I have the same problem with my online banking app. I have tried everything but it always reminds me that I am rooted.
I have the same problem with my online banking app. I have tried everything but it always reminds me that I am rooted.
@TR2NTried that as well. I did hiding all the root related apps . But still its breaking.
Works perfect and passes safetynet fully rooted with xposed installed and enabled and no reboots so it's far from obsolete it's the beat options going... Prove me wrong?0.55 is obsolete and doesn't pass SN. It's that simple. The thread was locked by chainfire for a reason
Sent from my Nexus 6P with Tapatalk
Works perfect and passes safetynet fully rooted with xposed installed and enabled and no reboots so it's far from obsolete it's the beat options going... Prove me wrong?
Seriously tell me ANY way to get root+xposed that passes saferynet without rebooting or soft reboot or disabling anything just going from root app to none root app to android pay or Pokemon it's awesome and NOT obsolete far from it lol
I use a slightly more up to date kennel plus a firewall.. Name one downside/risk to using an out dated security patch??Caveat being you are using a pre-November 2016 security update ROM..
Again I'm asking about performance and xposed compatibility like my last post said (edited sorry) NOT about securityI can use pay and my local Bank's implementation and pogo too just fine with this one. And I'm up to date on security. If you're not using and not going to be using this one, then why are you here?
Sent from my Nexus 6P with Tapatalk
That make no sense I'm guessing we're talking about different things or you're lostwhy would you concern yourself with performance if you're not using it or going to cause of no xposed support? It's a pointless question.
Clear data on the play store and rebootI hope this thread is the right one and not supersu for this question, wasn't sure. I finally installed SR4 on the latest Sept image and also flashed SH on it and everything went great, the default choices in SH made it pass SafetyNet, and all is great in the world happy to report.
However, I had one question about the Play Store, the app still shows the device as "Uncertified" and I have heard people say they were able to make it Certified as well when the SafetyNet passed but that hasn't been my case. Anyone know which "package" I need to mark hide in SH to make that pass? I was under the impression the default ones already checked, such as Play Services would be sufficient as it passes SafetyNet, but thinking maybe there is something else somewhere that I can set as well to make it certified?
Does anyone have info on this or have figured it out and would be kind enough to share? Thank you in advance.
That make no sense I'm guessing we're talking about different things or you're lost
What? Again your confused I am one of them and I am using it that's why I'm asking for any possible ways to get xposed working like with suhide or magisk vs sihide-lite which doesn't as far as I know... Again hence the question...it makes perfect sense. Why would you concern yourself of the performance of an app you're not using or going to use? because it doesn't support xposed. Possible performance issues are only relevant to people actually using the app, and you're not one of them.
0.55 always worked with xposed and you must be forgetting I said workaroundsthen you're in the wrong question. If you want to make exposed work with this, you need to ask in the XPOSED thread. Not here, if/when xposed will be supported that's up to chainfire to decide, but i wouldn't hold my breath. 0.55 didn't either for a long time. as to the "suhide-lite doesn't as far as i know", it's not "as far as you know, it doesn't. Period. It's clearly stated in the OP
Most apps that detect root fall into the payment, banking/investing, corporate security, or (anit cheating) gaming category.
While a lot of apps have their custom root detection routines, with the introduction of SafetyNet the situation for power users has become worse, as developers of those apps can now use a single API to check if the device is not obviously compromised.
SafetyNet is of course developed by Google, which means they can do some tricks that others may not be able to easily do, as they have better platform access and control. In its current incarnation, ultimately the detection routines still run as an unprivileged user and do not yet use information from expected-to-be-secure components such as the bootloader or TPM. In other words, even though they have slightly more access than a 3rd party app, they still have less access than a root app does.
Following from this is that as long as there is someone who is willing to put in the time and effort - and this can become very complex and time consuming very quickly - and SafetyNet keeps their detection routines in the same class, there will in theory always be a way to beat these detections.
While reading that may initially make some of you rejoice, this is in truth a bad thing. As an Android security engineer in Google's employ has stated, they need to "make sure that Android Pay is running on a device that has a well documented set of API’s and a well understood security model".
The problem is that with a rooted device, it is ultimately not possible to guarantee said security model with the current class of SafetyNet tamper detection routines. The cat and mouse game currently being played out - SafetyNet detecting root, someone bypassing it, SafetyNet detecting it again, repeat - only serves to emphasize this point. The more we push this, the more obvious this becomes to all players involved, and the quicker SafetyNet (and similar solutions) will grow beyond their current limitations.
Ultimately, information will be provided and verified by bootloaders/TrustZone/SecureBoot/TIMA/TEE/TPM etc. (Samsung is already doing this with their KNOX/TIMA solutions). Parts of the device we cannot easily reach or patch, and thus there will come a time when these detection bypasses may no longer viable. This will happen regardless of our efforts, as you can be sure malware authors are working on this as well. What we power-users do may well influence the time-frame, however. If a bypass attains critical mass, it will be patched quickly.
More security requires more locking down. Ultimately these security features are about money - unbelievably large amounts of money. This while our precious unlocked bootloaders and root solutions are more of a developer and enthusiast thing. While we're all generally fond of shaking our fists at the likes of Google, Samsung, HTC, etc, it should be noted that there are people in all these companies actively lobbying to keep unlocked/unlockable devices available for us to play with, with the only limitation being that some financial/corporate stuff may not work if we play too hard.
It would be much easier (and safer from their perspective) for all these parties to simply plug that hole and fully lock down the platform (beyond 3rd party apps using only the normal APIs). Bypassing root checks en masse is nothing less than poking the bear.
Nevertheless, users want to hide their roots (so do malware authors...) and at least this implementation of suhide is a simple one. I still think it's a bad idea to do it. Then again, I think it's a bad idea to do anything financial related on Android smartphone that isn't completely clean, but that's just me.
Note that I have intentionally left out any debate on whether SafetyNet/AndroidPay/etc need to be this perfectly secure (most people do their banking on virus ridden Windows installations after all), who should get to decide which risk is worth taking, or even if Google and cohorts would be able to design the systems more robustly so the main app processor would not need to be trusted at all. (the latter could be done for Android Pay, but wouldn't necessarily solve anything for Random Banking App). While those are very interesting discussion points, ultimately it is Google who decides how they want this system to work, regardless of our opinions on the matter - and they want to secure it.