snake-4
Zygisk detected by several banking apps
Describe the bug The following banking apps detect device rooted and refuse to run normally:
- https://play.google.com/store/apps/details?id=com.hangseng.rbmobile
- https://play.google.com/store/apps/details?id=com.scb.breezebanking.hk
- https://play.google.com/store/apps/details?id=com.citic.inmotion
Steps To Reproduce
- Install and launch the app
- Accept reminders and EULA if any
- Security Warning is shown and app refuse to run normally
Not working with below variant (each with reboot, clearing app storage and lauching app again)
- Same result after: install Zygisk Next, disable built-in Zygisk
- Same result after: install Shamiko
- App force close after: install JingMatrix/LSPosed & Hide-My-Applist (removing Hide-My-Applist makes app launch again with root detected)
Context
- Device: Xperia 5 III
- OS: LineageOS 22.1 (Development settings disabled)
- Version of Magisk, KSU or APatch: Magisk 28.1 (28100)
- Other Root Module(s):
- Play Integrity Fix v18.6
- Zygisk Assistant v2.1.4
- Zygisk Next 1.2.7
- Shamiko v1.2.1
- JingMatrix/LSPosed 1.10.1
- Hide-My-Applist: 3.3.1
- LSPosed Module(s): None
Logcat
Update on Mar 7:
With the following setup (regardless of Zygisk Assistant enabled or disabled), 2 (com.hangseng.rbmobile and com.citic.inmotion) of the banking apps no longer detects roots and the remaining 1 (com.scb.breezebanking.hk) gets force closes itself upon launching for a few seconds:
- Magisk 28.1 installed
- config: Zygisk enabled
- config: Enforce DenyList disabled
- config: DenyList includes banking apps
- config: Systemless Hosts enabled
- config: Hide the Magisk app enabled
- Magisk module installed:
- Play Integrity Fix v18.7
- JingMatrix/LSPosed v1.10.1
- Shamiko v1.2.1 (no difference if disabled with EnforceDenyList enabled)
- Zygisk Assistant v2.1.4 (no difference if disabled)
- Zygisk Next 1.2.7 (no difference if disabled with Zygisk enabled)
- Extra apps installed
- AdAway 6.1.4 (to test Hide My Applist)
- Hide My Applist: 3.3.1 (template with AdAway and randomized Magisk app invisible to banking apps)
- OS:
- LineageOS 22.1 (20250228-NIGHTLY)
- Developer options disabled
this app also detected https://play.google.com/store/apps/details?id=com.chinarailway.globalticketing&hl=en-us
Revolut is detecting root when I have Zygisk Assistant 2.1.4 installed. Downgraded to 2.1.3 and Revolut has works along with every other app/banking apps etc.
Please look into this, thanks
Revolut is detecting root when I have Zygisk Assistant 2.1.4 installed. Downgraded to 2.1.3 and Revolut has works along with every other app/banking apps etc.
Please look into this, thanks
Share the mount files with 2.1.3 and 2.1.4. cat /proc/self/mountinfo from Termux. Not from ADB.
Attached the output from the two. Zygisk Assistant 2.1.4.txt Zygisk Assistant 2.1.3.txt
Try to do touch /data/adb/modules/zygisk-assistant/skipdelprop from a root shell and restart. The only mount related change was ext4 specific and your data partition is F2FS.
Tried that command and gave the phone a reboot which seems to have worked and Revolut is now working with latest Zygisk Assistant again.
Hi, will you be making a fix for this?
Having skipdelprop file worked.
Basically it's skipping delprop part of the script which was causing Revolut to detect root.
https://play.google.com/store/apps/details?id=com.ge.capital.konysbiapp
Add this app also in list.
https://play.google.com/store/apps/details?id=com.google.android.apps.walletnfcrel
Add app "google wallet" also in list. LineageOS 22.2, magisk 29 (modules: pif-next 2.1, yurikey 1.4, trickystore 1.3.0)
Also being detected in "IDFC FIRST Bank: MobileBanking" app:
- https://play.google.com/store/apps/details?id=com.idfcfirstbank.optimus
Also detected by Iranian banking app bank shahr plus app ver 7.0.2 http://cafebazaar.ir/app/?id=com.citydi.hplus&ref=share
The bbva banking app works fine but it detects root when you try to enter the contactless payment settings under your card. You can still use the app but you cannot setup phone contactless payment.
The funny thing is that if you try just after a phone reboot it works, but after a few minutes (maybe seconds?) it detects the root again so contactless payment is basically unusable.
EDIT: With the latest version the trick to reboot the phone does no longer seem to work.
Attached the output from the two. Zygisk Assistant 2.1.4.txt Zygisk Assistant 2.1.3.txt
Try to do
touch /data/adb/modules/zygisk-assistant/skipdelpropfrom a root shell and restart. The only mount related change was ext4 specific and your data partition is F2FS.
I tried both touching /data/adb/modules/zygisk-assistant/skipdelprop and downgrading to 2.1.3, but Revolut is still detecting root on my side.
I have Magisk v29, Zygisk enabled, denylist not enforced. Modules installed: Play Integrity Fork, Tricky Store, Zygisk Assistant. I'm currently getting STRONG integrity.
One thing I noticed is that Native Detector gives me this issue: Found magic mount: /apex/com.android.art/javalib/core-oj.jar.
