Hello everybody,
It's been a while now since I first noticed this, I tried waiting it out but that didn't work. I'm using AEX and have root enabled by Magisk, and SafetyNet tests are successful, passing both CTS and basicIntegrity, but I had to hide Google Play Store and Google Play Services using Magisk Hide. However, despite passing CTS and basicIntegrity, Google Playstore says my device is uncertified. This has never happened before, and it doesn't seem to affect my usage (I heard Netflix won't appear in the store if Google detects root somehow, but I can see Netflix in the store just fine), but it would be nice if I can get certified. Any ideas?
Thank you for your time.
TL;DR : I pass CTS and basicIntegrity but store says uncertified, how can I fix that?
Hi, I'm trying to run Google Pay on my OnePlus with Lineage 18.1 + MicroG. I passed the SafetyNet, but Gpay still doesn't work. I added my Google account in the MicroG settings and hid root from Gpay in the Magisk's DenyList
My banking app also gives me issues. Can't use NFC payment because it detects root. It was the same on my previous Realme X2 Pro and I wask never able to solve it. Magisk hide, then later denylist; safetynet passes, but nothing. If someone finds a solution that would be great.
I'm on OOS 11 though.
Arcide said:
My banking app also gives me issues. Can't use NFC payment because it detects root. It was the same on my previous Realme X2 Pro and I wask never able to solve it. Magisk hide, then later denylist; safetynet passes, but nothing. If someone finds a solution that would be great.
I'm on OOS 11 though.
Click to expand...
Click to collapse
Denylist works great for me, all bank apps didn't detect anything. Are you sure that you selected all activities corresponding to your bank app and enabled enforcement?
happyrage said:
Denylist works great for me, all bank apps didn't detect anything. Are you sure that you selected all activities corresponding to your bank app and enabled enforcement?
Click to expand...
Click to collapse
No sadly it doesn't work, and there's only one process that is shown. This app is a real f***ing piece of work.
I managed to get my Gpay up and running on Lineage. I can't exactly open the app, but I can access GPay to add a card via Settings. Youtube video to explain below.
Work from :
StratospherePerformance
Legend_Gaming077
Google has started to use hardware to check the phones bootloader which cannot be faked as it uses secure part of the phone that is not accessible.
There is a "hardware off" magisk module which changes your device id to a device that still uses software checks, this will pass safteynet but it will mean that galaxy store will stop working.
Eventually there will be no way round this to use SafetyNetFix !!!
!!!IMPORTANT!!!
There are 2 Versions
1 If you use Magisk Riru
2 If you use Magisk Zygisk
3 Any questions ?? Just ask here we help!
Happy Flashing!
safetynet-fix-zygisk-v2.2.1 = https://drive.google.com/file/d/1GppsrAlJ_eWjj613miRxFiYmUnztUVk2/view
safetynet-fix-riru-v2.1.3 = https://drive.google.com/file/d/1GrtnauPbFjSCGH8BuBiSS4YMay_5SPAx/view
Hello colleague, I have magiks
He says:
Installed: 24.3 (24300)
Zygisk: yes
ramdisk: yes
I'm still on UI 4.0 G770FXXS6FVD2
Do I have to install the file you provide?
I really don't have much knowledge.
Thank you
mezacorleehone said:
Hello colleague, I have magiks
He says:
Installed: 24.3 (24300)
Zygisk: yes
ramdisk: yes
I'm still on UI 4.0 G770FXXS6FVD2
Do I have to install the file you provide?
I really don't have much knowledge.
Thank you
Click to expand...
Click to collapse
Yes you can install safetynet-fix-zygisk-v2.2.1
Google pay just updated to Google wallet in my country and it doesn't work.. It says Google wallet is updating.
I think it see root and doesn't work. Google pay was working. I have safetynet fix zygisk and everything else. In every other app (banks etc) i hide root and everything is working. Magisk 25.2
I have deleted data, deleted data form gapps, re install Google wallet, nothing works.
If everyone have any other solution to try..
Thanks,
Hi,
after bricked my device, I wipe, reinstalled new on July patch and root.
All is working but not the certified in Play Store.
SafetyNet is passes.
Male a new fingerprint with props and the OS isn't loading.
Anyone has an idea?
Hi,
try redoing a fingerprint, reboot. Have had this problem myself and that solved it.
Leave it for a few days, normally it will be certified back after 2 days
Close the Play Store and clear the app data/cache and it'll fix the certification.
You shouldn't have to do anything to the fingerprint to pass.
Latest Magisk (25.1)
Universal SafetyNet Fix 2.3.1
DenyList enabled on Google Play Store
This is on a Pixel 5, but it shouldn't make any difference. SafetyNet passes, and device is Play Certified.
Spoiler: Screenshots
This is old story - Please clean google play store data and cache and then reopen google play store to make it download necessary files to certify again and then it will pass certification.
Not an old story, there's much discussion on the release of a new "aggressive" API that passes safteynet but failed other, stronger tests that Netflix and Gpay use to detect root. So far, I have not seen anyone overcome it on P6P without changing fingerprint.
rhetorician said:
Not an old story, there's much discussion on the release of a new "aggressive" API that passes safteynet but failed other, stronger tests that Netflix and Gpay use to detect root. So far, I have not seen anyone overcome it on P6P without changing fingerprint.
Click to expand...
Click to collapse
I've had no problem with Magisk zygisk and UNSF 2.3.1 with Google pay/wallet and netflix. Google play has always shown my P6P as certified.
Go to the GitHub page and look at the discussion posted on this issue. If you're able to use GPay on the July firmware with updated Google services, then you appear to be in the minority.
New Google Integrity API update breaks universal safetynet fix · Issue #203 · kdrag0n/safetynet-fix
New Google Integrity API update breaks universal safetynet fix Describe the bug Google Play device is certified. YASNAC safety net passes. Google Pay is now Google Wallet which detects device as ro...
github.com
I am also running July firmware on a rooted P6P, can use GPay and PlayStore says its certified. I've applied all updates, Play Store says it's up to date at v31.6.13-21.
YASNAC passes. Magisk 25.2, Shamiko for Denylist enforcement. Play Store, GPay, and Netflix on denylist.
A modified safetynet fix should fix this problem. Make sure to clear data from google play services. Goodluck.
wanttotree said:
A modified safetynet fix should fix this problem. Make sure to clear data from google play services. Goodluck.
Click to expand...
Click to collapse
Where did you get this from? The official USNF file has only reached V2.3.1.
@Lughnasadh Ahh, thanks for the clarification. I appreciate it =).
NippleSauce said:
Where did you get this from? The official USNF file has only reached V2.3.1.
Click to expand...
Click to collapse
That's from Displax. He actually updated the mod but also lowered the version number so it would coincide with kdragons. So the latest, updated version of Displax's mod is 2.3.1, not 2.3.2.
MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0
Universal SafetyNet Fix Magisk module Magisk module to work around Google's SafetyNet attestation. This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS...
forum.xda-developers.com
I apologize for not crediting Displax.
Seems I am doing something wrong, play store certification status of the devices will still stay on "not certified".
Pixel 5, lineageos 20 freshly installed, magisk (zygisk enabled, enforce deny list, play store + play services fully checked), Displax' USNF v.2.4.0-Mod_1.2 installed, wiped data+cache from play store + play services, Google Services Framework ID registered. Safetynet basic integrity + CTS profile match passed.
Any idea?
ssdnvv said:
Seems I am doing something wrong.
Pixel 5, lineageos 20 freshly installed, magisk (zygisk enabled, enforce deny list, play store + play services fully checked), Displax' USNF v.2.4.0-Mod_1.2 installed, wiped data+cache from play store + play services, Google Services Framework ID registered.
Any idea?
Click to expand...
Click to collapse
You need to install Shamiko to hide su binary (disabling enforce deny list) and check Play Integrity, SafetyNet is depracated: https://play.google.com/store/apps/details?id=gr.nikolasspyr.integritycheck
swer45 said:
You need to install Shamiko to hide su binary (disabling enforce deny list) and check Play Integrity, SafetyNet is depracated: https://play.google.com/store/apps/details?id=gr.nikolasspyr.integritycheck
Click to expand...
Click to collapse
Thanks for your quick answer, but still not certified. Does this "let the device wait for some time"-idea help?
ssdnvv said:
Thanks for your quick answer, but still not certified. Does this "let the device wait for some time"-idea help?
Click to expand...
Click to collapse
Oh, you are using Lineage, I don't like it because doesn't include any patch of this. Try this module: https://github.com/Magisk-Modules-Alt-Repo/sensitive_props/releases/latest
But I recommend you to use another ROM, Lineage is for testing purposes.
ssdnvv said:
play store + play services fully checked
Click to expand...
Click to collapse
wipe the app data of Play Store and force stop it. another option would be flashing the 'Universal SafetyNet Fix' as Magisk module.
Seems shamiko does anyways not bypass CTS on lineageos which I'd like to keep - used to it for several years by now ;-). Or can you recommend another AOSP android 13 ROM, that is still well maintained?
Displax' Universal SafetyNet Fix mod is working in combination with deny list to pass safetyNet but not Playstore integrity check.
The sensitive_props module doesn't seem to change the situation. I just freshly reinstalled and only logged in into google account and entered playstore after YASNAC showed both checks passed.
edit: for the record - I just had to wait roughly two days and the certification was shown in playstore. But even with this not all apps run fine - Microsoft Intune / Teams for accessing company networks for example refuse to connect (yet can be installed, so this seems to be some security initiative from M$).
If you rooted using the method on this forum, and your Google Pay app was recently upgraded to Google Wallet, you will probably find that it doesn't work anymore. Even if you have the Universal SafetyNet Fix installed and SafetyNet shows as passing, the new payment app will still detect your device as rooted. This is because it now uses Google Play Integrity instead of SafetyNet.
There's a lot of discussion in this thread. But the short version is, if you want to get payments working again:
1. Install MagiskHide Props Config.
2. Follow the instructions on that page to change your device fingerprint to Samsung Galaxy S21 (A11).
That's it! Some people in the thread also cleared data for Google Play Services but I don't think I did. Also in that thread is a verification app (first version, official version) for Google Play Integrity that you can use to make sure your device fingerprint setting is correct.
So far I haven't noticed any side effects from changing the fingerprint. I was unable to receive any SMS messages after first changing, but I rebooted a second time and that issue went away.
Just install safetynet-fix-v2.3.1-MOD.zip in Magisk. That worked on my OnePlus Nord CE (EU).
Vattu said:
Just install safetynet-fix-v2.3.1-MOD.zip in Magisk. That worked on my OnePlus Nord CE (EU).
Click to expand...
Click to collapse
Yeah this thread is now out of date. The updated safetynet fix is a much better option now.
You don't need just the safetynet module. You need Shamiko along that.
So latest Safetynet + Shamiko 0.5.2 (the latest version right now) and you're all set. You gotta whitelist the banking apps you use and they'll work perfectly fine. These 2 were enough to allow my preferred ridiculous banking app to work without an issue, without any other modules or tweaking and such.
dragos281993 said:
You don't need just the safetynet module. You need Shamiko along that.
Click to expand...
Click to collapse
You only need Shamiko if you use LSposed, right? I don't use LSposed and it's been enough for me to put all of my annoying apps on the Magisk denylist.
aurny said:
You only need Shamiko if you use LSposed, right? I don't use LSposed and it's been enough for me to put all of my annoying apps on the Magisk denylist.
Click to expand...
Click to collapse
No. I only had Magisk installed with Zygisk turned on. I first installed Safetynet Fix then Shamiko. The first module wasn't enough for my preffered banking app to not detect that the bootloader was unlocked. Shamiko fixed that. I simply installed it as a module in Magisk
Thanks, good to know. I haven't had that issue yet but I'll remember this in case I need it in the future!
aurny said:
If you rooted using the method on this forum, and your Google Pay app was recently upgraded to Google Wallet, you will probably find that it doesn't work anymore. Even if you have the Universal SafetyNet Fix installed and SafetyNet shows as passing, the new payment app will still detect your device as rooted. This is because it now uses Google Play Integrity instead of SafetyNet.
There's a lot of discussion in this thread. But the short version is, if you want to get payments working again:
1. Install MagiskHide Props Config.
2. Follow the instructions on that page to change your device fingerprint to Samsung Galaxy S21 (A11).
That's it! Some people in the thread also cleared data for Google Play Services but I don't think I did. Also in that thread is a verification app (first version, official version) for Google Play Integrity that you can use to make sure your device fingerprint setting is correct.
So far I haven't noticed any side effects from changing the fingerprint. I was unable to receive any SMS messages after first changing, but I rebooted a second time and that issue went away.
Click to expand...
Click to collapse
Thank you very much, it worked perfectly.
This actually worked, thank you!