• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!
  • Fill out your device list and let everyone know which phones you have!    Edit Your Device Inventory

[How To] Bypass Lloyds and Santander Root Detection

Search This thread

ldyte3

Member
Nov 10, 2019
8
2
Damn so after reading all this goodness i thought i had it, got onto the santander app for about 10 seconds nothing detected continue, proceed etc, begin entering my ID and press next then boom 'root detected'. Gutted, thought i cracked it with all of your guys help.

Santander is so good at detecting, Metro bank app is happy with just magisk hide :D.

Any more idea's? When using xprivacy santander auto closes.
 

Beefheart

Senior Member
Dec 5, 2007
4,427
1,261
England
Samsung Galaxy S21 Ultra
on xprivacylua need to thick get applications for santander. it does work for me so should work for you also.

Doesn't work for me. Everything unticked in XprivacyLUA apart from Get Applications. Try to start Santander banking app, force closes after around 2 seconds. Doesn't even get to the device is rooted error with the latest version of the app.
 
  • Angry
Reactions: ldyte3

ldyte3

Member
Nov 10, 2019
8
2
So to help anyone, i have now got it working here is the info and what i'm running.

Running:
- Poco x3 pro on arrow os
- magisk v23.0
- santander app latest 4.16.0

Things i have:
- Magisk app hidden / renamed just to 'SettingsAppp'. Not that it matters.
- Magisk Hide - ON for santander. (Make sure magisk hide is also on for the isolated process, simply tab on santander in magisk hide after installing the Riru module)
- Riru / Riru core v 25.4.4
- Riru - enchanced mode for magisk hide (I believe it's called riru-unshare).
- Adaway with following sources/domains blocked.
- Renamed MyTWRP folder to MyPRWT (not sure if this is needed but i read somewhere that santander checks files/folders for a folder named TWRP). FYI, TWRP still seems to happily backup to this folder.

Code:
# This hosts file contains exported entries from AdAway.
127.0.0.1 cem.lloydsbank.co.uk
127.0.0.1 mupdates.trusteer.com
127.0.0.1 trusteer.com
127.0.0.1 fins.trusteer.com
127.0.0.1 dyknreymc91ut.cloudfront.net

A few tips i have:

If phone reboots give it 2-3 minutes to make sure magisk hide boots up and riru core etc before opening the santander app.

Did have a little blip earlier where root got detected but a wipe of data and cache for santander, a reboot, a 2-3minute wait, then re-sign in and it seems to be all happy again. However it does seem to be stable between restarts as long as you don't click santander straight after launching.

Also side note i'm not using fingerprint on the app, but i am using quick balance.
 
Last edited:
  • Like
Reactions: tyler19820201

Beefheart

Senior Member
Dec 5, 2007
4,427
1,261
England
Samsung Galaxy S21 Ultra
So to help anyone, i have now got it working here is the info and what i'm running.

Running:
- Poco x3 pro on arrow os
- magisk v23.0
- santander app latest 4.16.0

Things i have:
- Magisk app hidden / renamed just to 'SettingsAppp'. Not that it matters.
- Magisk Hide - ON for santander. (Make sure magisk hide is also on for the isolated process, simply tab on santander in magisk hide after installing the Riru module)
- Riru / Riru core v 25.4.4
- Riru - enchanced mode for magisk hide (I believe it's called riru-unshare).
- Adaway with following sources/domains blocked.
- Renamed MyTWRP folder to MyPRWT (not sure if this is needed but i read somewhere that santander checks files/folders for a folder named TWRP). FYI, TWRP still seems to happily backup to this folder.

Code:
# This hosts file contains exported entries from AdAway.
127.0.0.1 cem.lloydsbank.co.uk
127.0.0.1 mupdates.trusteer.com
127.0.0.1 trusteer.com
127.0.0.1 fins.trusteer.com
127.0.0.1 dyknreymc91ut.cloudfront.net

A few tips i have:

If phone reboots give it 2-3 minutes to make sure magisk hide boots up and riru core etc before opening the santander app.

Did have a little blip earlier where root got detected but a wipe of data and cache for santander, a reboot, a 2-3minute wait, then re-sign in and it seems to be all happy again. However it does seem to be stable between restarts as long as you don't click santander straight after launching.

Also side note i'm not using fingerprint on the app, but i am using quick balance.

Cheers but still no joy for me, done all that but it closes after a couple of seconds without even giving an error.

I think it's because I have XPrivacyLua installed, and there is no way of disguising the app name without disguising all apps, and I reckon the Santander simply won't work if it can't see any apps installed, assuming you're making this happen via root. I also have AFWall installed, another root app. Both this and XprivacyLua are more important to me than the Santander app, so I guess I'm SOL.
 

tyler19820201

Senior Member
Jun 19, 2011
327
49
London
Cheers but still no joy for me, done all that but it closes after a couple of seconds without even giving an error.

I think it's because I have XPrivacyLua installed, and there is no way of disguising the app name without disguising all apps, and I reckon the Santander simply won't work if it can't see any apps installed, assuming you're making this happen via root. I also have AFWall installed, another root app. Both this and XprivacyLua are more important to me than the Santander app, so I guess I'm SOL.
I am pretty sure you have something wrong with your settings. The previous post #483 describing perfectly how to do. I have also lua and Santander works well.
 

ldyte3

Member
Nov 10, 2019
8
2
Cheers but still no joy for me, done all that but it closes after a couple of seconds without even giving an error.

I think it's because I have XPrivacyLua installed, and there is no way of disguising the app name without disguising all apps, and I reckon the Santander simply won't work if it can't see any apps installed, assuming you're making this happen via root. I also have AFWall installed, another root app. Both this and XprivacyLua are more important to me than the Santander app, so I guess I'm SOL.
Yes i had the same thing when i had Xprivacy installed, are you using xprivacy for something else or can you give it a go with xprivacylua uninstalled?

Reboot after uninstall, clear data and cache etc all the usual stuff i'm sure you are trying :).
 

Beefheart

Senior Member
Dec 5, 2007
4,427
1,261
England
Samsung Galaxy S21 Ultra
I am pretty sure you have something wrong with your settings. The previous post #483 describing perfectly how to do. I have also lua and Santander works well.

Then in which case one of the other root apps I have installed is being detected, AFWall+ for example as I've already pointed out. Or perhaps the fact I'm using a Samsung device (S21 Ultra) is complicating things, it wouldn't be the first time in the last decade or so of using Android phones from various manufacturers I've found that something like this didn't work on a stock Samsung phone that works on a more vanilla device/build.

Regardless it doesn't work, despite the settings being identical to what is stated in the post you reference.

Yes i had the same thing when i had Xprivacy installed, are you using xprivacy for something else or can you give it a go with xprivacylua uninstalled?

Reboot after uninstall, clear data and cache etc all the usual stuff i'm sure you are trying :).

Unfortunately, I'd say XprivacyLua is my most important app and the primary reason I ended up rooting my S21 Ultra. I'd sooner live without the Santander app. Although the previous poster has indicated it works with it anyway so it appears that isn't the reason.
 

dead0

Senior Member
Sep 6, 2011
923
324
Hi anyone having trouble with halifax app as of today all things hidden etc but detect root. this app is usually not so bad.
no issues with halifax using magisk 23 on crdroid 7.6/poco f2 pro but santander app still detecting root. strangely on my poco f1 with RR no issues with either app (but still using speccy's build of magisk)
 

tyler19820201

Senior Member
Jun 19, 2011
327
49
London
What has been changed again?
My Santander UK was starting detect root since last few days.
I have latest Canary Magisk + EdXposed + XPrivacyLua. On lua only get applications has been marked for Santander UK. EdXPosed nothing touched. Magisk is hidden and magisk package itself also. Everything was fine until now...
I have not used Adaway at all and Santander was working in last few months with no issue. Lloyds and Halifax still working...
 
Last edited:

dead0

Senior Member
Sep 6, 2011
923
324
What has been changed again?
My Santander UK was starting detect root since last few days.
I have latest Canary Magisk + EdXposed + XPrivacyLua. On lua only get applications has been marked for Santander UK. EdXPosed nothing touched. Magisk is hidden and magisk package itself also. Everything was fine until now...
I have not used Adaway at all and Santander was working in last few months with no issue. Lloyds and Halifax still working...
similar issue as yourself however santander still working on my poco f1 with A10 but no on my poco f2 with A11
 

en666

Senior Member
Apr 23, 2011
51
26
Lloydsbank can be workarounded with just magisk hide and magisk rename. Unfortunately it will only last for the current session, so it's just for experimental purposes.

Clean Lloyds app cache and data
Put in aeroplane mode
Start the Lloyds app
It'll tell you that there is no internet, showing a 'try again' button
Remove aeroplane mode and once you have internet again, push the 'try again' button.
The app will now allow you to register your device.

After have registered the device, if now you close the app, the next time the app starts it will realise that the device is rooted and it will immediately de-register your device. You'll need to complete the whole process again.
 

tyler19820201

Senior Member
Jun 19, 2011
327
49
London
I have Havoc ROM with Magisk Canary and XprivacyLua on my OP3T and on my OP8T. On my 8T Santander work well but on my 3T it does detecting root. All the settings are the same. No Adaway at all. Strange.
 

tyler19820201

Senior Member
Jun 19, 2011
327
49
London
It looks like santander has got a new way to detect TWRP as deleting TWRP folder and/or renaming it not enough anymore. On my OP8T working santander with magiskcanary and lua as i have no twrp installed. but on my OP3T does not work as i have twrp installed. All the rest of the settings are same.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    How would you know if one of those employees PM'ed you? :unsure:🧐 They could just as easily PM you to get the information you aren't posting here.

    Nothing against you or anyone just thought I'd make an observation. Good work to those who have found workarounds etc to get things working.
    Good question. First of all if the person is not at least senior member or recognized developer that is not too good sign. Also check his/her profile how many comments has got, where he was posting, xp and how long is member here. Myself here over 10 years so i am genuine.
    Or not?? :LOL: This things does not give you 100% security but better then nothing, isnt it?
    1
    When I cleared the data, app doesn't start anymore. It force closes or tapping doesn't respond. I have redownload it and in that case it recognizes the root.
    Have u freezed magisk manager (with renaming it first) and put Halifax under magisk hide?
    1
    Have u freezed magisk manager (with renaming it first) and put Halifax under magisk hide?
    I sorted it out. Apparently there's problem with magisk installation. Uninstalling and installing it again fixed the problem. Thanks for the help. I will also keep them on my mind.
    1
    Does anyone in this thread have lloyds working at the moment? I've tried all the different methods in this thread and not getting anywhere. thanks
  • 22
    Hi All,

    I've seen mention of Santander but not of Lloyds bypassing the root detection. After much trial and error it's quite simple and my method will bypass both Santander and Lloyds. If bypassing Santander just do the same for the Santander app as ive said to do with Lloyds.

    <--Update 08/06/19-->

    Having flashed a new rom and following my steps again I received the detection message again but was resolved by using the Canary build of Magisk Manager.

    To get Magisk Manager Canary click the link below:

    https://github.com/topjohnwu/magisk_...pp-release.apk

    Once installed, open Magisk Manager and go to

    settings > Update Channel > Canary

    Go back to Magisk home screen and swipe down to check for updates, you'll receive an update for the canary build. Once you update follow the guides original steps below.

    <--End of update-->

    In Magisk Manager Settings:
    Enable Magisk Hide
    Enable Sytemless Host
    And if the option is available select "Hide Magisk"

    In Adaway:

    Download my exported blacklist from:

    https://drive.google.com/file/d/1xCBB4iVA65gJTTYqbhU1qTlghVYyAL1S/view?usp=drivesdk

    Then in adaway click the 3 dots in the top right to open the menu, select "Your Lists" then press the menu button again in the top right and press "Import all lists" and select the file you downloaded.

    With the urls added go back to the adaway main screen and press "Download Files and Apply ad blocking" and Reboot device. If "Download Files and Apply Ad Blocking" doesn't appear, click "check for updates" and then download them which will do the same thing.

    Once your phone has restarted install the Lloyds Banking app but don't open it. Go into Magisk Manager and select Magisk Hide from the menu and tick the Lloyds Banking app. Reboot phone and Lloyds should work perfectly!

    I managed to do this from researching other threads and adding my own bits in so credit due elsewhere as well, as usual you can follow this guide but do so at your own risk, i take no responsibility :D
    5
    I think we should start leaving bad reviews on the play store for apps that go to extreme lengths to detect root/custom recovery, especially in the case of apps that treat you like a criminal just for having a custom recovery, when you aren't even rooted.
    If an app still detects that you've been "jailbroken" (eugh) when you've tried everything possible to hide it, then whatever it's doing in your file system is extremely intrusive, and that's a good enough reason to try and knock a star off their review score if you ask me.
    Apologies if this is off topic, but it's really pissing me off that so many app developers treat people like criminals just for wanting to have full control of our own devices, or to get a bit more life out of phones that would otherwise succumb to planned obsolescence when the official firmware updates dry up. Screw these guys.
    4
    This app (Santander UK) is using Isolated Process and a scan of your installed apps to detect root.

    Just use latest Magisk Canary + Repack of Manager + Riru Core v. 23.9 + Unshare Module (to enable Magisk Hide for Isolated Process) and this app will work perfectly with root. I tested on my device. (Mi 9T Pro + MIUI 12.5 - A11)

    Riru Core v. 23.9 can be downloaded from Magisk Repo.

    Download Riru Unshare Module from the link below:


    Enable Magisk Hide for the app and its processes (uk.co.santander.santanderUK and uk.co.santander.santanderUK : oa.UB)

    If the app FC right after starting you need to search for a possible installed app triggering the detection or simple revoke the permission "Get info about installed apps" at app settings (this can differ from device to device)

    After every update of the app the Isolated Process name can be different so just re-add it to Magisk Hide again and everything should be fine.

    More info about the exploit (Isolated Process) used by a large numbers of banks to detect Magisk:

    3
    Storage Isolation (storage redirect) app from playstore also works for Santander (maybe others too?) without using island app.
    Trial version (redirect for up to 3 apps) in basic mode enabled for Santander app (plus magisk hide) worked for me.
    2
    Lloyds new host list

    I've managed to get the Lloyds app to work again. I've added a couple of hosts to be blocked on Adaway. I've also attached the full list, all you have to do is import in adaway (you might need to remove the .txt extension to import, dunno)

    # This hosts file contains exported entries from AdAway.
    127.0.0.1 cem.lloydsbank.co.uk
    127.0.0.1 mupdates.trusteer.com
    127.0.0.1 trusteer.com
    127.0.0.1 fins.trusteer.com
    127.0.0.1 dyknreymc91ut.cloudfront.net
    127.0.0.1 crashlytics.com
    127.0.0.1 dyknreymc91ut.cloudfront.net
    127.0.0.1 omtrdc.net
    127.0.0.1 sc.omtrdc.net