Does anyone know if magisk is successful at hiding root for all banking apps and other apps that do not allow root?
I have many banking apps that I need access to so don't want to root and break knox if I then have to unroot as I'm unable to use my apps.
Related
I followed the rooting guide and rooted my new Nexus 4 phone. But when I looking for apps to install on a rooted phone, I stumbled upon a blog post that said that rooting is a huge security risk that allows any installed application to gain root privilege. Is this correct? Is there anything special that I must do to secure root access? I already have SuperSU (free) installed.
The simple answer is that you're already fairly secure with SuperSU or SuperUser. The reality is a bit more complicated though. SuperSU (and SuperUser) are designed to prompt you to provide access to any applications that request root. Any application that 1) does not request root access or 2) is denied root access by the user when prompted, will not have access to root privileges. In theory, I imagine an application could find some obscure exploit in the SuperSU code and get around the access blocking provided by SuperSU, but I think that is fairly unlikely and would be patched quickly after the exploit was found.
As long as you're careful about what you provide root access to (and only provide root access to apps that you think need root, not every app that you think you trust that asks for access) then you should be fine.
raptir said:
The simple answer is that you're already fairly secure with SuperSU or SuperUser. The reality is a bit more complicated though. SuperSU (and SuperUser) are designed to prompt you to provide access to any applications that request root. Any application that 1) does not request root access or 2) is denied root access by the user when prompted, will not have access to root privileges. In theory, I imagine an application could find some obscure exploit in the SuperSU code and get around the access blocking provided by SuperSU, but I think that is fairly unlikely and would be patched quickly after the exploit was found.
As long as you're careful about what you provide root access to (and only provide root access to apps that you think need root, not every app that you think you trust that asks for access) then you should be fine.
Click to expand...
Click to collapse
Thanks raptir. I have one more question. Now that I have rooted the phone, can I block the su binary and enable it only when I need to provide another application with root access? If I do that, will the already approved applications too loose root access?
You could completely unroot the phone which would require you to go through the rooting process again. You could also use a "temp unroot" option like Voodoo OTA Rootkeeper allows, but it wouldn't add anything to security since all it does is move the su binary, not disable it completely. A malicious app could still be written to move the binary back to the proper location.
JoyceBabu said:
Thanks raptir. I have one more question. Now that I have rooted the phone, can I block the su binary and enable it only when I need to provide another application with root access? If I do that, will the already approved applications too loose root access?
Click to expand...
Click to collapse
You can go into SuperSU or SuperUser app and remove "root" access to any apps you have granted "root" to.
baseballfanz said:
You can go into SuperSU or SuperUser app and remove "root" access to any apps you have granted "root" to.
Click to expand...
Click to collapse
Actually, my question was not that. I wanted to retain root access for the apps that I have already given. But no new app should be able to get root access, so that a malicious app will not exploit any security vulnerability of SuperSU as raptir mentioned.
JoyceBabu said:
Actually, my question was not that. I wanted to retain root access for the apps that I have already given. But no new app should be able to get root access, so that a malicious app will not exploit any security vulnerability of SuperSU as raptir mentioned.
Click to expand...
Click to collapse
Gotcha! Any new app will ask for root permission. You can deny them.
Yeah, I threw that part in about the potential for an app to circumvent the security just as a disclaimer. As far as I know it has never happened, and it may not even be possible.
Just wondering if it's possible to hide root from the bar lays banking app - whenever I tried a while back it wouldn't work, just wondered if it's possible now? Thanks
MartinEv1980 said:
Just wondering if it's possible to hide root from the bar lays banking app - whenever I tried a while back it wouldn't work, just wondered if it's possible now? Thanks
Click to expand...
Click to collapse
pass safety net and magisk hide the app, should work
for all banking app
clear cash and data for app
magisk hide for the app
hide magisk in setting
REBOOT
it should work (unless some apps blacklist your device you have to do a factory reset)
I do not know if a lot op people know this:
I just checked on a Moto Z if the app "SafetyNet Test" reports an issue after I switch off "root access for apps and adb" in developer settings. It does not, it reports a safe device!
Switching root access on, "SafetyNet Test" recognizes immediately a problem.
I always thought, switching off root access would still case a problem.
Congratulation LOS team!
For root access I am using the addonsu-16.0-arm64-signed from LOS.
So, my question, what is the advantage of Magisk?
ischninet said:
I do not know if a lot op people know this:
I just checked on a Moto Z if the app "SafetyNet Test" reports an issue after I switch off "root access for apps and adb" in developer settings. It does not, it reports a safe device!
Switching root access on, "SafetyNet Test" recognizes immediately a problem.
I always thought, switching off root access would still case a problem.
Congratulation LOS team!
For root access I am using the addonsu-16.0-arm64-signed from LOS.
So, my question, what is the advantage of Magisk?
Click to expand...
Click to collapse
For LOS users who simply want superuser access (root) of the OS, the su add-on will certainly suffice. Magisk allows users to implement a fully systemless environment with which to manage & utilize root access. Magisk includes a myriad of systemless modules such as XPosed, BusyBox, audio mods, etc. These modules can be applied and used without touching the /system partition, which comes in handy for users who plan on installing future OTAs without breaking root. Magisk also includes a nifty feature known as "su hide" (Magisk Hide), which has the ability to hide root from certain apps that check for it (Netflix, Google Pay, etc), allowing these apps to run normally on rooted devices. And, as you've already noted, Magisk root can pass both basicIntegrity & ctsProfile within Google's proprietary SafetyNet protocol.
When deciding between the LOS root add-on and Magisk systemless interface, it comes down to personal preference and the individual needs and expectations of the user.
Viva La Android said:
For LOS users who simply want superuser access (root) of the OS, the su add-on will certainly suffice. Magisk allows users to implement a fully systemless environment with which to manage & utilize root access. Magisk includes a myriad of systemless modules such as XPosed, BusyBox, audio mods, etc. These modules can be applied and used without touching the /system partition, which comes in handy for users who plan on installing future OTAs without breaking root. Magisk also includes a nifty feature known as "su hide" (Magisk Hide), which has the ability to hide root from certain apps that check for it (Netflix, Google Pay, etc), allowing these apps to run normally on rooted devices. And, as you've already noted, Magisk root can pass both basicIntegrity & ctsProfile within Google's proprietary SafetyNet protocol.
When deciding between the LOS root add-on and Magisk systemless interface, it comes down to personal preference and the individual needs and expectations of the user.
Click to expand...
Click to collapse
Nice explanation. I've always used true root and not systemless and have never tried magisk. I am delighted by how easy lineage makes it to add root and that it's own privacy guard software handles the su permission. To me from outside looking in magisk just adds a ton of complications to simple access to the modify system files to which it doesn't actually modify because it's systemless. I definitely prefer traditional root access that lineage allows. In a perfect world Google would allow root access how lineage implements it. You have to flash a file and turn it on and assume all responsibility. I don't know what Google is so afraid of. People use the argument that people would be bricking their phones left and right but some how Microsoft and every Linux distro has allowed access to system files without issue.
Joe333x said:
Nice explanation. I've always used true root and not systemless and have never tried magisk. I am delighted by how easy lineage makes it to add root and that it's own privacy guard software handles the su permission. To me from outside looking in magisk just adds a ton of complications to simple access to the modify system files to which it doesn't actually modify because it's systemless. I definitely prefer traditional root access that lineage allows. In a perfect world Google would allow root access how lineage implements it. You have to flash a file and turn it on and assume all responsibility. I don't know what Google is so afraid of. People use the argument that people would be bricking their phones left and right but some how Microsoft and every Linux distro has allowed access to system files without issue.
Click to expand...
Click to collapse
It's a common misconception, but systemless root is "true" root in a sense that /system can be mounted as r/w, and can be modified if the user so chooses. It's really just a matter of preference. Root can be hidden from apps far easier in a systemless scenario. To my understanding, the biggest difference between system-wide root and systemless -- in terms of implementation -- is that the root binaries are introduced into the OS in two different manners -- one by modifying the /system partition directly and the other by way of the boot image. Both methods allow for system level modifications, and give the user full and unfettered access to the core of the OS. It's more about the method of achieving root than it is the final result. In sum, the term "systemless" root in no way means that the /system partition cannot be modified. Rather, it implies that the Android OS was rooted without the /system partition being modified or mounted r/w. This is especially necessary these days, with so many devices having dm-verity, Android Verified Boot (AVB 1.0, AVB 2.0), etc.
I have already rooted my phone and have custom rom it's all great but the problem I'm facing is apps of Banks and payment don't work which I really want. So now I'm going to unroot but I have saved data via backup on titanium backup so I was wondering if after unrooting I could give root Access to titanium backup only through USB.
There's an app called greenify which has an method to give root Access via USB.
Like :
Accessibility service run-on-demand:
adb -d shell pm grant com.oasisfeng.greenify android.permission.WRITE_SECURE_SETTINGS
Did you try MagiskHide / Canary builds when you were rooted (I assume rooted through Magisk) to avoid root detection by banking apps ?
I want to know how to root my OnePlus 5 without loosing banking apps but it should run as normal as other phones will do...