Working: Magisk with Google Pay as of gms 17.1.22 on Pie

[zgfg]

Same here!

When i read the Google help Page for this, i think they also now check the build Text. And in the build text for me is the following

QQ3A.200805.001
PixelExperience_polaris-10.0-20201122-0400-OFFICIAL

And this is the sign for Google that i dont use official Software. But it is only a thought.

I cant understand, Why it is a problem for google when we have a rooted Phone.

That build text is called device fingerprint, e.g. you get it from Terminal app by
getprop ro.build.fingerprint

You can also read them (there are more similar props), by use of e.g. SesEdit app from Playstore

In order to get GPay working, your Device must show as certified in Playstore, and in order for that device must pass SafetyNet test

Mathematically speaking, these are NECESSARY condintions, but maybe NOT SUFFICIENT

That is, if you don't pass A then 100% B will also fail. But if you do pass A, there is still a (small) chance to fail B, but bcs of other reasons

You can use Magisk Hide Props Config to fake the device fingerprint and/or device product model to trick the Google to pass the SafetyNet

Edxposed etc, might be just one of those other reasons to fail the Basic Integrity (part of the SafetyNet test)

Those tests and restrictions are not only Google's wish. E.g., banks don't want their users to use the rooted phones (discuss with them how and why) and they require some mechanism to attest if the phones are running the original software that was certified by the phone vendors or if somebody tweaked the phone by potentially security risky changes

They don't have mechanism and it would be too complicated, practically impossible to prove that your changes did not introduce security risks - the other way would be for you to go alone to Google and pay for the time and material to let them attest and certify your root changes against all standards, security, etc - then you would show to your bank your attest certificate and your bank would say ok

Think similarly about passing the technical exam for your car if you replaced the original and certified engine, suspension, etc

 

[berndbread]

That build text is called device fingerprint, e.g. you get it from Terminal app by
getprop ro.build.fingerprint

You can also read them (there are more similar props), by use of e.g. SesEdit app from Playstore

In order to get GPay working, your Device must show as certified in Playstore, and in order for that device must pass SafetyNet test

Mathematically speaking, these are NECESSARY condintions, but maybe NOT SUFFICIENT

That is, if you don't pass A then 100% B will also fail. But if you do pass A, there is still a (small) chance to fail B, but bcs of other reasons

You can use Magisk Hide Props Config to fake the device fingerprint and/or device product model to trick the Google to pass the SafetyNet

Edxposed etc, might be just one of those other reasons to fail the Basic Integrity (part of the SafetyNet test)

Those tests and restrictions are not only Google's wish. E.g., banks don't want their users to use the rooted phones (discuss with them how and why) and they require some mechanism to attest if the phones are running the original software that was certified by the phone vendors or if somebody tweaked the phone by potentially security risky changes

They don't have mechanism and it would be too complicated, practically impossible to prove that your changes did not introduce security risks - the other way would be for you to go alone to Google and pay for the time and material to let them attest and certify your root changes against all standards, security, etc - then you would show to your bank your attest certificate and your bank would say ok

Think similarly about passing the technical exam for your car if you replaced the original and certified engine, suspension, etc

My device is certified in play store and pass safetynet test. I dont use edxposed. Perhaps it is useful to hide magisk Manager! I think this is a important point.

 

[Lord Sithek]

My device is certified in play store and pass safetynet test. I dont use edxposed. Perhaps it is useful to hide magisk Manager! I think this is a important point.

Possibly repacking Magisk Manager would help. But EdXposed is the main challenge - that's what it's all about ? I don't really want to sacrifice this since I use several modules important to me

Sent from my tucana using XDA Labs

 

[zgfg]

My device is certified in play store and pass safetynet test. I dont use edxposed. Perhaps it is useful to hide magisk Manager! I think this is a important point.

Hiding Magisk Manager has nothing about SafetyNet and Device is (not) certified.
But you must make sure that Magisk Hide is enabled in Magisk Manager settings

(Magisk and Magisk hide is not the same as Magisk Manager and Hide Magisk Manager)

But yes, there are some banking apps etc that also look for Magisk Manager and if find the apo, they conclude that phone is rooted (similarly they may look for Titanium app or TWRP folder)

Anyway, theory behind the SafetyNet (with the table what and how causes Basic Integraty and CTS Prifile failing - you will see that huding Magisk Manager app has nothing with them) is here, official from Google:
https://developer.android.com/training/safetynet/attestation

 

[Mew789]

Is it working with latest gpay version ? I have uses magiskhide propos config module and can pass safetynet but still cannot use gpay. They Say m'y sévices doesn't respect security...

 

[berndbread]

Is it working with latest gpay version ? I have uses magiskhide propos config module and can pass safetynet but still cannot use gpay. They Say m'y sévices doesn't respect security...

The Google Pay Version isnt important. The Google Pay App also isnt important. You can use Google Pay without the App. Google Pay is firmly integrated in Android. With the App, perhaps you have more Features.

Have you hide the magisk Manager? After that clear App data for Google play store and Services, restart and try it again. Do you use SQL and gpay fix module in magisk?

---------- Post added at 10:01 PM ---------- Previous post was at 09:55 PM ----------

@Lord Sithek and zgfg
I think you miss understand me. Google pay work for a few days, but then there come the safety failure in the Google Pay App. I havent changed anything. And now i only hide magisk Manager and Google pay work again.

---------- Post added at 10:01 PM ---------- Previous post was at 10:01 PM ----------

@Lord Sithek and zgfg
I think you miss understand me. Google pay work for a few days, but then there come the safety failure in the Google Pay App. I havent changed anything. And now i only hide magisk Manager and Google pay work again.

 

[nunytes]

Apparently it's working well with latest riru and EdXposed. Need some days to test, but by now I should had security issues with GPay app and it's working fine until now!

 

[pndwal]

Just a heads-up:

I read here some had G Pay working without SQ Lite fix.

I've just rooted my Redmi Note 8T, and thought I'd check this, and was surprised to find G Pay works fine!... it's found in PlayStore, runs and is set up without issue (no warnings about modded device etc), and NFC payment works fine too.

I have MagiskHide toggled on of course, but NO modules as yet, SafetyNet fully passing w/ BASIC evalType, and PlayStore 'Device is Certified'; no other mods. Running Shock MIUI 12 / Android 10.

I don't know what's changed, but seems I don't / others may not need SQ Lite fix to have G Pay with root any longer!

Of course, this may well prove to be a temporary reprieve.

Perhaps Google is just getting soft?... Shucks, I feel all warm 'n fuzzy... PW

 

[73sydney]

Just a heads-up:

I read here some had G Pay working without SQ Lite fix.

I've just rooted my Redmi Note 8T, and thought I'd check this, and was surprised to find G Pay works fine!... it's found in PlayStore, runs and is set up without issue (no warnings about modded device etc), and NFC payment works fine too.

I have MagiskHide toggled on of course, but NO modules as yet, SafetyNet fully passing w/ BASIC evalType, and PlayStore 'Device is Certified'; no other mods. Running Shock MIUI 12 / Android 10.

I don't know what's changed, but seems I don't / others may not need SQ Lite fix to have G Pay with root any longer!

Of course, this may well prove to be a temporary reprieve.

Perhaps Google is just getting soft?... Shucks, I feel all warm 'n fuzzy... PW

No one would be happier than me if it turned out the SQLite fix was no longer needed.

I imagine it would make you even happier @pndwal , as you do most of the support for my module

 

[pndwal]

No one would be happier than me if it turned out the SQLite fix was no longer needed.

I imagine it would make you even happier @pndwal , as you do most of the support for my module

Well, I / others really appreciate your efforts...
Edit: AND @BostonDan's!

... but thats a bit generous...

Didn't think you'd mind the changes either, but I'm not yet sure what they mean going forward... PW

 

[73sydney]

Well, I / others really appreciate your efforts...
Edit: AND @BostonDan's!

... but thats a bit generous...

Didn't think you'd mind the changes either, but I'm not yet sure what they mean going forward... PW

How very dare you forget @BostonDan

 

[choczplays]

This doesn't work for me. I have Poco X3 NFC rooted with xiaomi.eu rom. Not set up error. Can someone help me ?

After services data delete it works now nice.

 

[pershoot]

This process is confirmed working on the Pixel 4A-5G (latest patch set), standard GPAY application (not the new one), Magisk Beta.

 

[simplepinoi177]

Hey all!

How does this method and/or the magisk module work on the Pixel 5? I apologize if it seems I didn't do my due diligence and use the search function, but I actually did try but since the site's upgrade the "search in forum" option isn't showing; but I did find that you can set the search toggle to "this forum" or "this thread". In any case, I did try to search the term of "pixel 5" within the thread/forum and none of the results pertained to this process.

When I did this process on my Pixel 2, I did what was on the OP and did things manually and that's how I got things to work. Should I do it manually again or has there been success with the module on the Pixel 5?

 

[73sydney]

Hey all!

How does this method and/or the magisk module work on the Pixel 5? I apologize if it seems I didn't do my due diligence and use the search function, but I actually did try but since the site's upgrade the "search in forum" option isn't showing; but I did find that you can set the search toggle to "this forum" or "this thread". In any case, I did try to search the term of "pixel 5" within the thread/forum and none of the results pertained to this process.

When I did this process on my Pixel 2, I did what was on the OP and did things manually and that's how I got things to work. Should I do it manually again or has there been success with the module on the Pixel 5?

Doesnt really matter what the model is, as long as you can pass safetynet, it will work

You can do the original method or the magisk module method... i recently updated the module post with a prerequisite checklist and step by step process to make things (even) easier (hopefully)

 

[BostonDan]

Doesnt really matter what the model is, as long as you can pass safetynet, it will work

You can do the original method or the magisk module method... i recently updated the module post with a prerequisite checklist and step by step process to make things (even) easier (hopefully)

I still do my original, but all that is required is changing the permissions, as long as GPay hasn't failed before first launch. But I'm glad to see the community's support and interest in this.

Cheers,
B.D.

 

[73sydney]

I still do my original, but all that is required is changing the permissions, as long as GPay hasn't failed before first launch. But I'm glad to see the community's support and interest in this.

Cheers,
B.D.

Hehe i have to marvel at how ive taken what is a fairly brief OP by you and turned it into what @Didgeridoohan once called "the most wordy post on XDA" in my post for the module - a month back i actually hit the character limit, and had to remove a few paragraphs when i rejigged it

 

[osm0sis]

No one would be happier than me if it turned out the SQLite fix was no longer needed.

I imagine it would make you even happier @pndwal , as you do most of the support for my module

Doesnt really matter what the model is, as long as you can pass safetynet, it will work

You can do the original method or the magisk module method... i recently updated the module post with a prerequisite checklist and step by step process to make things (even) easier (hopefully)

Hi! Nice work here!

Yesterday I switched to my OnePlus 8T as my DD and unfortunately ran into the "Not set up" Google Pay issue for the first time on any of my devices. I flashed your latest zip, and even cleared the GPay data but it didn't seem to make any difference. I noticed the following as the log:

System boot completed

/system/bin/chmod....accessible

/data/data/com.google.android.gms/databases/dg.db....accessible

[titanium] SQLite3 binary found in: /data/data/com.keramidas.TitaniumBackup/files

Google Pay stopped successfully

Chmod 440 command completed successfully
Permissions reported as: 440

And I noticed no SQLite stuff so took a look into the script and noticed it's all behind $runsql -eq 1 but nothing ever seems to set that? Just confused as to how that's supposed to work. I just went ahead and set runsql=1 above it, rebooted, checked the log and it ran and then Google Pay started working, so

 

[73sydney]

Hi! Nice work here!

Yesterday I switched to my OnePlus 8T as my DD and unfortunately ran into the "Not set up" Google Pay issue for the first time on any of my devices. I flashed your latest zip, and even cleared the GPay data but it didn't seem to make any difference. I noticed the following as the log:

System boot completed

/system/bin/chmod....accessible

/data/data/com.google.android.gms/databases/dg.db....accessible

[titanium] SQLite3 binary found in: /data/data/com.keramidas.TitaniumBackup/files

Google Pay stopped successfully

Chmod 440 command completed successfully
Permissions reported as: 440

And I noticed no SQLite stuff so took a look into the script and noticed it's all behind $runsql -eq 1 but nothing ever seems to set that? Just confused as to how that's supposed to work. I just went ahead and set runsql=1 above it, rebooted, checked the log and it ran and then Google Pay started working, so

I'll have a look at it

Ahh, nice catch...there used to be 3 versions of the script, including one that just changed permissions on the database file and didnt run the SQLite commands....over time i took down the others and concentrated on one version

Looks like when i was cleaning up my drive the other day, im in the middle of my yearly clean up and format and clean install Windows thing, i must have consolidated the scripts and overwritten the one that has that variable set....and uploaded it to make sure it was the latest...oops

Fixed now...its (again) set at top of script, so the adventurous *could* still turn running the SQLite commands off

Looks like ive gotten away with it for a week or so as as pwndal noted for whatever reason he (and others) have been getting by without needing the fix recently. But im glad its fixed

Thanks for bringing this to my attention, big fan of your work, used your stuff many times over the years

 

[osm0sis]

I'll have a look at it

Ahh, nice catch...there used to be 3 versions of the script, including one that just changed permissions on the database file and didnt run the SQLite commands....over time i took down the others and concentrated on one version

Looks like when i was cleaning up my drive the other day, im in the middle of my yearly clean up and format and clean install Windows thing, i must have consolidated the scripts and overwritten the one that has that variable set....and uploaded it to make sure it was the latest...oops

Fixed now...its (again) set at top of script, so the adventurous *could* still turn running the SQLite commands off

Looks like ive gotten away with it for a week or so as as pwndal noted for whatever reason he (and others) have been getting by without needing the fix recently. But im glad its fixed

Thanks for bringing this to my attention, big fan of your work, used your stuff many times over the years

Ah good, I'm not crazy!

My thought is that I just tripped some deeper bootloader check in GMS earlier on before I rooted and despite MagiskHide and Play Store wipe getting me passing and certified the only way to clean out the old check was the SQLite hack.

Now that it's working I've removed the module, set up GPay the rest of the way, got all my loyalty cards, etc. back and all is still working, so fingers crossed it'll stay that way.