Wiki source for MagiskHideHidingRoot

Show raw source

@@[[MagiskHide | -- To the top/main article --]]@@
=====**{{color text="Hiding root from apps" c="blue"}}**=====
First, it might pay to check out what others have been discussing about the app you are having trouble with. Take a look at the [[MagiskHideAppsList | App resources]] for links to discussions and workarounds for a few select apps that are known to be troublesome when it comes to hiding root.

If you have apps that you need to hide root from, that detect that your device is rooted even if you can pass ""SafetyNet"", here are a few tips //(if you can't pass ""SafetyNet"", see [[MagiskHideSafetyNet | the section about SafetyNet]])//. A good aproach would be to try one thing at a time and see if the app in question stops detecting root. No need to try all tips at once...

It is quite common for apps to update with new detection methods and new ways of circumventing MagiskHide surfaces from time to time. So, if an app has been working before and suddenly starts detecting root after an update, it might pay to go through the list again and try the tips available or test the latest Canary update. Here's an example of a current detection method that MagiskHide can't deal with (one of several that are currently known):

If the app you're using has implemented one of these detection methods there's likely not much you can do at the moment. If you're capable, analysis of these methods are always welcome and any useful information can be posted on the [[ | Magisk Github repo]], either as an issue or a pull request.
==Test ""MagiskHide""==
- Make sure MagiskHide is enabled (since Magisk v20.4 it is disabled by default) and works, if you haven't already. Easiest is to add an app that uses root to the MagiskHide list. If it no longer can detect that your device is rooted, MagiskHide works. If it doesn't work, the first thing to test is to toggle MagiskHide off and on again //(also see [[MagiskHideIssues | "Test MagiskHide"]])//. Without MagiskHide active and working, apps may trigger on many things. See [[MagiskHideBasics | "Magisk can hide"]].

==The Hide list==
- Make sure that the app in question is selected in the Hide list (Under MagiskHide in the Magisk app). But, don't go crazy... Only add those apps that actually detect root. If you add too many unnecessary apps and processes you will very likely experience system instabilities //(also see [[MagiskIssues | "System instabilities"]])//

==Hide the Magisk app==
- **Note that this is only possible on Android 5+.** Many apps look for the Magisk app as a sign of your device being rooted. For this you can use the feature to hide the app (repackage it with a random name), //see “Hiding the Magisk app” below//. If the app still detects Magisk, first make sure that the hiding of the app actually worked and that you haven't ended up with [[ | two Magisk apps installed]]. Unfortunately, the way that Android works, it is almost impossible for an app to completely hide from other apps and services without advanced hacks (like Xposed). **If an app still can detect Magisk**, even if you have it on the Hide list, the app is repackaged and everything else from this list of tips is ok, **try to uninstall the Magisk app and see if this helps**. If that works, you might be out of luck and the only way to fully use the app in question is to regularly uninstall and then reinstall the Magisk app... But, before saying that for sure try using an isolation app //(see "Isolation Apps" below)// to make sure the troublesome app can't detect other apps on your device

==The Basics==
- Also make sure that your device conforms with the basics for MagiskHide to work and take a look at what Magisk can and cannot hide //(also see [[MagiskHideBasics | "Basics"]])//.

==""Passing SafetyNet""==
- Passing ""SafetyNet"", both CTS profile and basic integrity, is a good start. That way you know that MagiskHide is working and the apps that do use ""SafetyNet"" won't trigger that way. See [[MagiskHideSafetyNet | SafetyNet]] for more details on that.

==""Unlocked bootloader""==
- Some methods may check for an unlocked bootloader. Magisk have always been successful at hiding the bootloader state, but since March 2020 Google have shown us that they are implementing proper hardware key attestation where it will be impossible for Magisk to hide the bootloader state anymore. Currently, Google have not yet fully implemented this, but will likely do so soon. Once this is done it will be impossible to pass the CTS profile of ""SafetyNet"" and as a result to hide from any app or service that use ""SafetyNet"". See the [[MagiskHideSafetyNet | Unlocked bootloader]] in the ""SafetyNet"" section for more details and possible workarounds.

- Make sure you're up to date with the latest Magisk version. Magisk and MagiskHide is constantly being improved upon and there might have been changes that impact the app you're trying to hide root from.
- Also, if MagiskHide suddenly stops working after an update to Magisk or the Magisk app, try toggling MagiskHide off and on again in the app settings.

==Canary build==
- It might also be worth to try the latest Canary bleeding edge build. It might have been updated with an improved MagiskHide. You'll find the apk for the Canary app on [[ | GitHub]].

==Clear data==
- You may also have to clear data for the app in question since some apps “remember” root after finding it the first time.

==Isolated Process==
- One way apps may detect Magisk is by using isolatedProcess in their services to prevent MagiskHide from detecting that they're running ([[ | details here]]). This can be worked around though, since we have root (as topjohnwu have said: "we are root, we are not limited"), with [[ | vvb2060's]] Riru module [[ | Enhanced mode for MagiskHide]], or if you do not want to use ""EdXposed""/LSPosed you can try to disable the service that is using isolatedProcess with apps like [[ | App Manager]] or [[ | Servicely]]. Unfortunately, finding which service to disable can be the hard part of this method, since you might have to go through a bunch of processes in the app to figure out which one it is. And on top of that the service name might change whenever there's an update to the app. Hopefully, topjohnwu's plans to change Magisk to use zygote injection rather than ptrace in a future release of Magisk should make MagiskHide capable of dealing with this natively.

==Custom ROM==
- Using a custom ROM may sometimes trigger apps. Popular ROMs like ""LineageOS"" are particularly affected. The detection methods will differ, but it could be something as simple as running a general getprop command and filter on "lineage". Also see //"Prop values"// further down.

==Device encryption==
- If your device isn't encrypted there are apps that will refuse to work. I currently do not know if there are any ways of hiding the fact that the device is unencrypted (prop changes, etc).

==Other root apps==
- Some apps also detects other root apps on your device (TitaniumBackup, Xposed/""EdXposed"", etc) and stop working if they detect these. You can test by uninstalling these apps //(also see [[MagiskHideMore | "Detecting apps requiring root"]])//. You might be able to use a Work Profile app or isolation app to get around this issue //(see "Isolation apps" below)//.

==File on the internal storage==
- Another popular variant of root detection is that the app looks through your internal storage and triggers if it finds any files or folders that may hint at you having a rooted device (Titanium backup, TWRP, Magisk zips, etc). You can either delete or rename these files and folders, or use a Work Profile app or isolation app to get around this issue //(see "Isolation apps" below)//. If you want to find all files of a particular name (for example Magisk related files), you can use the //find// command in a terminal:%%find /sdcard/ -iname "*magisk*"
%% That will find all files or directories on your internal storage that contains the string "magisk" (case insensitive).

==Adoptable/external storage==
- MagiskHide does not work on apps installed to adoptable/external storage. Any apps you want to hide root from has to be installed to the internal storage.

==Magisk Modules==
- Most Magisk modules can be hidden by MagiskHide, but that depends on exactly what the module does. If you can't figure out what is triggering an app, try disabling all modules. If the app no longer triggers you can enable your modules one by one until you find the culprit. Xposed and ""EdXposed"" are two well known mods that can't be fully hidden by Magisk.

- The app may also rely on other apps/services that detect root //(also see [[MagiskHideMore | "Dependencies"]])//.

==Old root==
- If you've previously had your device rooted with a different root solution it is possible that there are remnants of that triggering whatever app you're having trouble with. Uninstall any superuser management app you might still have and run [[ | osm0sis']] [[ | unSU script]] to remove any traces. Magisk should reinstall itself, but if not you can just reinstall.

==External connection==
- Some apps will connect to an external web service that performs the check for it. This might mean that adding the app to the Hide list or repackaging the Magisk app won't help. One solution to this issue is to simply block the connection to the web service. One way is to use Magisk's Systemless Hosts and [[ | AdAway's]] "Log DNS requests" feature to figure out what domain to block. You can then add this domain directly to the ""AdAway"" blacklist and apply the hosts file. **Keep in mind that you're disabling part of the apps security.** See [[ | this thread]] for an example.

==Update Android==
- Update your device to a newer Android version. It is not possible to fully prevent detection on devices with Android versions lower than 7.0 (and the Magisk app can only be hidden on Android 5+).

==UDS detection==
- //From Magisk v19.4 this detection method is no longer possible, but I'll leave the tip in here for those who refuse to update (for whatever reason).// There is a very simple but currently effective detection method that started surfacing recently. It's easily circumvented by simply running the following command in a terminal: %%su -c chmod 440 /proc/net/unix%% This will prevent the apps that use this method to read the file. The command needs to be run at every boot, so as not to have to do it every time it is very convenient to put the command (without the "su -c" part since it isn't necessary to call su in the boot scripts) in a [[ | service.d boot script]].

==procfs leaks==
- It was discovered by topjohnwu that many OEMs ship their devices with a broken implementation of how /proc is handled and thus there are procfs leaks letting apps monitor information about other processes on your device (see [[ | here]] for an in-depth write-up) . This will let those apps detect Magisk... Since Android 7.0 this is not supposed to be allowed, but manufacturers being manufacturers, and whatever. From Magisk v18.0 MagiskHide will fix the leak on any Android 7.0+ devices. Unfortunately, nothing can be done about this on earlier Android versions.

==Prop values==
- There's always a possibility that the ROM you are using have some props that makes it possible for an app or service to decide if your device is "compromised" or not. An example is //persist.sys.root// which can be found on some ROMs (Lineage) and need to be set to 0. That is just an example though, and determining if other props is being detected require a lot of analysing. Changing props can be done directly in the prop files (if /system can be mounted rw on your device), by a [[ | Magisk boot script]] or with the Magisk module [[ | MagiskHide Props Config]].

- It has been reported that some apps go to extremes and blacklist your device with the bank/service provider/etc. If that's the case you're likely going to have to reflash your device or otherwise change your device id to get around it. This is kind of uncommon though. Consider it a last resort.

==Other stuff==
- If none of the above works, try disabling USB debugging, OEM Unlocking (see //"OEM Unlocking"// below before doing that), developer options, etc //(see [[MagiskHideBasics | ”Magisk can not hide”]])//. There are also apps that need a little more TLC when trying to hide root from them. Take a look at //[[MagiskHideAppsList | App Resources]]// below. Also keep reading the rest of the guide...

===**Hiding the Magisk app**===
Keep in mind that full obfuscation of the Magisk app is only possible of Android 9 and newer versions. If full obfuscation is possible, the app will install a stub app that loads the rest of the app dynamically from it's own data folders. There is nothing in the stub that can be identified as the Magisk app.

Hiding the app is done by going to the app settings and choosing “Hide Magisk app”. When this is done, the app is repackaged with a random package name and can therefore not be detected by any apps or services looking for com.topjohnwu.magisk. Since v6.1.0 of the app, the app name is also changed, by default to "Settings" (in earlier releases this was "Manager") to circumvent apps and services detecting "Magisk" in the app name, but you can pick your own app name as well to make the app completely anonymous. If you have the app hidden, but it is still called "Magisk app", even though you are on app version v6.1.0+, try unhiding it and hiding it again. The name can't be changed when updating from an earlier version than that if it is already hidden.

You can see if your app is hidden on the main screen of the app. Under the information about the latest app release there will be a package name consisting of a random string. The “Hide Magisk app” option will also be changed to "Restore Magisk app" in the settings on a hidden app.

===**Unhiding the Magisk app**===
Go to the app settings and choose "Restore Magisk app".

You can also unhide the app by uninstalling the repackaged app and manually install the apk. Get it from the ([[ | release thread]] or [[ | GitHub]])

===**Can't hide the Magisk app**===
If you're having issues trying to hide (repackage) the Magisk app, this is often caused by having the app installed as a system app, either by you or the ROM creator. This is a bad idea... But, there might be other reasons as well. See [[ManagerIssues | "Can't hide the Magisk app"]] for more info.

===**Isolation apps**===
If an app is detecting the hidden Magisk app or other root apps or files/folders on your device that hint at a rooted/modified device, you might be able to use an isolation app to prevent it from doing this. There are a few different apps you can use. There's [[ | Storage isolation]] that can be used to gain full controll of what parts of your internal storage an app can see. You can also isolate apps in a Workspace profile with apps like [[ | Island]] or [[ | Shelter]] (of which the latter is open source, yay).

There are also many different ways of isolating apps and processes using Xposed/""EdXposed""/""LSPosed"". See below for more.

===**USB/ADB debugging**===
If you haven’t yet, try disabling USB/ADB debugging to see if this helps you use your root detecting app.

===**OEM Unlocking**===
If you haven’t yet, try disabling OEM Unlocking to see if this helps you use your root detecting app. Be careful with this option though. There is a chance that it can cause issues.

**WARNING 1** On Samsung devices, toggling OEM Unlocking might be enough to lock the bootloader. This might mean you end up with a device that can't boot.
**WARNING 2** On some devices (known: Huawei) both OEM Unlock and an unlocked bootloader is necessary for the fastboot flash command to work. This should not be the case on devices that use vanilla Android (Google), or stay close to vanilla Android. Please exercise caution.

===**Developer options**===
If you haven’t yet, try disabling Developer options to see if this helps you use your root detecting app.

===**Samsung Knox**===
If you have a Samsung device you have likely triggered [[ | Knox]] when rooting your device. This cannot be undone and it cannot be hidden, so if an app is using the Knox fuse to determine if you have been modding your device there is nothing that can be done.

I don't do Samsung, so I do not know how to determine if an app detects Knox or not, except that it might show up in a [[ | logcat]]. If the app works perfectly with Magisk and MagiskHide on a non-Samsung device, but doesn't on a Samsung it's very probable that it's Knox that is causing issues.

===**Nothing works**===
If you can't get it working even though you've tried everything, grabbing a logcat when the app detects root might show something //(see [[MagiskHideHelp | "Asking for help/reporting bugs"]])//. Save the log and post it in the [[ | General support thread]], with plenty of details about the issue. Just make sure you've tried everything first.

===Riru/**Xposed/""EdXposed""/""LSPosed"" and root hiding modules**===
It might also be possible to use Riru or[[ | Xposed/EdXposed/LSPosed]] modules to help hide root from apps. This is a constantly developing field, so I won't list available modules here. You can search yourself and take a look at that might be available. It is possible that Riru/Xposed/""EdXposed""/""LSPosed"" itself will be detected though...
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki