Database Develop

Apps refuse to start because phone being rooted but it isn't!

At least 2 of my Apps refuse to start. One is my banking app and they do not offer any other way of interaction.
The problem is that the phone in fact is not rooted! It's just "OEM unlocked" to be prepared for root (which I need for E.g. titanium backup, but only maybe once a month).
Please give me a way out of this vicious circle!
I cannot remove the OEM unlock because it requires full wipe every time. Or is there a way?
Or what can I possibly tell the App Provider to improved their Code so that Oneplus phone state is being recognized (more) correctly?
Any help would be greatly appreciated.

Use Magisk I guess? Use it to hide root from that app.

Reeb_Lam said:
Use Magisk I guess? Use it to hide root from that app.
Click to expand...
Click to collapse
In fact I already flashed an official image and still (with no zip installed via TWRP) I'm getting refusals from these apps.
So for sure some apps decide from something else then simply an installed "root" manager or the installed "su" binaries.
What else could they decide from? "OEM unlock" was my first guess (and it would also be the worst, because as far as I know it can't be "hidden" temporarily, or can it?), but maybe there are other settings. Does anybody know more?

ako673de said:
In fact I already flashed an official image and still (with no zip installed via TWRP) I'm getting refusals from these apps.
So for sure some apps decide from something else then simply an installed "root" manager or the installed "su" binaries.
What else could they decide from? "OEM unlock" was my first guess (and it would also be the worst, because as far as I know it can't be "hidden" temporarily, or can it?), but maybe there are other settings. Does anybody know more?
Click to expand...
Click to collapse
You need to do some reading about Safetynet. If you're OEM unlocked you fail Verified Boot checks. Most custom Kernels include a bypass for this. Magisk alone should also work. I think you missed one important step:
Open Play Store Settings. Scroll down. It says 'Uncertified' at the bottom, right? Now install and set up Magisk. Go to system App Settings and clear Data and Cache for Play Store. Return to the Play Store Settings and scroll down. Now it should say 'Certified'. It might not be immediate, but it will happen. Now your Banking Apps work.
If you don't want, or have no luck with Magisk, simply flash a Custom Kernel that bypasses Verified Boot, and works with OOS.
Simple.

Thank you. That was for sure a major part of the overall issue. Unfortunately it didn't yet fix it. I'm now certified in play store and magisk succeeds with both safety net checks (which however it also did before). And root is disabled in magisk. dm-verity does not show the warning during Boot and the Check itself should be disabled (I followed the recommendation in another Thread to Patch the Boot Image).
Anything else you can imagine?

ako673de said:
Thank you. That was for sure a major part of the overall issue. Unfortunately it didn't yet fix it. I'm now certified in play store and magisk succeeds with both safety net checks (which however it also did before). And root is disabled in magisk. dm-verity does not show the warning during Boot and the Check itself should be disabled (I followed the recommendation in another Thread to Patch the Boot Image).
Anything else you can imagine?
Click to expand...
Click to collapse
Link to other Thread?
I don't know Magisk but are you hiding Root from your Banking App? Have you cleared Data and Cache for the Banking App since getting Certified?

First my phone did not Boot any more after installing superSU. Fixed that by patching Boot.img (to disable dm-verity) according to this thread: https://forum.xda-developers.com/oneplus-3t/how-to/disable-dm-verity-force-encryption-op3t-t3688748
Now data and cache of all (now) 3 affected Apps has been cleared and Magisk is configured to be hidden for them, but still no change.
However, in Magisk there is the "extended" option "AVB 2.0/keep dm-verity", which is unticked. I'm not sure, should I try to set it?
Any other idea?

ako673de said:
Any other idea?
Click to expand...
Click to collapse
Nope. If Play Store says Certified you should be good to go. I can only imagine it's a Magisk issue. Post screenshots of your config and let the Magisk experts pick through them. Maybe there's something not set up correctly.

ako673de said:
First my phone did not Boot any more after installing superSU. Fixed that by patching Boot.img (to disable dm-verity) according to this thread: https://forum.xda-developers.com/oneplus-3t/how-to/disable-dm-verity-force-encryption-op3t-t3688748
Now data and cache of all (now) 3 affected Apps has been cleared and Magisk is configured to be hidden for them, but still no change.
However, in Magisk there is the "extended" option "AVB 2.0/keep dm-verity", which is unticked. I'm not sure, should I try to set it?
Any other idea?
Click to expand...
Click to collapse
Hide Magisk Manager. I had to do that to get my banking app to work.
Edit: you may need to reboot after hiding Magisk Manager and clear you banking app's data before it works.
Sent from my OnePlus3T using XDA Labs

Thank you, indeed that WORKED! Well, at least for 2 out of 3 Apps. I think I can tell which one: "HVB banking". Maybe could somebody cross-check this one on his/her phone?

After firmware update to OOS 5.0.5 I now have the problem that my PlayStore can no longer be convinced in any way to show that it's certified. But interestingly my banking Apps work (currently really no root app installed). I even waited for one day because earlier in this thread somebody mentioned that it might take awhile. Is there anything special I need to care about under the new OS version?

ako673de said:
After firmware update to OOS 5.0.5 I now have the problem that my PlayStore can no longer be convinced in any way to show that it's certified. But interestingly my banking Apps work (currently really no root app installed). I even waited for one day because earlier in this thread somebody mentioned that it might take awhile. Is there anything special I need to care about under the new OS version?
Click to expand...
Click to collapse
Did you reflash custom kernel after update?

I'm not using any. What I did right after the update is to disable dm-verity (with a patched boot.img), like I did last time. But magisk is not yet re-installed because I wanted to see at least once the HypoVereinsbank App working, which it in fact does (different to last time when the phone was not rooted as well, and the store not certified!).

ako673de said:
But magisk is not yet re-installed
Click to expand...
Click to collapse
That's why... You can't pass the ctsProfile check if your bootloader is unlocked, and if you can't pass the ctsProfile check the Play Store won't be certified. You need Magisk for that...

Now I'm getting confused. The initial mail of this thread explains the situation as it was when I opened this thread:
--> Original ROM, no root, and banking apps didn't work <--
The advice to clear data of the PlayStore immediately brought the PlayStore back to "certified".
This is clearly in contrast to what you're saying now.
I can imagine only one reason: Maybe the older PlayStore had a bug and therefore was able to "certify" even with unlocked bootloader?
Sidenote: My main intention to do the firmware upgrade was that the "safety net checks" in Magisk suddenly stopped working one day (with the error message "invalid response", most probably you know what I'm talking about, I've read some comments from you on this issue). Therefore it's maybe really not too unlikely that Google has changed something very basic. Could you please confirm?
Edit: Now magisk is back, version 16.7, and in fact PlayStore is back to "certified" AND now even the HypoVereinsbank App works. Just one thing remains: magisk safety net check still says "invalid response" (after it downloaded some "FOSS" code, which it didn't do last time, when it was still working).

ako673de said:
Edit: Now magisk is back, version 16.7, and in fact PlayStore is back to "certified" AND now even the HypoVereinsbank App works. Just one thing remains: magisk safety net check still says "invalid response" (after it downloaded some "FOSS" code, which it didn't do last time, when it was still working).
Click to expand...
Click to collapse
https://www.didgeridoohan.com/magisk/MagiskHide#hn_The_response_is_invalid

Sorry, now comes a probably often asked question: do I need the safetynet check option in magisk for something real? Or do the alternative apps fulfill all possible needs? What are these needs? Isn't that exactly what the PlayStore does to determine "certified"?

After quite some months of absolutely no "root" problems with any of my apps, since today o2banking again doesn't work.
I tried to update Magisk, but after update of the Magisk manager app to v7.1.1(203) it reports that Magisk is not installed at all, and any update of Magisk itself resulted in just the same. So I reverted back to v6.1.0(165) and everything seems to be okay, except that o2banking doesn't work. SafetyNet is clean, Magisk is hidden for o2banking and Magisk manager is repacked.
Does anybody know what the problem might be? Especially with that new version of the manager app, but also with Magisk v19.0 which cannot be installed from v6.1.0 (max. is v18.1). Any ideas welcome! I'm now on OOS 5.0.8 by the way.
SOLVED it myself: As mentioned somewhere in the update FAQ of Magisk there was a bug in manager v6.1.0 that causes the updated v7.1.1 to co-exist with the old version if the old version has been re-packed. If anybody encounters the same problem, the solution is at the bottom of this page: https://www.didgeridoohan.com/magisk/ManagerIssues.
o2banking will then still not work. Update to v19.0 is mandatory. But that is no problem then any more...

probably your banking app identified oxygen os as custom rom and have root. 1 out of 3 banking app in my phone doesn't work with lineageos even though i already hide magisk, but when running oxygen os with magisk hide, and also hide magisk manager (turn it on in magisk manager setting) all 3 banking app work just fine. maybe try sending a message to bank app developer to add oxygen os as exception.

Did you notice my edit? It was a problem with magisk manager update and magisk main version. Now everything is back up and running.

Blind app is detecting root with Magisk Hide

I've got an app I'd like to use that somehow keeps detecting root. It's called Blind (https://play.google.com/store/apps/details?id=com.teamblind.blind)
I've also got Pokemon Go installed, but that works just fine. Not problems with Magisk Hide.
I'm ready and willing to provide logs and such, just not sure where I should start.
Thanks!

https://www.didgeridoohan.com/magisk/MagiskHideHidingRoot

mew1033 said:
I've got an app I'd like to use that somehow keeps detecting root. It's called Blind (https://play.google.com/store/apps/details?id=com.teamblind.blind)
I've also got Pokemon Go installed, but that works just fine. Not problems with Magisk Hide.
I'm ready and willing to provide logs and such, just not sure where I should start.
Thanks!
Click to expand...
Click to collapse
Did you ever figure it out?

Just. Tried too. For test lol.
Didn't work for me.
I'm having issue with spay for gear 3.
If you can figure it out and maybe we can also both our issues

It suddenly started working for me today...

I was having this issue too. I eventually got so frustrated, I unrooted my device, relocked the bootloader, and did a factory reset. Still thinks I'm rooted, even though I'm completely factory. I think they get some unique device identifier and block your device server-side
If anyone figures it out, please let me know.
A bit of an annoying workaround: if you can make a comment with a different phone, and you get a notification telling you someone replied, you can open the app by tapping on the notification. However, it won't work if you open it by tapping on the icon

Any update?
Tried a whole bunch of things to hide Magisk. Blind just doesn't work.

Works!
Looks like Blind is detecting if your bootloader is unlocked. I installed this Magisk module called "SafetyPatch", which prevents apps from detecting if your bootloader is unlocked. That fixed it for me!

Darn, tried installing SafetyPatch, but still no luck
I suspect my phone has been blacklisted or something

I had checked logcat and it seems that blind was using com.liapp.lockincomp to detect root and display the alert. after hiding magisk manager and using magisk hide on blind it still didn't work even after clearing data/reinstalling the app. after a few days it magically started working again. guess they blacklist devices for x amount of time after they detect root.

I had Blind 2.5 and Magisk 17 working together. About two weeks ago I updated both and it stopped working. Anyone using Blind 2.6 with Magisk 18? I think my device got banned - downgrading Blind to 2.5 didn't help.

{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Seeing the issue on Blind 2.6.4 with Magisk Hide Enabled. Any other suggestions on a workaround?

Waited one week, installed Blind 2.5 from a backup and it works fine with Magisk 18.

babelus said:
Waited one week, installed Blind 2.5 from a backup and it works fine with Magisk 18.
Click to expand...
Click to collapse
So you uninstalled it & re-installed it after a week?
When you say backup, do you mean an APK that you had backed or a backup taken from TiBackup?

1nv1n said:
So you uninstalled it & re-installed it after a week?
When you say backup, do you mean an APK that you had backed or a backup taken from TiBackup?
Click to expand...
Click to collapse
Correct, uninstall Blind, wait a week, reinstall from backup of APK (TitaniumBackup). I can share the APK, but you shouldn't trust me.

I uninstalled Blind. Uninstalled Xposed. Made sure Magisk was able to pass all SafetyNet checks. Re-installed Blind from the Play Store. Used Magisk to hide it & was able to launch it without issues.

1nv1n said:
I uninstalled Blind. Uninstalled Xposed. Made sure Magisk was able to pass all SafetyNet checks. Re-installed Blind from the Play Store. Used Magisk to hide it & was able to launch it without issues.
Click to expand...
Click to collapse
Thanks for sharing, this worked for me
(Rooted stock Moto Z2 Force with Oreo)

Looks like it's broken again? I tried following the same process; but even after being hidden through Manager, it's still able to detect either root or bootloader unlock.
Anyone got any ideas?

1nv1n said:
Looks like it's broken again? I tried following the same process; but even after being hidden through Manager, it's still able to detect either root or bootloader unlock.
Anyone got any ideas?
Click to expand...
Click to collapse
I can confirm my workaround using the old version of Blind stopped working. New version works for a day or two after installation, then it detects root and I have to uninstall and wait for the ban to expire.

How many days does the ban last for?

Csprofile false still not getting resolved!

Phone: Redmi Note 7 Pro (Violet)
Bootloader: Unlocked
Issues: Magisk ctsprofile false
Troubleshooting:
I'm caught up in a very weird tough situation.
All was going good until I installed edxposed and gravitybox and some modules and since then Magisk kept returning ctsprofile false.
So I flashed stock MI rom using MIFlash tool and also re-locked BL.
So at this time the phone is just like a factory one..no magisk/xposed etc.
Then UL Bootloader and re-flashed twrp and same rom.
This time it should had worked but again Magisk kept returning ctsprofile false.
This is so frustrating.
I tried other roms as well like pixel exp. without any xposed crapp etc. but all showing ctsprofile false.
Tried updating magisk to latest and even downgrading but to no vail.
I even tried MagiskHidePropsConf-v4.0.3 but it didnt worked.
Tried magisk hide but no luck.
All safetynet check apps fail test.
Tried SafetyPatch-v3 and it worked but keep giving very annoying error on system boot about some huawei thing and have to ok everytime.
Any valuable suggestions to fix this for good??

If Safetypatch works, then MagiskHide Props Config should work as well. Did you set up a certified fingerprint after having installed the module? It's not a flash-and-forget module, it takes a bit of setup as well.
Safetypatch uses the same method, but doesn't let you pick a fingerprint, which is why you might get the error you're seeing. If you really want to use Safetypatch, you can get around that by editing the module boot script and replace the default fingerprint with one of your own, and also enabling editing of the vendor fingerprint (that's disabled by default in that module).
More info on SafetyNet, with tips and tricks can be found here:
https://didgeridoohan.com/magisk/MagiskHide#hn_SafetyNet

Didgeridoohan said:
editing the module boot script and replace the default fingerprint with one of your own, and also enabling editing of the vendor fingerprint (that's disabled by default in that module).
Click to expand...
Click to collapse
Hey thanks for the reply.
Can you please post a noob guide as to where to/how to find or define my own fingerprint and also edit vendor fingerprint?
Also, as I described, initially all was good but after xposed all screwed up. Even stock miui rom and then unlocking of BL isn't helping.
May I know the actual reason behind it as why reflashing different roms even after starting from scratch isnt helping to CSprofile True.

Those ROMs likely don't have a certified device fingerprint. It's also possible that Google tightened up something about that recently, so that fingerprints that did work without a correspond safety patch date now don't. That's pure guesswork on my part though, don't take it as fact.
The noob way of doing it would be to use MagiskHide Props Config and pick a fingerprint from the included list. Unfortunately I don't have a violet print in there at the moment... Luckily you can use whatever print that is certified, but if you really want a print from your device you can take a look a little further down in the docs for instructions.
If you find a matching print, you can use it in the module (by entering it manually), but also submit it in the module thread for me to include it in the list. Of course, you could also use it with Safetypatch by editing the module files found in /data/adb/modules/safetypatch (just replace the Huawei print with yours).

Didgeridoohan said:
Those ROMs likely don't have a certified device fingerprint. It's also possible that Google tightened up something about that recently, so that fingerprints that did work without a correspond safety patch date now don't. That's pure guesswork on my part though, don't take it as fact.
The noob way of doing it would be to use MagiskHide Props Config and pick a fingerprint from the included list. Unfortunately I don't have a violet print in there at the moment... Luckily you can use whatever print that is certified, but if you really want a print from your device you can take a look a little further down in the docs for instructions.
If you find a matching print, you can use it in the module (by entering it manually), but also submit it in the module thread for me to include it in the list. Of course, you could also use it with Safetypatch by editing the module files found in /data/adb/modules/safetypatch (just replace the Huawei print with yours).
Click to expand...
Click to collapse
Just wanna know what if I reflash stock miui rom and just extract its fingerprint from build.prop and after flashing back Havoc rom and rooting, use this original fingerprint with SafetyPatch-v3.zip, will this work?
And currently most of the suers have already flashed SafetyPatch-v3.zip which uses huawei fingerprint, will it be possible google might blacklist/block that as well?

nri_tech1183 said:
Just wanna know what if I reflash stock miui rom and just extract its fingerprint from build.prop and after flashing back Havoc rom and rooting, use this original fingerprint with SafetyPatch-v3.zip, will this work?
Click to expand...
Click to collapse
As long as that ROM is CTS certified it should work just fine.
And currently most of the suers have already flashed SafetyPatch-v3.zip which uses huawei fingerprint, will it be possible google might blacklist/block that as well?
Click to expand...
Click to collapse
Possible but very unlikely.

Nice.
So I finally found 3 fingerprints from stock redmi violet from earlier updates.
10.3.5.0
10.3.7.0
10.3.13.0
What now I plan is to edit post-fs-data.sh file in SafetyPatch-v3.zip to replace the Huawei fingerprints with redmi ones.
But before that how to remove existing SafetyPatch-v3?
Shall I reflash it from recovery to get uninstalled or simply delete from magisk module list to reset it so I can then flash the edited SafetyPatch created properly from twrp?
And most importantly, after flashing redmi fingerprint will the CTSprofile return True value or is it a hit or miss?
And will I still get this similar alert later on as well? Actually want to get rid of this alert on every boot.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Do we need to edit vendor.img for this??

You don't have to remove anything... Just edit the file as it is in the module directory under /data/adb/modules and reboot.
To get rid of the warning message, just make sure to also remove the # in front of the vendor prop (and replace all the fingerprints with your own).
It is not certain that the prints will work for you, since you might also need the security patch date from the release you're using. Or the prints aren't actually certified. Only way to know is to test.
Would you mind posting the prints (and security patch date) so I can test them and add to the list included in MagiskHide Props Config?

Didgeridoohan said:
You don't have to remove anything... Just edit the file as it is in the module directory under /data/adb/modules and reboot.
Click to expand...
Click to collapse
Do I need to do it from the twrp terminal, adb, or simply can be done from the OS itself using some file explorer?
Didgeridoohan said:
To get rid of the warning message, just make sure to also remove the # in front of the vendor prop (and replace all the fingerprints with your own).
Click to expand...
Click to collapse
You mean that inside SafetyPatch-v3, edit "post-fs-data" file
and remove "#" resetprop ro.vendor.build.fingerprint 'HUAWEI/CLT-L29/HWCLT:8.1.0/HUAWEICLT-L29/128(C432):user/release-keys' right?
I hope it wont result into any bootloop.
Or is there any other seperate vendor.prop file (which I didnt found in roms nor in my phone).
Didgeridoohan said:
It is not certain that the prints will work for you, since you might also need the security patch date from the release you're using. Or the prints aren't actually certified. Only way to know is to test..
Click to expand...
Click to collapse
True, we need to keep experimenting but I wonder how come some other devices fingerprints helps us to pass ctsprofile safetynet test?
For latest devices can we use old devices fprints like redmi note 3 or nexus or pixel? I think pixel will be too good as its google device and spoof free!
Didgeridoohan said:
Would you mind posting the prints (and security patch date) so I can test them and add to the list included in MagiskHide Props Config?
Click to expand...
Click to collapse
Surely mate I will message you all of them. I found those fprints in prop.default file so will share the file contents with you.

nri_tech1183 said:
Do I need to do it from the twrp terminal, adb, or simply can be done from the OS itself using some file explorer?
Click to expand...
Click to collapse
From OS works fine. That file is only run during boot.
You mean that inside SafetyPatch-v3, edit "post-fs-data" file
and remove "#" resetprop ro.vendor.build.fingerprint 'HUAWEI/CLT-L29/HWCLT:8.1.0/HUAWEICLT-L29/128(C432):user/release-keys' right?
Click to expand...
Click to collapse
That's exactly it.
True, we need to keep experimenting but I wonder how come some other devices fingerprints helps us to pass ctsprofile safetynet test?
For latest devices can we use old devices fprints like redmi note 3 or nexus or pixel? I think pixel will be too good as its google device and spoof free!
Click to expand...
Click to collapse
Some print are certified by Google, others are not. And old (before March 2018) certified prints don't need the safety patch date to match. Everything about SafetyNet is pretty thoroughly explained in the links I've posted here previously, so I suggest you also take a look there.

Didgeridoohan said:
From OS works fine. That file is only run during boot.
That's exactly it.
Some print are certified by Google, others are not. And old (before March 2018) certified prints don't need the safety patch date to match. Everything about SafetyNet is pretty thoroughly explained in the links I've posted here previously, so I suggest you also take a look there.
Click to expand...
Click to collapse
Hey I succeeded in removing the Huawei warning error prompt.
In your file "post-fs-data.sh"
you stated:
resetprop ro.vendor.build.fingerprint 'HUAWEI/CLT-L29/HWCLT:8.1.0/HUAWEICLT-L29/128(C432):user/release-keys'
#The above caused issues (critical services not starting) on my Honor
What do you meant by #The above caused issues (critical services not starting) on my Honor
What all services failed to or were not running in your Honor?
I didnt find anything unusual on my phone, but would still like to verify if any critical services arent running.
How to check them out?

That's not my statement... I'm the creator of MagiskHide Props Config, not Safetypatch. I don't know what he was referring to.

Didgeridoohan said:
That's not my statement... I'm the creator of MagiskHide Props Config, not Safetypatch. I don't know what he was referring to.
Click to expand...
Click to collapse
How to share redmi note 7 pro stock fingerprints with you? Shall I pm you?

nri_tech1183 said:
How to share redmi note 7 pro stock fingerprints with you? Shall I pm you?
Click to expand...
Click to collapse
That works. Thank you.

Didgeridoohan said:
That works. Thank you.
Click to expand...
Click to collapse
Have sent you fingerprints.
Also wanna ask, now that I'm using huawei fingerprint with SafetyPatch-v3 and ctsprofile is reporting true, can I still install edxposed and yet retain ctsprofile values to true?

nri_tech1183 said:
Have sent you fingerprints.
Also wanna ask, now that I'm using huawei fingerprint with SafetyPatch-v3 and ctsprofile is reporting true, can I still install edxposed and yet retain ctsprofile values to true?
Click to expand...
Click to collapse
Thank you. Received.
As far as I know (I don't use EdXposed) Google can't detect (or doesn't yet look for) EdXposed so you should be good to go.

Didgeridoohan said:
Thank you. Received.
As far as I know (I don't use EdXposed) Google can't detect (or doesn't yet look for) EdXposed so you should be good to go.
Click to expand...
Click to collapse
Asking as installing exposed kills the cts thing and makes it false.
In short if you installed Xposed then there is no possible way to pass safety net.
If you can research and do let me know it will be great as I really need some exposed modules to run which aren't yet available in magisk modules.

nri_tech1183 said:
Asking as installing exposed kills the cts thing and makes it false.
In short if you installed Xposed then there is no possible way to pass safety net.
If you can research and do let me know it will be great as I really need some exposed modules to run which aren't yet available in magisk modules.
Click to expand...
Click to collapse
You're talking about different things now...
It's true that Xposed will trigger SafetyNet, no matter what, but from what I've seen EdXposed doesn't (although I might not be up-to-date on that).
Note the difference in names. They're very similar, but work slightly different.

nri_tech1183 said:
Have sent you fingerprints.
Also wanna ask, now that I'm using huawei fingerprint with SafetyPatch-v3 and ctsprofile is reporting true, can I still install edxposed and yet retain ctsprofile values to true?
Click to expand...
Click to collapse
Didgeridoohan said:
Thank you. Received.
As far as I know (I don't use EdXposed) Google can't detect (or doesn't yet look for) EdXposed so you should be good to go.
Click to expand...
Click to collapse
@nri_tech1183 / @Didgeridoohan can you pls send me too the device fingerprints for violet?
I am using xiaomi.eu ROM on my Redmi Note 7 Pro (violet) and recently updated to xiaomi.eu MIUI 11 and Playstore is not ceritifed. It seems xiaomi.eu has been using lavender fingerprints which is not the best case. And also works on & off.
PS: Happy to test out if required.

Didgeridoohan said:
You're talking about different things now...
It's true that Xposed will trigger SafetyNet, no matter what, but from what I've seen EdXposed doesn't (although I might not be up-to-date on that).
Note the difference in names. They're very similar, but work slightly different.
Click to expand...
Click to collapse
Now that all is working good I wanna risk running Edxposed on my phone.
Just let me know what all backups do I need to take inside TWRP before flashing Edxposed so that if safetynet check fails later I can restore my phone toe earlier state.

Question How do I hide root from certain apps?

Hey, I rooted my phone just yesterday, and today I went to musescore just to see that they for whatever reason don't allow rooted phones to use their app?
So I tried enabling zygisk, DenyList, and I added musescore to the denylist and restarted my phone, but somehow musescore still knows that I'm rooted.
Is it possible that vbmeta is somehow related? if so then what file exactly am I supposed to flash as vbmeta (I use custom ROM).
If not, then what can I do to hide root from the app?

YayJohn said:
Hey, I rooted my phone just yesterday, and today I went to musescore just to see that they for whatever reason don't allow rooted phones to use their app?
So I tried enabling zygisk, DenyList, and I added musescore to the denylist and restarted my phone, but somehow musescore still knows that I'm rooted.
Is it possible that vbmeta is somehow related? if so then what file exactly am I supposed to flash as vbmeta (I use custom ROM).
If not, then what can I do to hide root from the app?
Click to expand...
Click to collapse
After force deny list did you've deleted caches of google play and google services and reboot? check also google play store inside settings if certified, if certified then it should work for your app too.

Maybe try installing Universal SafetyNet Fix?
GitHub - kdrag0n/safetynet-fix: Google SafetyNet attestation workarounds for Magisk
Google SafetyNet attestation workarounds for Magisk - GitHub - kdrag0n/safetynet-fix: Google SafetyNet attestation workarounds for Magisk
github.com
And some applications can be extra finicky. LIke for me, Google Pay always takes its time to get persuaded about not being rooted. Also there might be other components either of this app or for system apps that might need hiding. I would generally try following guides for making banking apps work.

YayJohn said:
Hey, I rooted my phone just yesterday, and today I went to musescore just to see that they for whatever reason don't allow rooted phones to use their app?
So I tried enabling zygisk, DenyList, and I added musescore to the denylist and restarted my phone, but somehow musescore still knows that I'm rooted.
Is it possible that vbmeta is somehow related? if so then what file exactly am I supposed to flash as vbmeta (I use custom ROM).
If not, then what can I do to hide root from the app?
Click to expand...
Click to collapse
I'm not familiar with that app, but I know that some apps also check for the presence of the Magisk Manager app. If you've already tried Zygisk and the deny list, then another thing to do would be to hide the Magisk app. It the Magisk Manager, go to Settings > Hide Magisk app.

What worked for me is installing Insular ( from Fdroid) and then clone the App that complains about root to the work environment.

I just downloaded musescore and installed it. It hasn't detected root on my phone. I use Shamiko to hide root. Get Fox's magisk module manager from fdroid. Then use it to install Shamiko. Make sure you turn off Enforce Denylist in magisk so Shamiko can enforce the deny list. Hide the magisk app using the feature in magisk. It works for me.

YayJohn said:
Hey, I rooted my phone just yesterday, and today I went to musescore just to see that they for whatever reason don't allow rooted phones to use their app?
So I tried enabling zygisk, DenyList, and I added musescore to the denylist and restarted my phone, but somehow musescore still knows that I'm rooted.
Is it possible that vbmeta is somehow related? if so then what file exactly am I supposed to flash as vbmeta (I use custom ROM).
If not, then what can I do to hide root from the app?
Click to expand...
Click to collapse
Oh yes I can't seem to open musescore too even with safety net pass. But it is because I am using MicroG. I tried it on my other phone with Play Services and it works fine with hidden root (shamiko and magisk disabled) and safety net pass.

BigChungus321 said:
Oh yes I can't seem to open musescore too even with safety net pass. But it is because I am using MicroG. I tried it on my other phone with Play Services and it works fine with hidden root (shamiko and magisk disabled) and safety net pass.
Click to expand...
Click to collapse
I use MicroG as well. I can load the app and use it, I just can't subscribe because it requires GSF to make payment.

IrishJames said:
I use MicroG as well. I can load the app and use it, I just can't subscribe because it requires GSF to make payment.
Click to expand...
Click to collapse
You can open it right? But can you select and open a random piano piece or something like that. For me, the piece loads up then detects something (root, safety net idk) then just tells me I can't for root reasons. I tried using shamiko too and all the root hiding methods I know and I still couldn't open a piece. It does load the main menu for me too on MicroG+patch playstore but can't open the contents.

It's been roughly a month. Has anyone found a fix for this issue yet? There was discussion about the issue here where a dev 'fixed' the app for someone with a rooted phone. However I cant tell what the dev did because all his messages are deleted, for all I know he could of shared an apk or something, guess I'll never know. I've decided to try to get in contact with one of the people whose issue managed to get fixed, although I don't know if he'll ever respond. Apparently in the forum, he told the dev that he assumed the block was intentional. Maybe this could hint us towards a fix because maybe the block doesn't target rooted users?
BigChungus321 said:
I tried using shamiko too and all the root hiding methods I know and I still couldn't open a piece.
Click to expand...
Click to collapse
If thats the case then perhaps the app isin't checking for root? Theres no way musescore has more sophisticated anti-root software than some banking apps out there. Perhaps it's detecting the os that the user uses instead? I can confirm this because my samsung s7 edge with the same lineage os version as my Xiaomi doesn't want to play any scores either. This issue also happens to people who have no custom rom or even no root, it has to do with the os that you use rather than being an issue with root.
So what, did I type 2 paragraphs on a one month old forum just to rant? No. I will find the issue (well, I already found the reason in the text above), and I will try to fix it, not by making any workarounds such as cloning the app but getting the app to reliably work on a rooted / custom rom phone.
EDIT: Maybe using something to spoof the OS to make apps think it's a different OS?

POTENTIAL FIX: So in new versions of magisk, the developer decided to remove magiskhide. Turns out that having magiskhide turned on makes musescore actually be able to function. I tested this on my samsung s7 edge (didn't want to brick my Xiaomi phone by accident just yet and it worked. However I labelled this 'POTENTIAL' as downgrading magisk isin't really a plausible fix and could still be considered a workaround.

RoboNinjaR said:
It's been roughly a month. Has anyone found a fix for this issue yet? There was discussion about the issue here where a dev 'fixed' the app for someone with a rooted phone. However I cant tell what the dev did because all his messages are deleted, for all I know he could of shared an apk or something, guess I'll never know. I've decided to try to get in contact with one of the people whose issue managed to get fixed, although I don't know if he'll ever respond. Apparently in the forum, he told the dev that he assumed the block was intentional. Maybe this could hint us towards a fix because maybe the block doesn't target rooted users?
If thats the case then perhaps the app isin't checking for root? Theres no way musescore has more sophisticated anti-root software than some banking apps out there. Perhaps it's detecting the os that the user uses instead? I can confirm this because my samsung s7 edge with the same lineage os version as my Xiaomi doesn't want to play any scores either. This issue also happens to people who have no custom rom or even no root, it has to do with the os that you use rather than being an issue with root.
So what, did I type 2 paragraphs on a one month old forum just to rant? No. I will find the issue (well, I already found the reason in the text above), and I will try to fix it, not by making any workarounds such as cloning the app but getting the app to reliably work on a rooted / custom rom phone.
EDIT: Maybe using something to spoof the OS to make apps think it's a different OS?
Click to expand...
Click to collapse
Its not opening for me because I'm using MicroG. Like banking apps, MuseScore checks for specific Play Services version. Since microg uses idk android4.4 play services, it will fail to load any Banking Apps or apps of the same kind that uses that check regardless of root 'cause that version's too old and a potential for security. For the OS check, I guess it does check it too. I tried on two emulators and both failed to load a piece as well (might be because of safetynet cuz emulators can't pass it). There are xposed and magisk modules that can spoof OS and even prevent the app from seeing user installed apps. I haven't tried that method because I switched ROM now and got MuseScore working fine even without hiding root.

BigChungus321 said:
Its not opening for me because I'm using MicroG. Like banking apps, MuseScore checks for specific Play Services version. Since microg uses idk android4.4 play services, it will fail to load any Banking Apps or apps of the same kind that uses that check regardless of root 'cause that version's too old and a potential for security. For the OS check, I guess it does check it too. I tried on two emulators and both failed to load a piece as well (might be because of safetynet cuz emulators can't pass it). There are xposed and magisk modules that can spoof OS and even prevent the app from seeing user installed apps. I haven't tried that method because I switched ROM now and got MuseScore working fine even without hiding root.
Click to expand...
Click to collapse
Weird. I have microG and I managed to get musescore working without switching roms. All I did was use safety net fix, enabled zygisk and added it to the deny list. Tried it before and it didn't work, probably because I didn't install safetynet fix. Who knows, maybe it's related to what type of GApps you install. I guess this issue is fixed for now.

Question NFC

good evening. I have a problem and I want to know if it happens to someone too. I can't find any custom rom that has NFC support. All the ones I've tried don't even have an option to activate it. Does this have a solution? my device is redmi note 10 pro sweet. Thanks.

I've tried PixelOS and Xiaomi.eu and both have NFC options and can link with Google Pay (I've tried xiaomi.eu NFC pay and it worked, I didn't try PixelOS, but it has the options)

I remember someone asking this before a while back, and my response is frankly the same (and just as puzzled) - I don't think I've ever seen a sweet ROM that *didn't* have NFC support.

In M2101K6R Japanese versions, nfc does not work on aosp based roms. I am having the same problem

Hmm I am on cr droid and NFC seems to work. With apps like NFC Tools or MIFARE Classic Tool I can read NFC Tags.
Unfortunately Google Pay does not work for me. The pay terminal always say "try again". Dont know what the problem is there

wuslschweiz said:
Hmm I am on cr droid and NFC seems to work. With apps like NFC Tools or MIFARE Classic Tool I can read NFC Tags.
Unfortunately Google Pay does not work for me. The pay terminal always say "try again". Dont know what the problem is there
Click to expand...
Click to collapse
install safetynet fix 2.1 with magisk, then try again.
install safetynet test via playstore and run it. this should be passed now.
If gpay isnt working, go to magisk/settings and activate zygisk. after this, add all google services (use search with "google" and "gms") to the denial-list, reboot phone and try again
if this doesnt the trick, change ROM ;-)
Lineage OS 19.1 is just great. GPay and MIUI Cam working like charme.
links in my signature

I think phone should be encrypted for working NFC (payments).

ottili81 said:
install safetynet fix 2.1 with magisk, then try again.
install safetynet test via playstore and run it. this should be passed now.
If gpay isnt working, go to magisk/settings and activate zygisk. after this, add all google services (use search with "google" and "gms") to the denial-list, reboot phone and try again
if this doesnt the trick, change ROM ;-)
Lineage OS 19.1 is just great. GPay and MIUI Cam working like charme.
links in my signatur
Click to expand...
Click to collapse
I checked with this SafetyNet Test app. All tests passed without magisk. Anyway I would expect a fault message in google pay if something safety related is not ok, same as in banking apps, which are working fine.
Was also thinking to change to lineage but right now I am not motivated to reinstall the phone completely because its my daily driver^^
@otttili81 how can I see your signature?

wuslschweiz said:
I checked with this SafetyNet Test app. All tests passed without magisk. Anyway I would expect a fault message in google pay if something safety related is not ok, same as in banking apps, which are working fine.
Was also thinking to change to lineage but right now I am not motivated to reinstall the phone completely because its my daily driver^^
@otttili81 how can I see your signature?
Click to expand...
Click to collapse
Use Desktop PC to open XDA

Google Pay (well, Wallet now) can be incredibly finicky. Also sometimes it might seem like it has a security issue, but actually it's something else, like the card not being set up properly (but appearing like everything's fine).

Case_ said:
Google Pay (well, Wallet now) can be incredibly finicky. Also sometimes it might seem like it has a security issue, but actually it's something else, like the card not being set up properly (but appearing like everything's fine).
Click to expand...
Click to collapse
Yes everything looks fine in the wallet itself. Only when it comes to payment, the terminal refuses it. I tried several cards. Also reinstallation of the app.
Is there a possibility to check or test it except on the payment terminal?

@wuslschweiz What kernel are you running? Some kernels can cause issues like this.
I just came off a clean install of the current crDroid with Flame GApps last week and Google Pay was working perfectly fine, I didn't have to do a thing except the usual Zygisk deny list setup.

Case_ said:
@wuslschweiz What kernel are you running? Some kernels can cause issues like this.
I just came off a clean install of the current crDroid with Flame GApps last week and Google Pay was working perfectly fine, I didn't have to do a thing except the usual Zygisk deny list setup.
Click to expand...
Click to collapse
@Case_
Standard crDroid kernel 4.14.290-sigmaKernel-v1.0
I havent rooted my phone so no Magisk or Zygisk.
But good to know that Google Pay is working on your phone so the problem is my phone.
Now when you mention kernel I remember I seem to have a firmware problem (notification volume level is related to sound volume)
Maybe also something NFC/GPay is related to this.
Is it better to flash MIUI 13.8 firmware with miui flash tool or twrp?

Flash it with twrp

wuslschweiz said:
Hmm I am on cr droid and NFC seems to work. With apps like NFC Tools or MIFARE Classic Tool I can read NFC Tags.
Unfortunately Google Pay does not work for me. The pay terminal always say "try again". Dont know what the problem is there
Click to expand...
Click to collapse
GPay is a bit of hit and miss. Make sure it says 'Device is certified' in Playstore settings. It usually won't work without it. It's also very dependent on Kernel. There is also an option to reset NFC in settings, which helped me a few times.

Seems like I am just to dumb for Google Pay.
I reflashed Miui 13.08 firware via TWRP and then LOS 19.1L. Installed Magisk to restore Apps and Appdata wirh Alpha Backup Pro. Uninstalled Magisk (I dont need Root) Installed Google Pay, Still not working, same as bevore.
If I am motivated, maybe I try Google Pay on Stock MIUI...
Thx to all for the help

wuslschweiz said:
Seems like I am just to dumb for Google Pay.
I reflashed Miui 13.08 firware via TWRP and then LOS 19.1L. Installed Magisk to restore Apps and Appdata wirh Alpha Backup Pro. Uninstalled Magisk (I dont need Root) Installed Google Pay, Still not working, same as bevore.
If I am motivated, maybe I try Google Pay on Stock MIUI...
Thx to all for the help
Click to expand...
Click to collapse
Storage is encrypted? It won't work with out it.

pablo.see said:
Storage is encrypted? It won't work with out it.
Click to expand...
Click to collapse
I havent done anything special to encrypt it but when I boot into TWRP it requests a PW to decrypt so I assum it is encrypted