Hi everyone, i've been out from the custom rom world for a while and i noticed that some things have changed; i read that rooted devices cannot run banking or securtity apps or even applications like netflix ect ect...
I recently decided to upgrade my old poco f1 to a Android 13 rom, but i stopped because i need banking apps to work and i don't know thant much anymore about the topic, is there anyone that could help me find a rom that supports the use of banking apps or any rom is good unless the device is rooted?
Thank yall in advance.
If the ROM passes SafetyNet out of the box then there should be no issues with the majority of the banking/financial apps provided you don't root your device. If you do root your device (with Magisk) you will need to use the Shamiko Magisk module to hide root. There's 2-3 additional steps which you can easily Google. In my case I can use every such app in all my rooted devices. Root breaks SafetyNet but most apps with the exception of Google Pay work just fine. To fix SafetyNet you can flash the Universal Safetynet Fix module. I don't know about others but after flashing this module Google login doesn't work. I can't add another Gmail account for example or use my Google credentials to newly log into apps etc. Since I don't use Google Pay much it's OK and I keep the USNF module disabled. Currently I am using crDroid A12. Will switch to it's A13 flavor in the coming months.
Related
PhonePe app "TRANSACTION FAILED DUE TO SECURITY REASON" on POCOPHONE + LOS16
POCOPHONE with LOS16 Unofficial. THIS IS NOT A ROOTED DEVICE, only LOS 16 flashed on it.
On the Phonepe app cant get UPI transactions through, keep getting this message "TRANSACTION FAILED DUE TO SECURITY REASON"
Phonepe app has phone and sms access.
google play store disabled, google play services enabled with no permissions granted to it. wifi + cellular data access enabled.
Also keep getting this error while connecting the device to the internet - "google play services error - android setup is having trouble with google play services. please try again" not sure if this is related to the failing transaction
Thanks in advance.
TheFirstGladiator said:
POCOPHONE with LOS16 Unofficial. THIS IS NOT A ROOTED DEVICE, only LOS 16 flashed on it.
On the Phonepe app cant get UPI transactions through, keep getting this message "TRANSACTION FAILED DUE TO SECURITY REASON"
Phonepe app has phone and sms access.
google play store disabled, google play services enabled with no permissions granted to it. wifi + cellular data access enabled.
Also keep getting this error while connecting the device to the internet - "google play services error - android setup is having trouble with google play services. please try again" not sure if this is related to the failing transaction
Thanks in advance.
Click to expand...
Click to collapse
check for safety net. i too use phonepe , only way to make transaction work is to hide it in magisk hide
Mohan0004 said:
check for safety net. i too use phonepe , only way to make transaction work is to hide it in magisk hide
Click to expand...
Click to collapse
The device doesnt pass the safetynet test due to CTS PROFILE MATCH failure. This in not a rooted device. No magisk on it, only flashed LOS16 on it.
Would this device have to be rooted to get magisk hide? Is there any non root solution considering the device isnt rooted?
TheFirstGladiator said:
The device doesnt pass the safetynet test due to CTS PROFILE MATCH failure. This in not a rooted device. No magisk on it, only flashed LOS16 on it.
Would this device have to be rooted to get magisk hide? Is there any non root solution considering the device isnt rooted?
Click to expand...
Click to collapse
This is happening on all LOS based roms afaik. Try AOSP based roms if you want to use banking apps without rooting your phone
viv29 said:
This is happening on all LOS based roms afaik. Try AOSP based roms if you want to use banking apps without rooting your phone
Click to expand...
Click to collapse
Gapps pico is flashed on this device, is there any not root solution for this situation? any solution is greatly appreciated.
TheFirstGladiator said:
Gapps pico is flashed on this device, is there any not root solution for this situation? any solution is greatly appreciated.
Click to expand...
Click to collapse
use pe instead los
Am I mistaken or you cannot use any banking app on a phone that has its bootloader unlocked?
Mohan0004 said:
use pe instead los
Click to expand...
Click to collapse
PE serves a different user base and LOS has its own purpose. Any other solution?
Ortobrox1312 said:
Am I mistaken or you cannot use any banking app on a phone that has its bootloader unlocked?
Click to expand...
Click to collapse
Any not root solution on LOS for someone who doesnt want to flash magisk or root the pocophone but yet access payment apps?
Not that I know of, though Im not really acquainted with it either, but there are some disclaimers when you install a banking app, for example an NFC payment one that does state that bootlocker unlocked, rooted or any devices that have their software tampered with are not eligible for use of such apps. (Or so)
I am facing the same problem..google tez is working fine but upi in phonepy is not working....did uh find any solution to this problem..?
Phonepe Customer care no.9002223308 / 9330921710
All over India Aajjo co Customer care helplineany complaint regarding debit or credit card cheque book balance enquiry
UCO Bank customer care helpline number balance enquiry
Customer STOMER CARE HELP-LINE 9330921710
6294203577
Any Transaction Failure please contact Hr . 24*7
9002223308
Headquarters -9002223308
Noida secter-+919002223308
Banglore-+916294203577
Chennai t-nagar-+9002223308
You will not pass safetynet if your bootloader is unlocked
Google has updated their safety net api to use hardware attestation to pass. If your bootloader is unlocked, say goodbye to netflix, McDonald's, poGo, banking apps and a lot more that use safetynet.
The developer of magisk has stated nothing can be done about it, you can look up his twitter and XDA. Google will start implementing the new safety net with hardware attestation stage by stage to all devices in coming days.
For now not everyone is affected but eventually will be since it is being rolled out in stages. You're one of the guys that got affected in the early stage
You have to either choose between banking apps or a custom rom/unlocked bootloader/root.
jahraKaL said:
Google has updated their safety net api to use hardware attestation to pass. If your bootloader is unlocked, say goodbye to netflix, McDonald's, poGo, banking apps and a lot more that use safetynet.
The developer of magisk has stated nothing can be done about it, you can look up his twitter and XDA. Google will start implementing the new safety net with hardware attestation stage by stage to all devices in coming days.
For now not everyone is affected but eventually will be since it is being rolled out in stages. You're one of the guys that got affected in the early stage
You have to either choose between banking apps or a custom rom/unlocked bootloader/root.
Click to expand...
Click to collapse
I don't know if you're wrong or not, that's not for me to decide, but banking apps are working now, EVEN NETFLIX. If you have xposed, just uninstall it. Install magisk hide module from magisk manager and hide magisk from settings of magisk manager and you're good to go.
---------- Post added at 07:26 PM ---------- Previous post was at 07:24 PM ----------
jahraKaL said:
Google has updated their safety net api to use hardware attestation to pass. If your bootloader is unlocked, say goodbye to netflix, McDonald's, poGo, banking apps and a lot more that use safetynet.
The developer of magisk has stated nothing can be done about it, you can look up his twitter and XDA. Google will start implementing the new safety net with hardware attestation stage by stage to all devices in coming days.
For now not everyone is affected but eventually will be since it is being rolled out in stages. You're one of the guys that got affected in the early stage
You have to either choose between banking apps or a custom rom/unlocked bootloader/root.
Click to expand...
Click to collapse
And bootloader has nothing to do with hardware attestation. It's not a physical thing that you unlock. It's software related that boots up the recovery and the OS.
I just rooted my pocof1 with magisk and have been worried about the security of using banking apps with it.
I'm a noon so I apreciate if anyone could help me understand how to use them securely?
ROM: Pixel Experience
Super user granted: Adaway and fluid gestures
Modules on Magisk: Android mic fix, busybox, pix3lify, wifi bonding,YouTube vanced
Apps: All from playstore
These are the stuff I downloaded.
CrushedMango said:
I just rooted my pocof1 with magisk and have been worried about the security of using banking apps with it.
I'm a noon so I apreciate if anyone could help me understand how to use them securely?
ROM: Pixel Experience
Super user granted: Adaway and fluid gestures
Modules on Magisk: Android mic fix, busybox, pix3lify, wifi bonding,YouTube vanced
Apps: All from playstore
These are the stuff I downloaded.
Click to expand...
Click to collapse
Just my personal opinion... As long as you know what you're doing and to what applications to grant root access, root is not insecure even not with banking apps. From my point of view it's much more important to have the very latest security patches installed if using banking apps. Banking apps quite often complain if they recognise root - but non of them checks if the latest security patches have been applied.
However, as I deem any Android device to be too insecure I personally don't use any banking or payment application on my Android devices, and I don't use banking via a browser with these devices. Others might see this differently but I'm personally absolutely convinced of the little two cents.
Apparently, my bank updated the app with a new feature that doesn't let me access it anymore, it says that the operating system is not supported, i use a custom rom(AEX) in my Redmi 4x, i believe that the rom is the problem, the root is being hidden with MagiskHide and i have no problems with SafetyNet, maybe i can change some parameter in build.prop to make it work? i did something similar to try to run Fortnite in my phone a while ago, any ideas on what parameters may be relevant to that?
It's a brazilian bank(Banco Inter)
Need Solution for this Problem as Well
I have the same problem.
The new app version 8.4.6 is not working while up till version 8.4.5 it was working just fine.
Their support is absolutely clueless on how to help, but as @Levyks said, apparently they are blocking custom roms now.
Is it possible to make the custom rom look as an original rom from manufacturer?
Same problem.
I'm with the same problem...
IMHO has nothing to do with fact whether it's a Custom ROM or a Stock ROM. Any app ( banking apps included ) easily can find out whether present Android OS got tampered or not.
Same problem any help? Can't use my bank app... WhatsApp also can detect I have a custom ROM, any solution?
Incomtus said:
Same problem any help? Can't use my bank app... WhatsApp also can detect I have a custom ROM, any solution?
Click to expand...
Click to collapse
Many apps like banking / payment apps today detect whether Android is got rooted or not: it's an easy for them to do so.
Same problem here in Lineage OS 18.1. My non-rooted device pass safetynet and CTS by default. But many Banking application had started detecting that I am using custom rom and don't open at all. Then I rooted my device with magisk and enabled 'magisk hide' but no success.
Hi! A solution that worked for me: use the renaming function in Magisk (you can find it in the Settings).
I had the same problem on a Redmi 4X, LOS 16, no working banking app even with Magisk hide. After renaming Magisk, I was able to log in and use it as intended. Also I left Magisk hide turned on.
My guess is that these kind of apps are looking specially for Magisk, and if it's detected, they just won't let you use them.
Hi to all;
So i decided to do a clean update from MIUI 12 to MIUI 13 (which I think was a big mistake) ; using Orange Fox to format the data and install the official EU MIUI 13 OS and Magisk 25.2 afterwards. The phone boots up fine; I set up my account and Magisk is also setup (Magisk Hide, enforce deny list and configured the deny list to deny google play services, etc) I run a safety net attestation and all is fine too, so I proceeded to check Playstore and in the about it also says 'certified'. So I went to search for Netflix; but it does not show.
I searched for countless hours in search for a solution but I could not find anything that would work
I even tried re installing MIUI13 without magisk but Netflix does not show up in Playstore; plus that in the about section of Playstore device is uncertified. (Could this be that this happens because the bootloader is unlocked?
So this time I re-installed everything from scratch, Magisk included, and same as before the only app that does not show in Playstore is Netflix; the only way I was able to get Netflix installed & running was installing it as an apk.
In the playback specifications on Netflix Widevine is at L1 which should be good I guess?
Sorry for the long post but I am at a loss and hoping someone might have experienced something similar or maybe found a solution to my issue please?
I have banking apps that are working fine and have no issues what so ever so I know that the denylist on Magisk is working properly otherwise these apps would not let me authenticate.
I am including some screenshots to give a better explanation of my issue.
Thank you !
To anyone having similar issues to the one I was having above; the following post fixed my issues; here .
--->This is a working method as of May 2023 to have root on any rom version for redmi k20pro.
--->This will help you root and keep root hidden along with using lsposed modules.
--->These steps work on any device and any rom
You can find extra guides for the steps you dont understand by searching on xda forums. Some of these guides are linked to at the bottom of this post
Your bootloader needs to be unlocked to follow this guide. See link at bottom for guides to do the same.
****************************
I am not responsible for any data loss or damage. Follow at your own Risk
****************************
1. Install twrp or orangefox recovery on your phone.
2. Flash Magisk 25.2 (Version 26 has many issues. This version is better to use)
3. Reboot, install magisk apk(rename magisk.zip file to magisk.apk and install)
4. In magisk modules, install shamiko
5. In magisk modules, install safetynet 2.4.0
6. Add any app you want to hide root from in denylist of magisk. Additionally add Google play Services, Google play store, google services framework and google play protect to denylist(enable show system apps option in menu available on top right of denylist)
(IMP: Do not enable enforce denylist, Shamiko does this function)
7. If you have already logged into google play store and it shows device not certified in about section of play store -remove google account from phone and clear data of play store, play services, google services framework. Reboot amd try again. It will show certified status after about 10 minutes of logging in
8. Some custom roms may have device fingerprints which will get detected as custom rom. If that happens, use hide user debug and lineage props magisk module. Note: This version from github can only be flashed in Androidacy Fox Module Manager due to issue in zip packaging. Download this file which is just a properly repackaged version that can be flashed in any magisk manager.
Next install Reset Sensitive props magisk module. A combination of simply installing these modules will fix custom rom detection on any custom rom.(Example on opening whatsapp or GPay for first time)
Additional step(not necessary): Your rom may have additional build.prop entries that indicate a custom rom. Look for such build properties by opening build.prop in root browser on your device, then change any that have a custom rom name in them using magiskhideprops(Refer instructions to use magiskhideprops in the link)
9. Now, hide the magisk app in magisk app settings(set name to something like setting or app)
10. Freeze magisk manager app using link2sd/swift backup/ airfrozen or any other similar app. You can enable app when you need to install or disable modules or grant superuser access to new apps. You can also use Androidacy Fox MMM manager to find, install and remove magisk modules
_____________________________________________________________________________
Done, you can stop at this stage if you dont need lsposed.
Be warned that youw ill need to re-add any app you uninstall and reinstall in denylist.
If you want to use lsposed, continue with below steps after skipping step 10.
_____________________________________________________________________________
11. Install lsposed module 1.8.6 zygisk version
12. Install hide my appslist. Follow instructions in this link to learn how to correctly configure and hide magisk manager, lsposed and any other root apps you have.
You will need dataisolation enable magisk module if using android 10 and below for hidemyapplist to fully work.
13. Install Ruru and 'Play Integirty API Checker'.
Run Ruru and watch it pass all tests.(almost no banking app uses the level of detection used by ruru) Use play integrity api checker to check safetynet status - should pass basic integrity and cts profile.
Momo shows some messages like abnormal environement and TEE but that is ok.
Remember that you should enable denylist and Hide my applist for Ruru/Momo similar to how you enable for banking apps to hide.
Your root access is perfectly hidden now.
_____________________________________________________________________________
If you want to hide Developer Options_____________________________________________________________________________
You have a few options for this.
1. I personally turn usb debugging off in settings and use WADB app to enable wireless adb. I am using this on android 11 as other options dont fully hide or trigger xposed hook detection(which does not cause issues with the banking apps I have tested so far)This is not detected by any apps.
2. If on android 10 or lower, you can use hide user debug magisk module by huskydg which you can get from this telegram channel. I dont know if it can be linked here .
This effectively hides user debug without trigerring any root/xposed detection. Ruru may show 1 entry for usb debugging enabled but that is fine. If it doesnt work, it will show 2-3 detected entries for debugging mode.
I have uploaded the file here but dont know if it will last
3. If above options dont work,use devoptshide app, enable it in lsposed for apps you want to hide user debug from.This method will trigger xposed hook detection in Ruru but none of the banking apps i tested so far have an issue with that. Ruru may show 1 entry for usb debugging enabled but that is fine. If it doesnt work, it will show 2-3 detected entries for debugging mode.
4. I have not personally tested this but this module is an updated version of hide userdebug module by huskydg and it might help hide usb debugging on android 11 and up.You will have to try it yourself for now.I expect it to work.
GitHub - Magisk-Modules-Alt-Repo/ezme-nodebug: Change some props and "remove" LineageOS ones.
Change some props and "remove" LineageOS ones. Contribute to Magisk-Modules-Alt-Repo/ezme-nodebug development by creating an account on GitHub.
github.com
_____________________________________________________________________________
If an app detects root accidentally and refuses to run on your device again even if root is not detected again/ Spoof device ID for apps_____________________________________________________________________________
1. Now you need to use android faker lsposed module to randomize imei, max adress, android device id,hardware id.
Enable android faker in lsposed only for the app you want to change id for. Dont enable it for android system or android framework(Goal is to change id for a single app).Before doing these steps you need to clear data of play store, play services and google services framework, remove your google account from device settings and reboot. This will reset your gsf id.
This will give xposed hook detection in butbank apps dont seem to look for it.
2. If the above method does not work, use Xprivacylua. Enable for the app you want to change id, only use setting for device identifiers,use tracking, telephony data, analytics, get applications. Xprivacylua is not properly hidden even by Hide My Applist but apps dont look for it.So use this if above options does not work.
_____________________________________________________________________________
If you need to disable Widevine L1 DRM protection to use scrcpy screen mirroring etc
_____________________________________________________________________________
Install the liboemcryptodisabler module in magisk.Do note that widevine will drop to L3 but uninstallation brings it back to L1.
NOTE: Drm content cannot be mirrored on scrcpy if you are using android 12 or 13. Use roms with android version upto 11 if you need to watch drm protected content through scrcpy.(at your own risk. I do not advise illegal activity.)
Spoiler: liboemcryptodisabler
Magisk Modules Repository By Androidacy - Androidacy
This is the Androidacy Magisk Modules Repository, where you can search, browse, and download your favorite Magisk modules right now.
www.androidacy.com
Enjoy your properly hidden rooted device with all functionalities.
___________________________________________________________________________________________________________________________________
___________________________________________________________________________________________________________________________________
I have added a few useful posts by other members if you dont know how to do any of the above mentioned steps. Any others steps can be learned with guides from XDA -Use search
1. Simple guide to flashing on K20 Pro
His advice on not using orangefox for custom roms other than stock miui/ xiaomi.eu roms may be right, I have not tried it. Orangefox personally works best for me.
2. Guide to flashing custom roms, changing between miui and custom roms
3. Bootloader unlock, twrp, root instructions and rom links
4. Common issues with Redmi K20 Pro | fingerprint unlock | ghost touch | Dim display | sensor issues | bluetooth and calling
Confirmed working in May 2023.
Guide will be eventually updated with Magisk Delta which is better for root hiding
I am amazed how smoothly my update went from old magisk version that started having issues. I followed first part of this tutorial (without lsposed), I downloaded newest versions of everything (magisk 26.1 - had to directly install magisk in magisk too, Shamiko-v0.7.1-166-release, rest same as in tutorial) and it just worked. No more problems with old magisk. Deny list is working flawlessly!, safetynet is passing, Google Play Store says that device is certified. Thank you so much for this tutorial!
czacha994 said:
I am amazed how smoothly my update went from old magisk version that started having issues. I followed first part of this tutorial (without lsposed), I downloaded newest versions of everything (magisk 26.1 - had to directly install magisk in magisk too, Shamiko-v0.7.1-166-release, rest same as in tutorial) and it just worked. No more problems with old magisk. Deny list is working flawlessly!, safetynet is passing, Google Play Store says that device is certified. Thank you so much for this tutorial!
Click to expand...
Click to collapse
As of right now, magisk 25.2 works much better than magisk 26.1. You can continue to use it if you dont face any issues.
I believe I followed all the steps correctly including downgrading to magisk 25.2, the only step that I might not have followed correctly would be using hidemyapplist, but I'm getting CTS profile mismatch in microG safetynet attestation test. I have an LE2115 with lineageos 20 (specifically lineage-20.0-20230514-nightly-lemonade-signed.zip). I do get the "orange state" warning when I turn on my phone, I could make that go away by flashing an older version something (I forgot what but I've done it before) in TWRP but I wanted to avoid that since the only APPARENT effect is the orange state warning and I don't know if it will break later in LOS as they keep updating. I'd appreciate any help you could give me to fix this.
EDIT: just used magiskhidepropsconf and edit fingerprint and set it to htc exodus and now I pass all tests.