Hey. So this seem like a nice guide for those who have no idea how to set this up.
I just came across it because I started getting Root notifications on my Citibank app (actually I don't know if I was getting them before or not, I only use it once every couple of months and despite the notifications, my needed functionality does not seem to be impacted).
In any event, I thought updating HMA/Zygisk, etc might help with hiding from Citi, and when that didn't I found this guide in hopes that maybe there was a setting I was overlooking.
I'm a bit confused by this guide's complexity. Not that it is hard to follow, but the recommendations for the template and the blacklisting of all the magisk, xposed, etc apps.
The reason I say this is that instead of running HMA with apps in "Blacklist" mode and applying a template of blacklisted applications, I have always run HMA apps using the "Whitelist" option. This effectively means that ALL apps are hidden from the application unless you specify them (either individually or with a whitelist template).
I have a specific app: STC Pay, which I don't actually use myself but know that it is a very problematic app for some and I use it as a "test" app. This app won't run (constantly crashes within 5 seconds of use) when setting up HMA according to this guide. If instead you configure the app in "Whitelist" mode as I've described it appears to work fine.
That being said, getting all OK checkboxes in Applist Detector doesn't seem to necessarily be a good indicator. For instance, when using this guide I get 100% all checkboxes in Applist Detector, but STC Pay (configured the same way) fails to run. If I set it up my way, AppList still shows a "suspicious" on "PM Intent Queries" (unless you also choose the option in HMA to hide system apps...which also seems to work fine).
IOW, passing the checks on AppList Detector (or similar) does not seem to be the best indicator that things are working as you want, since I can pass all them with this guide but my apps fail to run (because they seemingly detect root and/or other harmful apps).
So, I'm curious, both from @73sydney
and other users why the choice to use the settings in this guide rather than simply choose use Whitelist mode which, at least in my experience, works on a wider range of apps AND seems less complex to setup.
FWIW, in no configuration can I get Citibank to not detect root, but luckily for now at least it seems mostly an information message as I can continue to use the app (although it does seem if I setup Biometrics that logins will fail, even if using password attempt).
UPDATE: My Citibank was being detected because it somehow (probably on update) got (partially) removed from the Magisk Deny List.
If I could suggest one update to the @73sydney
his guide should be a bit clearer in regards to the DenyList. It makes a brief mention of Shamiko with the Deny List. While it is true that "Enforce Deny List" needs to be toggled "OFF", this does not mean that the DenyList is not in use. You STILL NEED to add the apps that you want to hide from Magisk/root to this list it is just that Magisk is no longer capable of enforcing it, instead Shamiko does that. I suspect that at least some people following this guide are not able to properly hide root because the guide is not clear in ensuring that not only are apps configured in HMA, but also still listed on Magisk's DenyList.