> Identical error
Test 2: Root using the AP file patch method without TWRP -> Identical error
Test 3: Root with TWRP -> Identical error
No problem with my One + 7T Pro, SafetyNet is OK, under Google Play Store, there is the mention "The device is certified" with the same version of Magisk and Recovery Stock.
Have you noticed the same SafetyNet problem under Magisk Manager ??
Thank you for your answers and have a nice day
my previously working N9600 has SafetyNet broken as well (same thing, CTS profile false, basic integrity true). Apparently it's not just Note9s, a lot of devices are having issues. As for a fix, the best thing rn I believe is to just wait and see if it gets resolved....
I tried SafetyPatcher, magisk core only mode, and fingerprint changer with no luck. I'm restoring a backup to see if it changes (and fix some other stuff, will update if that makes a differnce)
Edit: Restoring from a previous system partition backup didn't help either but curiously PoGo (which won't work at all without safetynet I believe) works fine so idk what is wrong

How to root OSS and still pass safetynet checks (2022)

So I just bought a OnePlus 7T Pro McClaren Edition and its great
But I would really like to have it rooted.
I currently finally have stock rom installed again (after many frustrating hours) and am now passing the safetynet check.
I can:
1. Install Magisk (as an apk),
2. Patch boot.img
3. Unlock oem
4. Flash the patched img file
This works and I can have root access.
So far, unless I flash the original boot.img and wipe data again, I cannot lock OEM again (without seeing the corrupted data message).
Also, without locking oem, I'd keep getting the boot warning about bootloader being unlocked (which I guess is not so bad).
Seems like unless I have stock rom flashed, the safetynet check CTS test fails.
Anyways, I'm trying to find a way to root OOS and still pass the safetynet checks.
Thanks.
You need to enable Zygisk in Magisk, configure DenyList (walletfcrel, walletnfrćrelrimes_lifeboat and gapps and gservices), clear all data from Play Store, Play Services and GPay and reboot
Hi, Gpay updated to Google Wallet this method no longer works.
slapman said:
Hi, Gpay updated to Google Wallet this method no longer works.
Click to expand...
Click to collapse
Hi, yes, it does, i can confirm on both Oneplus 7 and Oneplus 7t Pro. You need to install universalsafetynetfix magisk module additionally and don't forget to wipe the data of gpay, google play and play services
DartGerion said:
Hi, yes, it does, i can confirm on both Oneplus 7 and Oneplus 7t Pro. You need to install universalsafetynetfix magisk module additionally and don't forget to wipe the data of gpay, google play and play services
Click to expand...
Click to collapse
At the time it didn't, and I had to find the the updated safetnet fix especially after updating to Android 12 and I custom ROM crDroid 13.
What Android version /oos version are you using ?

Question Sudden Google Wallet Issue on NE2213.

Hey!
So suddenly my Google Wallet decided he's not working and giving me "Phone doesn't meet security requirements".
When trying to pay it won't let me.
Denying list:
Google Wallet
Google Service Framework
Google Play Store.
SafetyNet Fix is installed and pass (Checked with YASNAC)
What can i do to fix it?
NE2213
OOS13 C30
Use this safetynet fix mod. Sometimes the original fails too.
Unninstall the original one, reboot, install the mod, clear play store, play services and wallet data, reboot.
I have this sam problem :/ everything was fine latest universal safety net fix latest wallet safety net is pass but wallet not working
Bartx96 said:
I have this sam problem :/ everything was fine latest universal safety net fix latest wallet safety net is pass but wallet not working
Click to expand...
Click to collapse
I had the same message last week. Juste flash universal safety mod 2.31 et all is becomed good. You can verify with intégrity checker that you sécurity with SUCCESS MEETS DEVICE AND MEETS BASIC.
Machad3x said:
Use this safetynet fix mod. Sometimes the original fails too.
Unninstall the original one, reboot, install the mod, clear play store, play services and wallet data, reboot.
Click to expand...
Click to collapse
This one worked perfectly!
I'm in the same boat, denied the same apps in magisk.
Currently on C30 too and my midweek is 2213.
Have the safety net fix 2.4.0 which is passing safety net , zygisk enabled and systemless turned on.
I haven't cleared the play store, services but have on wallet.
Someone mentioned another safety net module but I can't seem to see it.
Any ideas?!
Edit: ok so this one works perfectly, able to add two cards.
Releases · Displax/safetynet-fix
Google SafetyNet attestation workarounds for Magisk - Displax/safetynet-fix
github.com

Google Play Services Avoid Magisk?

Hi, I have this problem since yesterday. In the morning I paid the phone normally via Google Wallet, and in the evening I already had a message about an untrusted device. All tests pass correctly, I have Universal SafetyNet, the device is certified. Tried clearing app data and nothing. Only Google Wallet doesn't work, the rest of the apps don't detect root. I've noticed that hiding Magisk for Google Play Services is now automatically unchecked after restarting the phone. Just reboot and you have to check again, and still there is a message in Google Wallet. Anyone got an idea what to do?
WSZR said:
Hi, I have this problem since yesterday. In the morning I paid the phone normally via Google Wallet, and in the evening I already had a message about an untrusted device. All tests pass correctly, I have Universal SafetyNet, the device is certified. Tried clearing app data and nothing. Only Google Wallet doesn't work, the rest of the apps don't detect root. I've noticed that hiding Magisk for Google Play Services is now automatically unchecked after restarting the phone. Just reboot and you have to check again, and still there is a message in Google Wallet. Anyone got an idea what to do?
Click to expand...
Click to collapse
Does it pass integrity check? Safetynet isn't really used anymore.
cabagekiller said:
Does it pass integrity check? Safetynet isn't really used anymore.
Click to expand...
Click to collapse
Nope I have the official rom. What could be the problem? I didn't change anything yesterday.
WSZR said:
Nope I have the official rom. What could be the problem? I didn't change anything yesterday.
Click to expand...
Click to collapse
You need the modded safetynet universal fix by displax. It fixed the issues I had with integrity. Block play services gms and gms unstable and play store vending. Give it some time and it will work.
WSZR said:
I've noticed that hiding Magisk for Google Play Services is now automatically unchecked after restarting the phone
Click to expand...
Click to collapse
That's because USNF (Universal SafetyNet Fix) is designed to remove GMS from the denylist. See here.
cabagekiller said:
You need the modded safetynet universal fix by displax. It fixed the issues I had with integrity. Block play services gms and gms unstable and play store vending. Give it some time and it will work.
Click to expand...
Click to collapse
It's working, thanks!

Categories

Resources