Hide My Applist - A Brief Guide

[ipdev]

You can certainly do that.
It's just in my experience HMA is mainly used to hide "offensive" apps (those usually used to modify the device) from other apps that don't want them there.
<SNIP>
The other option is privacy. For instance, maybe an app like Facebook can access data from another app (even though modern Android os should limit this). In this case you would want to restrict Facebook from seeing all other apps. Once again, I feel the Whitelist option is the better choice.

I'm certainly open to being proven wrong by other use cases...I just don't see them.

I am not out to prove anyone wrong.

That is why I am asking if a mix of using while list and black list mode works.

If it does, then including it in the guide would be a great idea.
I might ask you to help with the PR request about it. ​

---

I use a modified version of YouTube and YouTube Music that I do not want PlayStore to update.
So I include both in a black list and apply it to PlayStore.

If I used HMA in white list mode for PlayStore.
I would have to create a white list of every app that I still want to be updated.
Then apply that white list to PlayStore.
So using black list mode for PlayStore is the better option in this case.

<SNIP>
I have a specific app: STC Pay, which I don't actually use myself but know that it is a very problematic app for some and I use it as a "test" app. This app won't run (constantly crashes within 5 seconds of use) when setting up HMA according to this guide. If instead you configure the app in "Whitelist" mode as I've described it appears to work fine.

That being said, getting all OK checkboxes in Applist Detector doesn't seem to necessarily be a good indicator. For instance, when using this guide I get 100% all checkboxes in Applist Detector, but STC Pay (configured the same way) fails to run. If I set it up my way, AppList still shows a "suspicious" on "PM Intent Queries" (unless you also choose the option in HMA to hide system apps...which also seems to work fine).
<SNIP>

If you use the white list option for 'STC Pay' and the black list option for 'Applist Detector' do you get the best of both options or is there a conflict?

Does STC give error when you have it using the white list option and Detector using the black list option?
Does Detector give error when you have it using the black list option and STC using the white list option?​

Cheers.

 

[TraderJack]

I use a modified version of YouTube and YouTube Music that I do not want PlayStore to update.
So I include both in a black list and apply it to PlayStore.

A better option is probably to use the Lsposed module UpdateLocker. It will prevent updates to specific apps from Play and is designed specifically for that.

If you use the white list option for 'STC Pay' and the black list option for 'Applist Detector' do you get the best of both options or is there a conflict?

Does STC give error when you have it using the white list option and Detector using the black list option?​

Does Detector give error when you have it using the black list option and STC using the white list option?​

You can use the white and black lists independently for each app, there is no conflict.
While I can't think of a scenario, if you have two apps that need to talk to each other they would both need to be allowed on each's respective lists if you are using HMA for both

 

[zgfg]

I use a modified version of YouTube and YouTube Music that I do not want PlayStore to update.
So I include both in a black list and apply it to PlayStore.

If I used HMA in white list mode for PlayStore.
I would have to create a white list of every app that I still want to be updated.
Then apply that white list to PlayStore.
So using black list mode for PlayStore is the better option in this case.

Just a short question please. What version of HMA do you use?

A better option is probably to use the Lsposed module UpdateLocker. It will prevent updates to specific apps from Play and is designed specifically for that.

I also use UpdateLocker (actually, I did use HMA for detaching but then switched to UpdateLocker - and the reason I switched is related to my question above)

 

[ipdev]

Just a short question please. What version of HMA do you use?

I updated to v3.1.1 last month.
Prior to that I was using v3.1.0-Beta.

Cheers.

Edit.
PS.
I keep LSPosed updated using the zygisk version.
Magisk..
Personal (snapshot) builds. I build right from John's repo.
So basically the same as the current CI builds.

 

[zgfg]

I updated to v3.1.1 last month.
Prior to that I was using v3.1.0-Beta.

Cheers.

Asked bcs I have the following problem (it started when I updated from v2 to v3):

- App manage, Google Play Store (com.android.vending), Enable hide
- Blacklist mode, using a template or even not

After that I can no more open Google Play Store - splash screen with the triangle icon stays forever

Also in Play Integrity API Checker, Check spins forever (even there is no timeout to stop)

On both my two phones, official Canary and Delta

Disable hide for PlayStore and everything works fine again

Therefore, I had to stop using HMA for detaching YT (and few other apps) from PlayStore and instead I switched to UpdateLocker

For 'normal' hiding I use HMA

---

Edit:

If Vold Data Isolation in HMA Settings is disabled, then PlayStore opens and PI API Checker works

However, then Ruru detects Libc and Syscall (although I also have another module App Data Isolation installed)

To put everything to work (PlayStore, PI API Checker and Ruru passing) I have to:
- enabled Vold Data Isolation in HMA
- not use HMA for detaching apps from PlayStore but to use UpdateLocker

See:

[Bug] Issue With Play Store · Issue #247 · Dr-TSNG/Hide-My-Applist

Steps to reproduce/复现步骤 1-Created a blacklist with Youtube & Plus Messenger. 2-Applied the Blacklist to Google play store Expected behaviour/预期行为 What is expected to happen that the store should wo...

github.com

 

[TraderJack]

Does anyone have any reference for what the "vold data isolation" function is?
I can't find reference of what it is or what the features is supposed to do anywhere.

I believe it has to do with the "Android Volume Daemon" which I assume (?) has to do with mounted disk volumes? But I'm not sure what benefits or drawbacks it is supposed to have for use with HMA.

thanks

 

[zgfg]

Hey. So this seem like a nice guide for those who have no idea how to set this up.

I just came across it because I started getting Root notifications on my Citibank app (actually I don't know if I was getting them before or not, I only use it once every couple of months and despite the notifications, my needed functionality does not seem to be impacted).

In any event, I thought updating HMA/Zygisk, etc might help with hiding from Citi, and when that didn't I found this guide in hopes that maybe there was a setting I was overlooking.

I'm a bit confused by this guide's complexity. Not that it is hard to follow, but the recommendations for the template and the blacklisting of all the magisk, xposed, etc apps.

The reason I say this is that instead of running HMA with apps in "Blacklist" mode and applying a template of blacklisted applications, I have always run HMA apps using the "Whitelist" option. This effectively means that ALL apps are hidden from the application unless you specify them (either individually or with a whitelist template).

I have a specific app: STC Pay, which I don't actually use myself but know that it is a very problematic app for some and I use it as a "test" app. This app won't run (constantly crashes within 5 seconds of use) when setting up HMA according to this guide. If instead you configure the app in "Whitelist" mode as I've described it appears to work fine.

That being said, getting all OK checkboxes in Applist Detector doesn't seem to necessarily be a good indicator. For instance, when using this guide I get 100% all checkboxes in Applist Detector, but STC Pay (configured the same way) fails to run. If I set it up my way, AppList still shows a "suspicious" on "PM Intent Queries" (unless you also choose the option in HMA to hide system apps...which also seems to work fine).

IOW, passing the checks on AppList Detector (or similar) does not seem to be the best indicator that things are working as you want, since I can pass all them with this guide but my apps fail to run (because they seemingly detect root and/or other harmful apps).

So, I'm curious, both from @73sydney and other users why the choice to use the settings in this guide rather than simply choose use Whitelist mode which, at least in my experience, works on a wider range of apps AND seems less complex to setup.

FWIW, in no configuration can I get Citibank to not detect root, but luckily for now at least it seems mostly an information message as I can continue to use the app (although it does seem if I setup Biometrics that logins will fail, even if using password attempt).

UPDATE: My Citibank was being detected because it somehow (probably on update) got (partially) removed from the Magisk Deny List.

If I could suggest one update to the @73sydney his guide should be a bit clearer in regards to the DenyList. It makes a brief mention of Shamiko with the Deny List. While it is true that "Enforce Deny List" needs to be toggled "OFF", this does not mean that the DenyList is not in use. You STILL NEED to add the apps that you want to hide from Magisk/root to this list it is just that Magisk is no longer capable of enforcing it, instead Shamiko does that. I suspect that at least some people following this guide are not able to properly hide root because the guide is not clear in ensuring that not only are apps configured in HMA, but also still listed on Magisk's DenyList.

Ok, thanks.

I just converted settings for all Manage apps in HMA.
On both my phones, one with Magisk Canary, the other Delta

Previously I had one Blacklist template with Magisk app and all LSPosed modules listed.
And for all Manage apps I used default Blacklist mode, with that template

Now I put Whitelist mode and checked to Exclude System apps - as on the screenshot

And everything works fine / passes as previously

This way it's indeed more simple for the future. When I add another LSPosed module(s), I will not need to extend my Blacklist template

 

[TraderJack]

Ok, thanks.

...

This way it's indeed more simple for the future. When I add another LSPosed module(s), I will not need to extend my Blacklist template

Cool. FYI everything will probably work even without system apps being excluded...at least they do with everything I need.

Theoretically I think excluding system apps may likely help in some situations but may not be compatible with some apps which need to access certain system functions.

That being said, I probably wouldn't even use that option unless needed for a certain app. That also means one less tap per app to set it up.

Either/or though probably doesn't matter much.

 

[zgfg]

Cool. FYI everything will probably work even without system apps being excluded...at least they do with everything I need.

Theoretically I think excluding system apps may likely help in some situations but may not be compatible with some apps which need to access certain system functions.

That being said, I probably wouldn't even use that option unless needed for a certain app. That also means one less tap per app to set it up.

Either/or though probably doesn't matter much.

Apps that call Play Integrity (or the old SafetyNet) need to have Exclude enabled

Or, I would have to use Whitelist template with GMS

Otherwise they cannot access Google Play Services (GMS) to call the API

Eg, TB-Checker and SCheck

 

[Tomek0000]

Hi,
1. I configured HMA using official documentation. First time I added to app list Google Play Store and Services (doc shows only store to add , services does not).
My widgets stoped working.
I removed google play services from app list and widget of Weather service started to work, but widgets of FairMail still are black and empty.
When google play store is removed from app list , the widgets of FairMail work correct.

What does it mean ? Does FairMail wrong support own widgets or I configure HMA wrong ?

2. Applist detector sees "found:Xposed hooks" in Abnormal Env. How can I add LSPosed to the black list ? Is it possible ? (There is "suspicious:XPrivacyLua" too in the same list)

 

[zgfg]

Hi,
1. I configured HMA using official documentation. First time I added to app list Google Play Store and Services (doc shows only store to add , services does not).
My widgets stoped working.
I removed google play services from app list and widget of Weather service started to work, but widgets of FairMail still are black and empty.
When google play store is removed from app list , the widgets of FairMail work correct.

What does it mean ? Does FairMail wrong support own widgets or I configure HMA wrong ?

2. Applist detector sees "found:Xposed hooks" in Abnormal Env. How can I add LSPosed to the black list ? Is it possible ? (There is "suspicious:XPrivacyLua" too in the same list)

Where in this guide was stated that Play Store app should be added to HMA?

What to hide from Playstore and for what purpose?

Uninstall XPrivacyLua (or don't expect HMA will help for). How to hide LSPosed modules is described in the guide (on GitHub - linked from the OP post)

 

[Tomek0000]

Where in this guide was stated that Play Store app should be added to HMA?

What to hide from Playstore and for what purpose?

Uninstall XPrivacyLua (or don't expect HMA will help for). How to hide LSPosed modules is described in the guide (on GitHub - linked from the OP post)

Right. It is Pay, not Play
As long as it will not be a problem, I will use XPrivacyLua. Only if it will not be possible in other way, I will remove it. Securing privacy is more important than using bank apps, but if break others I will remove.

Do we have anything what can replace XprivacyLua ?

 

[zgfg]

Right. It is Pay, not Play
As long as it will not be a problem, I will use XPrivacyLua. Only if it will not be possible in other way, I will remove it. Securing privacy is more important than using bank apps, but if break others I will remove.

Do we have anything what can replace XprivacyLua ?

Not fully but you have two modules as on the screenshot

 

[Strategistlieu]

Hey. So this seem like a nice guide for those who have no idea how to set this up.

I just came across it because I started getting Root notifications on my Citibank app (actually I don't know if I was getting them before or not, I only use it once every couple of months and despite the notifications, my needed functionality does not seem to be impacted).

In any event, I thought updating HMA/Zygisk, etc might help with hiding from Citi, and when that didn't I found this guide in hopes that maybe there was a setting I was overlooking.

I'm a bit confused by this guide's complexity. Not that it is hard to follow, but the recommendations for the template and the blacklisting of all the magisk, xposed, etc apps.

The reason I say this is that instead of running HMA with apps in "Blacklist" mode and applying a template of blacklisted applications, I have always run HMA apps using the "Whitelist" option. This effectively means that ALL apps are hidden from the application unless you specify them (either individually or with a whitelist template).

I have a specific app: STC Pay, which I don't actually use myself but know that it is a very problematic app for some and I use it as a "test" app. This app won't run (constantly crashes within 5 seconds of use) when setting up HMA according to this guide. If instead you configure the app in "Whitelist" mode as I've described it appears to work fine.

That being said, getting all OK checkboxes in Applist Detector doesn't seem to necessarily be a good indicator. For instance, when using this guide I get 100% all checkboxes in Applist Detector, but STC Pay (configured the same way) fails to run. If I set it up my way, AppList still shows a "suspicious" on "PM Intent Queries" (unless you also choose the option in HMA to hide system apps...which also seems to work fine).

IOW, passing the checks on AppList Detector (or similar) does not seem to be the best indicator that things are working as you want, since I can pass all them with this guide but my apps fail to run (because they seemingly detect root and/or other harmful apps).

So, I'm curious, both from @73sydney and other users why the choice to use the settings in this guide rather than simply choose use Whitelist mode which, at least in my experience, works on a wider range of apps AND seems less complex to setup.

FWIW, in no configuration can I get Citibank to not detect root, but luckily for now at least it seems mostly an information message as I can continue to use the app (although it does seem if I setup Biometrics that logins will fail, even if using password attempt).

UPDATE: My Citibank was being detected because it somehow (probably on update) got (partially) removed from the Magisk Deny List.

If I could suggest one update to the @73sydney his guide should be a bit clearer in regards to the DenyList. It makes a brief mention of Shamiko with the Deny List. While it is true that "Enforce Deny List" needs to be toggled "OFF", this does not mean that the DenyList is not in use. You STILL NEED to add the apps that you want to hide from Magisk/root to this list it is just that Magisk is no longer capable of enforcing it, instead Shamiko does that. I suspect that at least some people following this guide are not able to properly hide root because the guide is not clear in ensuring that not only are apps configured in HMA, but also still listed on Magisk's DenyList.

I followed these instructions using whitelist instead of the blacklist. Yes the app will not crash at first. But once you add your number and log in the app will crash.

 

[TraderJack]

I followed these instructions using whitelist instead of the blacklist. Yes the app will not crash at first. But once you add your number and log in the app will crash.

- Which app are you referring to?
- Does it work in Blacklist mode instead of Whitelist? If it doesn't work in either then that is not an indicator of the efficacy of either mode, simply that this particular app utilizes a mechanism which HMA cannot deal with in any case.

My comments above about using WL mode were due to:
1) The ease in configuration compared to BL mode (i.e. you do not need to create a template and keep it updated/applied).
2) My own experiences whereas Whitelist mode was as functional, or more so than BL mode and in no cases observed a case where BL mode was able to run apps that WL mode was not.

Based on those observations I choose to use WL mode, and was simply recommending that as an alternative.
Again, there is no reason that someone cannot choose to implement either the BL approach espoused by the guide, or the WL approach I explain. In either mode, if a problem app is detected you can always utilize the alternative mode to see if that allows the app to function.

 

[Strategistlieu]

- Which app are you referring to?
- Does it work in Blacklist mode instead of Whitelist? If it doesn't work in either then that is not an indicator of the efficacy of either mode, simply that this particular app utilizes a mechanism which HMA cannot deal with in any case.

My comments above about using WL mode were due to:
1) The ease in configuration compared to BL mode (i.e. you do not need to create a template and keep it updated/applied).
2) My own experiences whereas Whitelist mode was as functional, or more so than BL mode and in no cases observed a case where BL mode was able to run apps that WL mode was not.

Based on those observations I choose to use WL mode, and was simply recommending that as an alternative.
Again, there is no reason that someone cannot choose to implement either the BL approach espoused by the guide, or the WL approach I explain. In either mode, if a problem app is detected you can always utilize the alternative mode to see if that allows the app to function.

The app I was referring to is Stc pay. And right. Your way of using WL is definitely easier and doesn't need to be updated every time you install a new banking/payment app. Thank you for sharing knowledge and taking time to reply to my comment.

 

[TraderJack]

The app I was referring to is Stc pay. And right. Your way of using WL is definitely easier and doesn't need to be updated every time you install a new banking/payment app. Thank you for sharing knowledge and taking time to reply to my comment.

Ah yes...STC Pay. Right - to be clear I have never tested it in its full usage because I do not actually use the app. I found it once in a thread where people were discussing its problems related to root/"offensive" software.

When I use it on my rooted phone without further configuration it generally crashes almost immediately, usually opening up a webpage to the vendor which is not helpful. I found that when using it in Whitelist mode I was able to get the furthest in it, which means I was able to keep the app open indefinitely and progress to the login stage of the app.

I will take your reports as likely accurate that it does some additional checks even after the login stage which cannot be circumvented by any known means. I still continue to use the app as a benchmark if my root detection is properly configured.

So - to anyone else reading this I just wanted to be clear that I was not 100% successful in using STC Pay in WL mode, just that I was able to get further into the process in WL mode than in BL mode. I am unsure if there is any known way to get STC Pay (and other problematic apps) to always function when rooted/using "offensive" software regardless of how you choose to configure HMA.

 

[Strategistlieu]

I will take your reports as likely accurate that it does some additional checks even after the login stage which cannot be circumvented by any known means. I still continue to use the app as a benchmark if my root detection is properly configured.

So - to anyone else reading this I just wanted to be clear that I was not 100% successful in using STC Pay in WL mode, just that I was able to get further into the process in WL mode than in BL mode. I am unsure if there is any known way to get STC Pay (and other problematic apps) to always function when rooted/using "offensive" software regardless of how you choose to configure HMA.

I'm still not sure. Now I'm using the BL way. And when I attempt to log in I get this message. So I'll just wait until this period ends then try again

 

[TraderJack]

I'm still not sure. Now I'm using the BL way. And when I attempt to log in I get this message. So I'll just wait until this period ends then try againView attachment 5875025

Of course, the success or failure likely depends what apps you have on your phone.
Are you just rooted with HMA or do you also utilized Xposed, etc. ?

Likely different version of Android and even OEM builds might factor into whether or not STC pay and other apps can detect.
When using BL mode on my device the app will just force close within about 10 seconds regardless of the screen you are on.

 

[Strategistlieu]

Of course, the success or failure likely depends what apps you have on your phone.
Are you just rooted with HMA or do you also utilized Xposed, etc. ?

Likely different version of Android and even OEM builds might factor into whether or not STC pay and other apps can detect.
When using BL mode on my device the app will just force close within about 10 seconds regardless of the screen you are on.

I can confirm that Stc pay is working. For me it worked with BL way. Not sure if I switch to WL it would work or not. But I think I'm just going to stick with what worked for me and don't miss it lol.

Galaxy Note 9
Custom Rom (Noble Rom 3.2)
Android 13
Magisk delta (25210)
Zygisk -enabled-
Magisk Hide -enabled- (Stc pay selected in configuration)
SuList -disabled-
Installed modules:
1. Universal SafetyNet Fix 2.4.0
2. Zygisk LSPosed
And HMA