Is it safe to use banking/financial apps on a rooted phone? - Android Q&A, Help & Troubleshooting

I just rooted my pocof1 with magisk and have been worried about the security of using banking apps with it.
I'm a noon so I apreciate if anyone could help me understand how to use them securely?
ROM: Pixel Experience
Super user granted: Adaway and fluid gestures
Modules on Magisk: Android mic fix, busybox, pix3lify, wifi bonding,YouTube vanced
Apps: All from playstore
These are the stuff I downloaded.

CrushedMango said:
I just rooted my pocof1 with magisk and have been worried about the security of using banking apps with it.
I'm a noon so I apreciate if anyone could help me understand how to use them securely?
ROM: Pixel Experience
Super user granted: Adaway and fluid gestures
Modules on Magisk: Android mic fix, busybox, pix3lify, wifi bonding,YouTube vanced
Apps: All from playstore
These are the stuff I downloaded.
Click to expand...
Click to collapse
Just my personal opinion... As long as you know what you're doing and to what applications to grant root access, root is not insecure even not with banking apps. From my point of view it's much more important to have the very latest security patches installed if using banking apps. Banking apps quite often complain if they recognise root - but non of them checks if the latest security patches have been applied.
However, as I deem any Android device to be too insecure I personally don't use any banking or payment application on my Android devices, and I don't use banking via a browser with these devices. Others might see this differently but I'm personally absolutely convinced of the little two cents.

Related

Banking app on pixel experience rom

I am unable to run apps like "tez" , "bhim" on pixel experience rom installed in redmi note 3. Apps say that my phone is rooted but its not. I confirmed it by installing"root checker" app. My device is not rooted. is there any solution for this problem? is it because of permissive Selinux?
Magisk
arnabbandopadhyay said:
I am unable to run apps like "tez" , "bhim" on pixel experience rom installed in redmi note 3. Apps say that my phone is rooted but its not. I confirmed it by installing"root checker" app. My device is not rooted. is there any solution for this problem? is it because of permissive Selinux?
Click to expand...
Click to collapse
Install magisk 15.3 or whichever is latest and hide all the apps that don't require root in magisk hide, after that clear data of playstore and apps like tez etc. I used this method, it is working perfectly fine.
Hit thanks if a solution works. it will encourage us to answer queries.
yachandra said:
Install magisk 15.3 or whichever is latest and hide all the apps that don't require root in magisk hide, after that clear data of playstore and apps like tez etc. I used this method, it is working perfectly fine.
Hit thanks if a solution works. it will encourage us to answer queries.
Click to expand...
Click to collapse
I dont want to root my phone. Will magisk root my phone?
Easy & fast track method is just flash Magisk.zip and enjoy any app in any custom rom.
...but it will root your device!
arnabbandopadhyay said:
I dont want to root my phone. Will magisk root my phone?
Click to expand...
Click to collapse
Yes it will root your phone. But there won't be any root detection problems. I use snapchat, Tez etc on my phone
yachandra said:
Yes it will root your phone. But there won't be any root detection problems. I use snapchat, Tez etc on my phone
Click to expand...
Click to collapse
Is it safe to use banking apps on rooted device?
Yes it is safe to use banking apps on rooted device , if you're concerned about safety just don't install cracked apks or apps from outside other than playstore and use jio security or any such antivirus app
Simple method: you don't have to root the device. turn off play protect and find my device. You will get the OTP and you will be logged in. Then turn play protect and find my device on. (Tested only on Google pay. Don't know about BHIM).
May be because of unlocked bootloader
arnabbandopadhyay said:
i am unable to run apps like "tez" , "bhim" on pixel experience rom installed in redmi note 3. Apps say that my phone is rooted but its not. I confirmed it by installing"root checker" app. My device is not rooted. Is there any solution for this problem? Is it because of permissive selinux?
Click to expand...
Click to collapse
hi friend i was also faced the same issue , on my asus zenfone max pro m1 with pixel experience 10 plus and lineage os 16 and 17, using magisk couldnot help.

Latest Magisk beta resolves SafetyNet on stock ROM

Hello guys!
If you update to the latest Magisk version (v16.4), you will notice that it will now pass SafetyNet check.
Check attached screenshots!
rzarectha said:
Hello guys!
If you update to the latest Magisk version (v16.4), you will notice that it will now pass SafetyNet check.
Check attached screenshots!
Click to expand...
Click to collapse
Thats nice to know. I mean i havent used magisk yet (on previous phone it didnt work at all). Currently still on supersu. But its good to know that it works again, so i might switch in the future.
Sent from my ZTE A2017G running V1.2.0B08 using XDA Labs
GodOfPsychos said:
Thats nice to know. I mean i havent used magisk yet (on previous phone it didnt work at all). Currently still on supersu. But its good to know that it works again, so i might switch in the future.
Sent from my ZTE A2017G running V1.2.0B08 using XDA Labs
Click to expand...
Click to collapse
I think it's just as good as SuperSU in handling root apps. The way Magisk stands out though is the modules. I would recommend that you install only the magisk manager (it does not mess with anything in your phone if you just install it), and browse through the list of modules it has. It's very similar to the way modules in xposed look like. Maybe you can find some interesting functionality in there.
I am using the greenify module (works much like boost mode on xposed), busybox, adblocker, systemiser (turns user apps in sys apps), debloater (completely uninstall user apps). There's a ton of mods though, I don't even understand what most actually do.
Keep in mind that having xposed installed will break safetynet no matter what. Magisk can't hide it.
rzarectha said:
I think it's just as good as SuperSU in handling root apps. The way Magisk stands out though is the modules. I would recommend that you install only the magisk manager (it does not mess with anything in your phone if you just install it), and browse through the list of modules it has. It's very similar to the way modules in xposed look like. Maybe you can find some interesting functionality in there.
I am using the greenify module (works much like boost mode on xposed), busybox, adblocker, systemiser (turns user apps in sys apps), debloater (completely uninstall user apps). There's a ton of mods though, I don't even understand what most actually do.
Keep in mind that having xposed installed will break safetynet no matter what. Magisk can't hide it.
Click to expand...
Click to collapse
Edit: i moved this issue to the Q&A and help section since more issues keep coming
https://forum.xda-developers.com/axon-7/help/finally-decided-to-switch-supersu-to-t3787201
just switched to latest stock rom (1.2.0 B10) and installed magisk (16.4). it works and safetynet passes. the problem i got now is that the greenify module fails to install in magisk (see screenshot)
do i gotta flash the module through TWRP maybe? still a newbie to magisk since the axon 7 is the first phone to have it working
EDIT: for some reason magisk doesn't remember which apps have requested root after a reboot. everytime i reboot i get a prompt to allow root access to all my root apps (like greenify). idk why this is happening. i mean, root itself is working as it should. i already uninstalled bloatware and disabled/freezed things like the powermanagement
I'm interested in knowing where Magisk is at

Odd question- Magisk 'full' root?

Main question at the end of post.
I came across an app that said my device isn't rooted properly, when it is, or I thought it was?
Spyera is the app. For those not familiar, spyera is an app that is used to monitor devices, family members, employees, doesn't matter. Let's assume everyone owns the devices and those using the devices are aware. Not the point of the post.
spyera has a rooted and a non rooted version. The rooted version will not install on my devices. I talked to tech support and they are saying my device isn't a full root. Their software root algorithm says my phone isn't rooted. Basic root checkers and all of my apps requiring root seem to think my root is fine.
I have a few pixel 4xl device's and some samsung s21 ultras that are all rooted with magisk. All other root apps work fine.
This brings up my main question....is magisk a "full" root? Or is it something else?
Spyera tends to be a pretty reliable platform and if their software is saying I'm not rooted, I am curious what could be the reason.
Magisk is "full" root. If an app can't detect Magisk as a root solution it's poorly written.
And yes, that's a shady app... I'd be very careful with giving an app like that complete and full access to a device by giving it superuser permissions (or even install it in the first place). Also, doesn't sound like the company even knowns what they're talking about.
Thanks. And yes, very shady
@Didgeridoohan
Magisk ISN'T ROOT, it's a framework that allows to inject some functionalities into Android ecosystem.
jwoegerbauer said:
@Didgeridoohan
Magisk ISN'T ROOT, it's a framework that allows to inject some functionalities into Android OS.
Click to expand...
Click to collapse
And one of the parts of the Magisk suite of software is MagiskSU that provides root for Android applications... Sure, Magisk is more than "just" root, but when you talk about Magisk and root in the same context, generally it's understood that what you're actually talking about is MagiskSU.
But thanks for clarifying.

Root detection in banking app

hi need help on dbs banking app detecting root starting from December 2021, i am unable to hide root from dbs digibank app tried magisk hide, xprivacylua. But gpay is working fine . Device htc u11 rooted with magisk 24.1
One more thing if I unroot my device dbs bank app works fine but gpay detecting unlocked bootloader and stopped working
Solved - zygisk and shamiko do the thing
raokashan said:
hi need help on dbs banking app detecting root starting from December 2021, i am unable to hide root from dbs digibank app tried magisk hide, xprivacylua. But gpay is working fine . Device htc u11 rooted with magisk 24.1
One more thing if I unroot my device dbs bank app works fine but gpay detecting unlocked bootloader and stopped working
Click to expand...
Click to collapse
Just try using Magisk brother or you can also try with Magisk 23.0, and just hide the app fully.. and also just change the name of Magisk app.
Already did that no use
raokashan said:
Already did that no use
Click to expand...
Click to collapse
Bypass DBS banking App
Resently BDS banking app(India) is updated.is there any modules to make that work...:rolleyes:
forum.xda-developers.com
Check this out
Tried every version of magisk from 20 to 24.1 no luck, someone got working for this help me
After June update Kotak Bank app also stopped working. It is detecting root even after Universal Safetynet Fix + Shamiko.
abhinavkumar842 said:
After June update Kotak Bank app also stopped working. It is detecting root even after Universal Safetynet Fix + Shamiko.
Click to expand...
Click to collapse
Yeah, cant say what they did within app or server side detecting root, but safety net is passed
raokashan said:
Yeah, cant say what they did within app or server side detecting root, but safety net is passed
Click to expand...
Click to collapse
They did something within the app, nothing server side to detect root. I am able to use older version of Kotak app and disabled auto update.
Can you share apk
raokashan said:
Can you share apk
Click to expand...
Click to collapse
Extracted using another app from older device, most likely it wont work but you can try after renaming it ofcourse. If it doesnt work you can always use net-banking instead of mobile-banking using phone browser, it is also quite secured with OTP codes & password.
[Discussion] Magisk - The Age of Zygisk.
This is a discussion and help thread for the newer versions of Magisk. The main goal of this thread is to help users migrate to Magisk v24+ SafetyNet Basic integrity Pass CTS profile match Pass Play Protect certification Device is certified...
forum.xda-developers.com
Tech = Spy-Biz said:
Extracted using another app from older device, most likely it wont work but you can try after renaming it ofcourse. If it doesnt work you can always use net-banking instead of mobile-banking.
Click to expand...
Click to collapse
Not working
raokashan said:
Not working
Click to expand...
Click to collapse
now check and see,
In my old phone J2 2018 A7 using Magisk 23 version 5.3.3 is working but under magisk hide the service [ (isolated) BlaBlaBla ] does not show as [ (isolated) Detect Root BlaBlaBla ] so when I install the same version 5.3.3 on A11 it shows [ (isolated) Detect Root BlaBlaBla ] under magisk hide. What that could mean is KB 5.3.3 version bank app is OPTIMIZING itself depending on android version installed in the device.
Version 534 working fine on my device after updating to 536 started detecting root, and i don't have a backup too, if anyone have 534 version share it
L
raokashan said:
Version 534 working fine on my device after updating to 536 started detecting root, and i don't have a backup too, if anyone have 534 version share it
Click to expand...
Click to collapse
Look by apkmirror
@Tech = Spy-Biz kbank-811 v537 got working with usnf modded version
raokashan said:
@Tech = Spy-Biz kbank-811 v537 got working with usnf modded version
Click to expand...
Click to collapse
Yup v537 working.
( FYI, I used Android 11 GSI + USNF MOD Version + Signature Spoofing Enabled + microG Gapps Module with microG-GooglePlayStore frozen + 6 Services from v537 disabled + I installed v537 from aurora ) So thats either a miracle or the KB app Dev had mercy on KB clients
ICICI iMobile from Aurora is working too .
RBL Mobank detects Developer Mode ON & also detects Aurora download & installed using package installer, so wont work unless google Account present which means have to keep that peeemp-azz playstore app inside the phone with a peemped-azz gmail account on the phone, I find all this unnecessary on part of the bank bcoz i know one of the older versions of KB App was working with Superuser permission from Magisk app .
If a bank app asks for SU permissions to work then thats a tradeoff the bank customers wouldnt really mind much bcoz there are plenty other possibly shady apps like SeFix App (malware flagged by Malwarebytes) using root privileges as well (I uninstalled it ofcourse).
I just wish the bank acts more maturedly with its customers coz its relation with its customers is a financial one not to spy on its customers which thankfully its not doing uptill now. By the word "Maturedly" I meant the banks should allow their customers to use rooted devices and should rather focus on other means to find out if security breach is happening real-time or offline remotely from a cloned SIM Card etc. For example -The banks can have some kind of software to check with their customers Mobile Carrier if there are multiple SIM cards registered under the same phone number, that would be better than to cause incovenience to its customers by not allowing them to use their bank app on rooted devices. It doesnt make any business sense unless google is paying/forcing the banks to make their customers use google accounts and Gapps. Thats really sick man! They can just create 2-step Verification or maybe 3 or 4 step verification for their banking apps instead of forcing clients to use google. Absolutely sold-out garbage peemping going on between the banks and google admob. I'm sick to the point of vomit looking at how LOW google is ready to stoop just to secure mainly one presumably sweet corner of the world and to make ships full of spy-money! What a PEEEEMP!
Will it work if you download an un-rooted version of VM's like VMOS, Virtual Android, etc.?

Which Android 13 ROM Banking Apps

Hi everyone, i've been out from the custom rom world for a while and i noticed that some things have changed; i read that rooted devices cannot run banking or securtity apps or even applications like netflix ect ect...
I recently decided to upgrade my old poco f1 to a Android 13 rom, but i stopped because i need banking apps to work and i don't know thant much anymore about the topic, is there anyone that could help me find a rom that supports the use of banking apps or any rom is good unless the device is rooted?
Thank yall in advance.
If the ROM passes SafetyNet out of the box then there should be no issues with the majority of the banking/financial apps provided you don't root your device. If you do root your device (with Magisk) you will need to use the Shamiko Magisk module to hide root. There's 2-3 additional steps which you can easily Google. In my case I can use every such app in all my rooted devices. Root breaks SafetyNet but most apps with the exception of Google Pay work just fine. To fix SafetyNet you can flash the Universal Safetynet Fix module. I don't know about others but after flashing this module Google login doesn't work. I can't add another Gmail account for example or use my Google credentials to newly log into apps etc. Since I don't use Google Pay much it's OK and I keep the USNF module disabled. Currently I am using crDroid A12. Will switch to it's A13 flavor in the coming months.

Categories

Resources