Lately it seems more and more developers are relying on safetynet for apps and features (especially google, i REALLY miss getting surveys with opinion rewards :[ )
So I'm curious if anyone has an idea what currently triggers a failed response.
Does busybox fail?
Does selinux need to be enforcing?
Does system status need to be "official"
Etc.
Lastly, bonus question:
Are there any custom kernels for g920p that don't auto root and install busybox?
It is fairly complex.
1) https://developer.android.com/training/safetynet/index.html
"SafetyNet examines software and hardware information on the device where your app is installed to create a profile of that device. The service then attempts to find this same profile within a list of device models that have passed Android compatibility testing. "
2) https://www.howtogeek.com/241012/sa...y-and-other-apps-dont-work-on-rooted-devices/
"Google uses something called SafetyNet to detect whether your device is rooted or not, and blocks access to those features. Google isn’t the only one, either–plenty of third-party apps also won’t work on rooted Android devices, although they may check for the presence of root in other ways."
You may already know this from the other thread regarding Magisk, but my suggestion is to return to stock via Odin, then follow the instructions from the Magisk thread here: https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445
koop1955 said:
It is fairly complex.
1) https://developer.android.com/training/safetynet/index.html
"SafetyNet examines software and hardware information on the device where your app is installed to create a profile of that device. The service then attempts to find this same profile within a list of device models that have passed Android compatibility testing. "
2) https://www.howtogeek.com/241012/sa...y-and-other-apps-dont-work-on-rooted-devices/
"Google uses something called SafetyNet to detect whether your device is rooted or not, and blocks access to those features. Google isn’t the only one, either–plenty of third-party apps also won’t work on rooted Android devices, although they may check for the presence of root in other ways."
You may already know this from the other thread regarding Magisk, but my suggestion is to return to stock via Odin, then follow the instructions from the Magisk thread here: https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445
Click to expand...
Click to collapse
Thanks for chiming in!
Dang there's a lot going on, i guess google is being pretty tight lipped about exactly what info they use.
But yea, at the moment I'm completely stock with magisksu and magisk v11.1
The issue is that magisk has to be re-installed after every boot, meaning there are a few minutes where safetynet and gms have the opportunity to see my root before i re-install magisk. (From what i gather from the magisk op thread, this could be fixed with a custom kernel... tested succesfully with skyhigh, but then failed safetynet and i don't know why.)
The other issue with the magisk set-up on complete stock is that Titanium backup and some other root-related apps seem to be almost entirely broken. Magisk OP thread sheds some light about that, something about system needing to mounted as rw (which I'm unable to change, since root hardly works at all)... a couple weeks ago the magisk dev said he was going to work on a fix for that, but I'm not banking on it.
So to summarize, I'm trying to figure out how to run a custom kernel (or even rom if possible) without failing safetynet... because even if i flash skyhigh on stock, Uninstall busybox, set se linux to enforced, uninstall supersu, and wipe davlik i still fail safetynet.
Or I'm i just too greedy wanting the freedom of root AND the comfort of stock behavior? (android pay, google opinion rewards, consistent play service function and updates etc)
I would guess that a custom kernel alone (no SuperSU or BusyBox) would cause a failure. It seems like any kernel mod would do so.
Magisk is an attempt to solve this, but doesn't seem quite there.
koop1955 said:
I would guess that a custom kernel alone (no SuperSU or BusyBox) would cause a failure. It seems like any kernel mod would do so.
Magisk is an attempt to solve this, but doesn't seem quite there.
Click to expand...
Click to collapse
I'd believe that, i guess that'd really be the obvious first step in profiling a device's environment.
Given that I'm guessing it'd just check the system info, all the info on the about device page in settings and compare it to which kernel i should have.
So in the interest of crawling deeper down this rabbit hole, I'm going to see what can be done to mock that info >
Also in defense of magisk, from what i gather, magisk is an extremely effective hands-off root solution... unless you have a samsung device.
@Nye-uhls, you should definitely check this out: https://forum.xda-developers.com/showpost.php?p=71398440&postcount=342
New kernel with built-in Magisk support.
koop1955 said:
@Nye-uhls, you should definitely check this out: https://forum.xda-developers.com/showpost.php?p=71398440&postcount=342
New kernel with built-in Magisk support.
Click to expand...
Click to collapse
Thats huge. I'm officially no longer putting effort into getting magisk working in anticipation of that new kernel.
Thank you for the heads up, probably wouldve kept sweating over this for a few more days lol.
Kind of a long story:
I have the TIM branded Zenfone 3 Deluxe 570KL and everything was ok (safetynet pass on both CTS and Basic integrity with Magisk root).
Then i updated Magisk to the 15.0 version and got my device encrypted randomly at the restart (and yes this is a problem with this version but hangon), after the upgrade to 15.0 and the device encrypted now the CTS verification fails so i tried to downgrade back to version 14 of magisk to no avail.
From there i downloaded the WW version of the firmware, formatted the phone (inc data), convert the zip to a flashable img file and flashed the stock WW with no root.
Device still encrypted despite the complete format and fails again the safetynet.
Tried to flash the TIM version downloadable from ASUS with the same result.
Somehow i flashed the stock WW and safetynet fails only on CTS but as soon as i install the version 15.1 of magisk and enabling Magisk hide on google apps i fail safetynet also on basic integrity.
Do you know any way to remove this dammned encryption since there is no option to disable it in the security settings and flash a fresh stock firmware that passes safetynet?
Maybe with a twrp backup of a stock firware i can do something?
Regards and happy holydays
exico91 said:
Kind of a long story:
I have the TIM branded Zenfone 3 Deluxe 570KL and everything was ok (safetynet pass on both CTS and Basic integrity with Magisk root).
Then i updated Magisk to the 15.0 version and got my device encrypted randomly at the restart (and yes this is a problem with this version but hangon), after the upgrade to 15.0 and the device encrypted now the CTS verification fails so i tried to downgrade back to version 14 of magisk to no avail.
From there i downloaded the WW version of the firmware, formatted the phone (inc data), convert the zip to a flashable img file and flashed the stock WW with no root.
Device still encrypted despite the complete format and fails again the safetynet.
Tried to flash the TIM version downloadable from ASUS with the same result.
Somehow i flashed the stock WW and safetynet fails only on CTS but as soon as i install the version 15.1 of magisk and enabling Magisk hide on google apps i fail safetynet also on basic integrity.
Do you know any way to remove this dammned encryption since there is no option to disable it in the security settings and flash a fresh stock firmware that passes safetynet?
Maybe with a twrp backup of a stock firware i can do something?
Regards and happy holydays
Click to expand...
Click to collapse
I am having the same problem with Magisk v15.1. What I did for a temporary solution is I flashed back to Magisk v14.0 and it now passes safety checks. I am using Android 7.0 and I have the 2.15 ghz version of the phone (Asus_Z016D) Hope this helps.
---------- Post added at 08:48 PM ---------- Previous post was at 08:45 PM ----------
https://forum.xda-developers.com/showpost.php?p=75017953&postcount=5170
Thanks for the suggestion. Flash back the 14 is the first thing I tried but it failed and then I tried to reset and reflash the stock firmware but now, like I said, nothing that I tried works.
I know is asking a lot but can you make a TWRP backup of your phone except the data partition obviously? Maybe that encryption f** up something that I can't fix just by reset and flash the stock
I have the same problem. Safetynet fails... Are you sure that encryption is the cause?
Ryder. said:
I have the same problem. Safetynet fails... Are you sure that encryption is the cause?
Click to expand...
Click to collapse
I believe so, i got encrypted only when i installed the 15.0 but even if i format system and data and i flash a clean stock the options says that my phone is encrypted even if the phone has no password or i didnt activate it
exico91 said:
I believe so, i got encrypted only when i installed the 15.0 but even if i format system and data and i flash a clean stock the options says that my phone is encrypted even if the phone has no password or i didnt activate it
Click to expand...
Click to collapse
I updated to magisk 15.2 and magisk hide works now. Now i can see nintendo games on play store for example. However ctsprofile doesn't pass safetynet check
Ryder. said:
I updated to magisk 15.2 and magisk hide works now. Now i can see nintendo games on play store for example. However ctsprofile doesn't pass safetynet check
Click to expand...
Click to collapse
Would be nice to pass also CTS like before but Im ok with just the integrity check.
And yeah i can confirm that it works now with 15.2.
That was driving me mad; interesting fact: Fire Emblem Heroes go into connection error loop if the integrity check fails or detect that the phone is rooted and that happens at random times. I hate this approach of Nintendo and such, if i want to have control of my phone you shouldnt penalize me for that.
Anyway if someone is brave enough to share a stock/rooted backup that pass the CTS i would gladly try it out.
exico91 said:
Would be nice to pass also CTS like before but Im ok with just the integrity check.
And yeah i can confirm that it works now with 15.2.
That was driving me mad; interesting fact: Fire Emblem Heroes go into connection error loop if the integrity check fails or detect that the phone is rooted and that happens at random times. I hate this approach of Nintendo and such, if i want to have control of my phone you shouldnt penalize me for that.
Anyway if someone is brave enough to share a stock/rooted backup that pass the CTS i would gladly try it out.
Click to expand...
Click to collapse
I agree. Even Gangstar New Orleans isn't downloadable if you have root. It's root the cause! I tought it was the fact that it's available only for some devices for certain reasons. Now even gameloft seems to penalize root users...
Did you go on magisk hide section and selected the apps/games which you are interested in?
Ryder. said:
I agree. Even Gangstar New Orleans isn't downloadable if you have root. It's root the cause! I tought it was the fact that it's available only for some devices for certain reasons. Now even gameloft seems to penalize root users...
Did you go on magisk hide section and selected the apps/games which you are interested in?
Click to expand...
Click to collapse
To download the apps/games, obviously, you have to use hide on google play then, when are installed, on the apps
Since i want to use Android Pay but got this issue, is there any stock rom which passes certification?
Could you please check:
Open the Google Play Store app Google Play.
Tap Menu Menu and then Settings.
Under “Device certification” you’ll see if your device is certified
Edit: After some research i can say it happens because of unlocked bootloader.
Any solution to pass cts verification?
I had to completely wipe my phone since recently the battery life started tanking hard, and I couldn't figure out why. I decided to just start over from a clean slate, since I had the same configuration since I got the phone about a year or two ago (stock Android 9, unlocked, and rooted with Magisk and EdXposed).
I figured that I would flash the July image without wipe first, but the battery issue persisted. I then decided to just flash it with the wipe (after backing up data, of course), and the battery seemed to be a bit better while I was setting up.
The problem I'm now having is that my device seems to be missing Play Certification. I noticed this when I was unable to install Netflix from the Play Store (although Google Pay seemed to work fine?). I've tried flashing the image several times, and even tried older images, but I can't seem to keep Play Certification.
I tried locking the bootloader after flashing the July image, and that finally gave me Play Certification and I was able to download Netflix.
Obviously however, I need to keep an unlocked bootloader for other things too.
Is there any way to get Netflix (and Play Certification) to work with an unlocked bootloader?
Doesn't MagiskHide provide just what you're asking for? If you don't want to use Magisk, maybe try PeNoire's SafetyNet Spoofer which works without Magisk but still requires a custom recovery like TWRP.
nitrous² said:
Doesn't MagiskHide provide just what you're asking for? If you don't want to use Magisk, maybe try PeNoire's SafetyNet Spoofer which works without Magisk but still requires a custom recovery like TWRP.
Click to expand...
Click to collapse
How would I get MagiskHide to work with Netflix without being able to install the app from the Play Store? Would enabling hide for the PS work, or do I need to sideload the app and then use Hide on the app?
Latiken said:
How would I get MagiskHide to work with Netflix without being able to install the app from the Play Store? Would enabling hide for the PS work, or do I need to sideload the app and then use Hide on the app?
Click to expand...
Click to collapse
Netflix doesn't care about the existence of Magisk once it is already installed on your device. So don't get confused there. You're problem is with the Play Store, specifically with SafetyNet. One step at a time;
When you unlock your bootloader, you are going to fail some SafetyNet checks. This will result in a restricted Play Store, meaning, certain apps won't be visible to you. To circumvent that, you flash something like Magisk or PetNoire to hide your bootloaders state to SafetyNet checks. This will result in an unrestricted Play Store. Unlock, install Magisk or PetNoire and then you should be able to get unrestricted access to Play Store apps.
Unlock the bootloader of your device
Install the latest version of Magisk
MagiskHide should be enabled by default, if not:
Download and install PetNoir's SafetyNet Spoofer
nitrous² said:
Netflix doesn't care about the existence of Magisk once it is already installed on your device. So don't get confused there. You're problem is with the Play Store, specifically with SafetyNet. One step at a time;
When you unlock your bootloader, you are going to fail some SafetyNet checks. This will result in a restricted Play Store, meaning, certain apps won't be visible to you. To circumvent that, you flash something like Magisk or PetNoire to hide your bootloaders state to SafetyNet checks. This will result in an unrestricted Play Store. Unlock, install Magisk or PetNoire and then you should be able to get unrestricted access to Play Store apps.
Unlock the bootloader of your device
Install the latest version of Magisk
MagiskHide should be enabled by default, if not:
Download and install PetNoir's SafetyNet Spoofer
Click to expand...
Click to collapse
I've tried this, but something seems to not be working, or I'm doing something wrong.
I have Magisk 19.3 installed, and I can see that MagiskHide was automatically enabled for ”com.google.android.gms.unstable" under Google Play services, but Play Store Certification still shows that my device isn't certified, and Netflix won't appear.
The SafetyNet check in MagiskManager passes, however, so I'm wondering if there's something else going on. I'm going to try the other suggested SafetyNet bypass.
EDIT: Installed the other Spoofer, and the Certification listing in the Play Store disappeared, but Netflix is still nowhere to be seen. I tried uninstalling all updates for the Store and clearing storage and cache, but still nothing.
Wondering if I should just sideload Netflix and see if it works fine.
EDIT2: After a few moments, the Play Store now says that my device is certified, but I'm still unable to find Netflix in the Store for some reason. Tried rebooting and clearing cache but still nothing.
Latiken said:
I've tried this, but something seems to not be working, or I'm doing something wrong.
I have Magisk 19.3 installed, and I can see that MagiskHide was automatically enabled for ”com.google.android.gms.unstable" under Google Play services, but Play Store Certification still shows that my device isn't certified, and Netflix won't appear.
The SafetyNet check in MagiskManager passes, however, so I'm wondering if there's something else going on. I'm going to try the other suggested SafetyNet bypass.
EDIT: Installed the other Spoofer, and the Certification listing in the Play Store disappeared, but Netflix is still nowhere to be seen. I tried uninstalling all updates for the Store and clearing storage and cache, but still nothing.
Wondering if I should just sideload Netflix and see if it works fine.
EDIT2: After a few moments, the Play Store now says that my device is certified, but I'm still unable to find Netflix in the Store for some reason. Tried rebooting and clearing cache but still nothing.
Click to expand...
Click to collapse
You just need to install Netflix through apk, not playstore. it is working well
Latiken said:
I've tried this, but something seems to not be working, or I'm doing something wrong.
I have Magisk 19.3 installed, and I can see that MagiskHide was automatically enabled for ”com.google.android.gms.unstable" under Google Play services, but Play Store Certification still shows that my device isn't certified, and Netflix won't appear.
The SafetyNet check in MagiskManager passes, however, so I'm wondering if there's something else going on. I'm going to try the other suggested SafetyNet bypass.
EDIT: Installed the other Spoofer, and the Certification listing in the Play Store disappeared, but Netflix is still nowhere to be seen. I tried uninstalling all updates for the Store and clearing storage and cache, but still nothing.
Wondering if I should just sideload Netflix and see if it works fine.
EDIT2: After a few moments, the Play Store now says that my device is certified, but I'm still unable to find Netflix in the Store for some reason. Tried rebooting and clearing cache but still nothing.
Click to expand...
Click to collapse
I'v been been having the same issue for about 5-6 months now with both Android 9 and 10. It was working fine on Pie and showing up in Google Play, but then after I flashed one of the monthly system images with a wipe, the app no longer showed up in the play store. And after I restored the most recent Netflix app at the time from a backup, it would constantly crash. I have all Google Play Services, Google Play and Netflix selected in Magisk hide. Google Play says my device is certified. Magisk SafetyNet test passes along with any SafetyNet test app. Logged out of my Google account, wiped data for Google Play, Google Play services and Netflix, rebooted and signed back in but still not showing up. Downloaded and installed the newest Netflix app from their site but I get an error stating the device is not supported with the app which clearly isn't the case.
Can you select this link and have it open in the Google Play app on your phone: https://play.google.com/store/apps/details?id=com.netflix.mediaclient&hl=en_US
It shows up for me but says in red font: "This app isn't compatible with your device anymore. Contact the developers for more info". Which I did...went back and forth with Google and Netflix for hours yesterday, but both of their support is completely useless.
The newest version of the app that works for me is version 6.26.1. You can download it here if you haven't already: https://www.apkmirror.com/apk/netflix-inc/netflix/netflix-6-26-1-build-15-31696-release/
The only thing is how long is it going to continue to work. A future update will most likely break that version as well.
Have you made any progress since July?
giants8058 said:
I'v been been having the same issue for about 5-6 months now with both Android 9 and 10. It was working fine on Pie and showing up in Google Play, but then after I flashed one of the monthly system images with a wipe, the app no longer showed up in the play store. And after I restored the most recent Netflix app at the time from a backup, it would constantly crash. I have all Google Play Services, Google Play and Netflix selected in Magisk hide. Google Play says my device is certified. Magisk SafetyNet test passes along with any SafetyNet test app. Logged out of my Google account, wiped data for Google Play, Google Play services and Netflix, rebooted and signed back in but still not showing up. Downloaded and installed the newest Netflix app from their site but I get an error stating the device is not supported with the app which clearly isn't the case.
Can you select this link and have it open in the Google Play app on your phone: https://play.google.com/store/apps/details?id=com.netflix.mediaclient&hl=en_US
It shows up for me but says in red font: "This app isn't compatible with your device anymore. Contact the developers for more info". Which I did...went back and forth with Google and Netflix for hours yesterday, but both of their support is completely useless.
The newest version of the app that works for me is version 6.26.1. You can download it here if you haven't already: https://www.apkmirror.com/apk/netflix-inc/netflix/netflix-6-26-1-build-15-31696-release/
The only thing is how long is it going to continue to work. A future update will most likely break that version as well.
Have you made any progress since July?
Click to expand...
Click to collapse
That's actually the exact same version of Netflix that I was able to get working, and I've been using it since July.
It works exactly as it should, but the resolution seems to be capped at 480p or 720p, as I notice a lot of blurriness. It's still usable, but I'm considering getting rid of Magisk and going to 10 to avoid these issues.
Reading on what you've done, it's exactly what I went through in July.
I'm not sure what's changed since prior to updating to another security patch, Netflix was working completely fine from the Play Store with Magisk.
Latiken said:
That's actually the exact same version of Netflix that I was able to get working, and I've been using it since July.
It works exactly as it should, but the resolution seems to be capped at 480p or 720p, as I notice a lot of blurriness. It's still usable, but I'm considering getting rid of Magisk and going to 10 to avoid these issues.
Reading on what you've done, it's exactly what I went through in July.
I'm not sure what's changed since prior to updating to another security patch, Netflix was working completely fine from the Play Store with Magisk.
Click to expand...
Click to collapse
Yeah and also after a few minutes of watching a video, the screen dims like right before your phone auto-locks itself due to inactivity. So far the only way I was able to get it to show back up in Google Play was re-locking the bootloader, but that's not really an option for me since I want to stay rooted. But it really doesn't make any sense since all the SafetyNet compatibility tests pass and the device is certified. Maybe I'll try reaching out to the Magisk dev and see if he's willing to take a look into it.
giants8058 said:
Yeah and also after a few minutes of watching a video, the screen dims like right before your phone auto-locks itself due to inactivity. So far the only way I was able to get it to show back up in Google Play was re-locking the bootloader, but that's not really an option for me since I want to stay rooted. But it really doesn't make any sense since all the SafetyNet compatibility tests pass and the device is certified. Maybe I'll try reaching out to the Magisk dev and see if he's willing to take a look into it.
Click to expand...
Click to collapse
I don't seem to have that screen dimming issue, so it's possible that something else is going on on your end for that.
It's possible that Netflix is able to detect root through some other way that's irrelevant to Google Play Protection. And it could also be a thing where the resolution is limited if you're not on the latest version.
If I do figure something out in the future, I'll be sure to post here again.
Latiken said:
I don't seem to have that screen dimming issue, so it's possible that something else is going on on your end for that.
It's possible that Netflix is able to detect root through some other way that's irrelevant to Google Play Protection. And it could also be a thing where the resolution is limited if you're not on the latest version.
If I do figure something out in the future, I'll be sure to post here again.
Click to expand...
Click to collapse
I don't think the issue is because of being rooted, but instead the unlocked bootloader as it still doesn't show up after uninstalling Magisk or after a system image flash with wipe. Like I mentioned earlier, the only way I can get it to show in Google Play or have the newest version work when side loaded at this point is when the bootloader is locked. So if you don't mind not being rooted or being able to manually flash updates without a factory reset each time, just re-lock your bootloader (just remember to backup your data since it wipes your phone) and Netflix should work normally again.
But I'll be sure post here as well if I come across anything that works.
What you both need is to install/flash a custom kernel...
On top of many multiple things a custom kernel can do, one significant thing is to be able to mask root on many/most root detecting processes. When I first rooted 2 years ago, I couldn't get Google Pay to work because of the root detecting. I had inadvertently flashed a custom kernel, and was pleasantly surprised that Google Pay began to work (back then, but now more than a custom kernel is required).
The best general all-around custom kernel was called Flash, but that became EOL and stopped development, but one called Caesium was built based off of Flash and continued from there; even collaborated with the maker of Flash.
Give it a try, and see how it works wonders for both your issue (root detection) battery life, and even responsiveness of the system!
Hope this helps...
simplepinoi177 said:
What you both need is to install/flash a custom kernel...
On top of many multiple things a custom kernel can do, one significant thing is to be able to mask root on many/most root detecting processes. When I first rooted 2 years ago, I couldn't get Google Pay to work because of the root detecting. I had inadvertently flashed a custom kernel, and was pleasantly surprised that Google Pay began to work (back then, but now more than a custom kernel is required).
The best general all-around custom kernel was called Flash, but that became EOL and stopped development, but one called Caesium was built based off of Flash and continued from there; even collaborated with the maker of Flash.
Give it a try, and see how it works wonders for both your issue (root detection) battery life, and even responsiveness of the system!
Hope this helps...
Click to expand...
Click to collapse
Thank you for the suggestion, I'll make sure to try this after updating to the latest Pie build. I'm sure that this will work, as I remember using a custom kernel last time that Netflix was working just fine for me.
I also just found a thread with a stock kernel infused with a SafetyNet patch that says that Netflix and other apps refused to work on unlocked bootloader devices because something trips in SafetyNet, leading me to believe that this is what me and @giants8058 have been experiencing.
I will let everyone know if this works later this week.
Latiken said:
Thank you for the suggestion, I'll make sure to try this after updating to the latest Pie build. I'm sure that this will work, as I remember using a custom kernel last time that Netflix was working just fine for me.
I also just found a thread with a stock kernel infused with a SafetyNet patch that says that Netflix and other apps refused to work on unlocked bootloader devices because something trips in SafetyNet, leading me to believe that this is what me and @giants8058 have been experiencing.
I will let everyone know if this works later this week.
Click to expand...
Click to collapse
You have to flash a custom Kernel to hide bootloader unlock. After you flash the custom kernel the play store will still show as not being certified. You will have to force stop the play store then delete the cache and storage. When you reboot it will show that it is certified.
murphyjasonc said:
You have to flash a custom Kernel to hide bootloader unlock. After you flash the custom kernel the play store will still show as not being certified. You will have to force stop the play store then delete the cache and storage. When you reboot it will show that it is certified.
Click to expand...
Click to collapse
I flash the August stock build along with the Sultan kernel (as I couldn't get Caesium or the SafetyNet patched kernel to flash), and followed your instructions, but my Play Store isn't showing my device as certified yet.
Is there something else I need to do?
Latiken said:
I flash the August stock build along with the Sultan kernel (as I couldn't get Caesium or the SafetyNet patched kernel to flash), and followed your instructions, but my Play Store isn't showing my device as certified yet.
Is there something else I need to do?
Click to expand...
Click to collapse
1. Download TWRP 3.3.0 img file
2. Download TWRP 3.3.0 zip file (optional)
3. Download Magisk 19.3
4. Download kernel of choice. (I use Sultan)
5. Boot to fastboot
6. Boot to TWRP. (fastboot boot TWRP. Img) I shorten the file name to make it easier.
7. Flash kernel first if using Sultan
8. Flash TWRP zip. (optional)
9. Flash Magisk 19.3
10. Let phone boot then delete data/cache in play store.
11. Reboot phone
These are the steps I use. If I remember correctly there was a couple of versions of the play store that showed uncertified no matter what. The latest play store version is 16.5.15. I can confirm it works. I also hide Google Play services in Magisk hide but I don't think that's needed unless you want Google Pay to work.
murphyjasonc said:
1. Download TWRP 3.3.0 img file
2. Download TWRP 3.3.0 zip file (optional)
3. Download Magisk 19.3
4. Download kernel of choice. (I use Sultan)
5. Boot to fastboot
6. Boot to TWRP. (fastboot boot TWRP. Img) I shorten the file name to make it easier.
7. Flash kernel first if using Sultan
8. Flash TWRP zip. (optional)
9. Flash Magisk 19.3
10. Let phone boot then delete data/cache in play store.
11. Reboot phone
These are the steps I use. If I remember correctly there was a couple of versions of the play store that showed uncertified no matter what. The latest play store version is 16.5.15. I can confirm it works. I also hide Google Play services in Magisk hide but I don't think that's needed unless you want Google Pay to work.
Click to expand...
Click to collapse
Those steps are actually exactly what I did, but the certification label in the settings is missing, and Netflix won't appear.
If it means anything, I noticed that I actually had Sultan kernel installed before doing any of this, so it might be that the kernel isn't working on my end.
Latiken said:
Those steps are actually exactly what I did, but the certification label in the settings is missing, and Netflix won't appear.
If it means anything, I noticed that I actually had Sultan kernel installed before doing any of this, so it might be that the kernel isn't working on my end.
Click to expand...
Click to collapse
Well...I can say, at least, that I am having the same experience as murphyjasonc and am able to get "Play Protect Certification" certified and I have an unlocked bootloader with root and even a custom recovery.
I would make sure you do as he suggests and at the very least disable or "uninstall updates" for the Play Store and Google Play Services. But, also, custom kernels are things that also need to be updated; so this might be the explanation on it no longer working. But I know you had recently reflashed Sultan, so it is rather puzzling that you are still having those issues.
Just making sure, you are using TWRP to install the latest version of those kernels, correct? Also, when you had ran the August patch, did you use the Full Factory version? Are you able to pass safetynet currently?
Hopefully retrying these will get things up and running...
simplepinoi177 said:
Well...I can say, at least, that I am having the same experience as murphyjasonc and am able to get "Play Protect Certification" certified and I have an unlocked bootloader with root and even a custom recovery.
I would make sure you do as he suggests and at the very least disable or "uninstall updates" for the Play Store and Google Play Services. But, also, custom kernels are things that also need to be updated; so this might be the explanation on it no longer working. But I know you had recently reflashed Sultan, so it is rather puzzling that you are still having those issues.
Just making sure, you are using TWRP to install the latest version of those kernels, correct? Also, when you had ran the August patch, did you use the Full Factory version? Are you able to pass safetynet currently?
Hopefully retrying these will get things up and running...
Click to expand...
Click to collapse
I used the latest version of TWRP to install the August OTA patch, as well as to install the latest Sultan kernel.
I just ran a SafetyNet test in MagiskManager and it passed correctly.
Latiken said:
I used the latest version of TWRP to install the August OTA patch, as well as to install the latest Sultan kernel.
I just ran a SafetyNet test in MagiskManager and it passed correctly.
Click to expand...
Click to collapse
Give this a try...
instead of the OTA, try the Full Factory version -- and be sure to remove the "-w" in the flash-all to keep your data intact -- and then, also, be sure to disable/"uninstall updates" for both the Google Play Store and the Google Play Services (you can enable it after disabling it of course). After that, boot up TWRP and flash the Sultan kernel and Magisk and see if you don't have the certification after all that.
If you don't know; you can't simply run the Full Factory .zip's in TWRP, so if you don't know how to do a Full Factory version, I can point you in the right direction...
Good luck!
Hi all,
Got a new phone and finally decided to see if I could root the old Pixel 2 XL. It's unlocked, bought directly from Google. Never before unlocked bootloader until now.
It was flashed to factory Android 11 2020-12, and rooted from there. Magisk 21.1 beta was installed from zip while booted into TWRP 3.0.4, as advised in this thread. The latest Play System Update (Oct 5, 2020) was automatically installed while I was messing around afterwords.
I confirmed root access thru a checker and Termux, which is pretty neat! Hadn't rooted a device in a long time!
Unfortunately, device certification fails in Play Store, Magisk SafetyNet check and being unable to add a credit card to Google Pay. Magisk says basicIntegrity passes, but CTSprofile fails.
Things I've tried, mostly from this exhaustive guide:
Hidden Magisk Manager
Enabled MagiskHide, rebooted
Remove Magisk zip from storage
Lock bootloader again, rebooted
Clear app storage for Play store and Play services, rebooted
Disable USB debugging
Disable Play Protect scanning
Looked over XDA boards, Magisk changelog/documentation/guides
Things I haven't done (yet?):
Spoofing device fingerprint. I wouldn't expect this to be necessary, since it's actually authentic! But maybe there's more to it that I don't understand?
Start over from scratch, with Magisk Canary build - doesn't appear to be any improvements to MagiskHide according in current release notes
Is this possible to achieve?
composition said:
Is this possible to achieve?
Click to expand...
Click to collapse
SafetyNet:Magisk and MagiskHide Installation and Troubleshooting guide
www.didgeridoohan.com
Google I believe is using hardware-backed CTS profiling, which Magisk cannot circumvent. Your only chance of passing CTS is to hope Google ISN'T using the hardware-backed version, so you can employ one of the workarounds I gave in the link above.
There is a setting in magisk manager that let's you switch the attestation check. I'm having a brain fart as to where it is atm but I'll poke around and if/when I find it, I'll reply again.
Larzzzz82 said:
There is a setting in magisk manager that let's you switch the attestation check. I'm having a brain fart as to where it is atm but I'll poke around and if/when I find it, I'll reply again.
Click to expand...
Click to collapse
Apparently we're both having brain farts. I didn't even think there was such a setting. Then again, I don't use Google Pay.
If you rooted using the method on this forum, and your Google Pay app was recently upgraded to Google Wallet, you will probably find that it doesn't work anymore. Even if you have the Universal SafetyNet Fix installed and SafetyNet shows as passing, the new payment app will still detect your device as rooted. This is because it now uses Google Play Integrity instead of SafetyNet.
There's a lot of discussion in this thread. But the short version is, if you want to get payments working again:
1. Install MagiskHide Props Config.
2. Follow the instructions on that page to change your device fingerprint to Samsung Galaxy S21 (A11).
That's it! Some people in the thread also cleared data for Google Play Services but I don't think I did. Also in that thread is a verification app (first version, official version) for Google Play Integrity that you can use to make sure your device fingerprint setting is correct.
So far I haven't noticed any side effects from changing the fingerprint. I was unable to receive any SMS messages after first changing, but I rebooted a second time and that issue went away.
Just install safetynet-fix-v2.3.1-MOD.zip in Magisk. That worked on my OnePlus Nord CE (EU).
Vattu said:
Just install safetynet-fix-v2.3.1-MOD.zip in Magisk. That worked on my OnePlus Nord CE (EU).
Click to expand...
Click to collapse
Yeah this thread is now out of date. The updated safetynet fix is a much better option now.
You don't need just the safetynet module. You need Shamiko along that.
So latest Safetynet + Shamiko 0.5.2 (the latest version right now) and you're all set. You gotta whitelist the banking apps you use and they'll work perfectly fine. These 2 were enough to allow my preferred ridiculous banking app to work without an issue, without any other modules or tweaking and such.
dragos281993 said:
You don't need just the safetynet module. You need Shamiko along that.
Click to expand...
Click to collapse
You only need Shamiko if you use LSposed, right? I don't use LSposed and it's been enough for me to put all of my annoying apps on the Magisk denylist.
aurny said:
You only need Shamiko if you use LSposed, right? I don't use LSposed and it's been enough for me to put all of my annoying apps on the Magisk denylist.
Click to expand...
Click to collapse
No. I only had Magisk installed with Zygisk turned on. I first installed Safetynet Fix then Shamiko. The first module wasn't enough for my preffered banking app to not detect that the bootloader was unlocked. Shamiko fixed that. I simply installed it as a module in Magisk
Thanks, good to know. I haven't had that issue yet but I'll remember this in case I need it in the future!
aurny said:
If you rooted using the method on this forum, and your Google Pay app was recently upgraded to Google Wallet, you will probably find that it doesn't work anymore. Even if you have the Universal SafetyNet Fix installed and SafetyNet shows as passing, the new payment app will still detect your device as rooted. This is because it now uses Google Play Integrity instead of SafetyNet.
There's a lot of discussion in this thread. But the short version is, if you want to get payments working again:
1. Install MagiskHide Props Config.
2. Follow the instructions on that page to change your device fingerprint to Samsung Galaxy S21 (A11).
That's it! Some people in the thread also cleared data for Google Play Services but I don't think I did. Also in that thread is a verification app (first version, official version) for Google Play Integrity that you can use to make sure your device fingerprint setting is correct.
So far I haven't noticed any side effects from changing the fingerprint. I was unable to receive any SMS messages after first changing, but I rebooted a second time and that issue went away.
Click to expand...
Click to collapse
Thank you very much, it worked perfectly.
This actually worked, thank you!