More hiding tips


There are some apps that require one or more other apps or processes being added to MagiskHide. So if an app is asking for extra permissions, try hiding the corresponding app/process as well. As an example: for a banking app asking for permissions to make phone calls it might be necessary to add the Phone app as well as the banking app to MagiskHide. Unfortunately it's not necessarily the case that the app or process used for finding root asks for permissions (also see "Figuring out if an app has dependencies, looks for 'sensitive props', Busybox, etc" below).

Sensitive props

Some apps trigger if they find "sensitive props". Also, on some devices SafetyNet triggers if certain props are not set to the expected values. A few props are set to "safe" values by MagiskHide by default. These prop are known to trigger some apps that look for root and "tampered" devices. Currently these are (apart from props for the bootloader state):
ro.debuggable (set to 0 by MagiskHide) (set to 1 by MagiskHide) (set to user by MagiskHide) (set to release-keys by MagiskHide) (set to 0 by MagiskHide)

Some examples of other props to change may include:

Use the command "getprop" (without quotation marks) on the props in a terminal emulator to see what they're set to (see example below). Note that not all props used can be found in build.prop, there's also default.prop, etc.
getprop ro.debuggable

The props can be changed with a Magisk module or with a boot script (don't forget to set the proper permissions for the script to execute) and the resetprop tool.

If you have a ROM (stock is usually a good bet) that can pass SafetyNet or use an app on without modifications, check for props on that ROM that you can change to on the ROM you're having trouble with (also see "Figuring out if an app has dependencies, looks for 'sensitive props', Busybox, etc" below).

Please note that changing prop values may have other consequences for your device than just being able to pass SafetyNet or hide root. If you're experiencing issues after changing prop values, revert them and see if that helps.

Reverting prop values set by MagiskHide

If you for some reason need to reset the prop values that MagiskHide changes (see "Sensitive props" above), you can do this with the Magisk module MagiskHide Props Config. It can also be done by using a boot script that runs the resetprop tool to change back to the desired prop value. Add the following to a file you place in /data/adb/service.d (and don't forget to set the proper permissions for the script to execute):
resetprop <property name> <value>

Add whatever property and value you need changed. Changing back to userdebug would look like this:
resetprop userdebug


Some apps detect Busybox and see this as a sign of your device being compromised (rooted). Magisk should be able to hide any Busybox installed as a Magisk module. osm0sis has a great Busybox module available in the Magisk repo (install from the Magisk app, under "Downloads").

Figuring out if an app has dependencies, looks for "sensitive props", Busybox, etc

It can be tricky figuring out if an app is dependent on another app or process for detecting root, expects certain prop values, doesn't like Busybox or whatever is triggering a root warning within the app. Apart from trying one thing/prop at a time, finding this out could mean you have to decompile the apk to look at the source code (use search), grab a logcat when the app is detecting root, etc.

Detecting apps requiring root

There are apps that detect known apps that require root and refuse to work properly or even start if that is the case. Usual suspects include (but aren't limited to) busybox apps, Xposed installer, root hiding apps, etc.

This can be worked around by uninstalling or possibly freezing (Titanium Backup can do this, among others) the offending root app when you need to use an app detecting root apps and reinstalling/unfreezing it afterwards. Cumbersome, but it might work. There are also some Xposed modules that can hide apps from other apps, but having Xposed installed might cause other issues with tampering detection...
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki