Question LSPosed on GrapheneOS - Google Pixel 6

Hello,
I recently installed GrapheneOS on my Pixel 6 and I want to use XPrivacyLua on it. But when I install and activate LSPosed (1.8.3) and reboot then it says there's no LSPosed installed. But in Magisk it is loaded together with Shamiko. Shamiko works fine, but I wasn't able to use LSPosed yet. Does anybody know how LSPosed can be used successfully on GrapheneOS?
Thank you,
Oebbler

Oebbler1 said:
Hello,
I recently installed GrapheneOS on my Pixel 6 and I want to use XPrivacyLua on it. But when I install and activate LSPosed (1.8.3) and reboot then it says there's no LSPosed installed. But in Magisk it is loaded together with Shamiko. Shamiko works fine, but I wasn't able to use LSPosed yet. Does anybody know how LSPosed can be used successfully on GrapheneOS?
Thank you,
Oebbler
Click to expand...
Click to collapse
you lose more for the little gain you get by using xprivacylua. also graphene os isn't meant to be used with root since you defeat the main goal of the os itself: security. it hardens several aspects of android to make it more secure, and that's why things like lsposed won't work.

hellcat50 said:
...graphene os isn't meant to be used with root since you defeat the main goal of the os itself: security.
Click to expand...
Click to collapse
That's a redundant and absurd thing to say. First of all, grapheneos objection to root is realistically tied to support burden and public impression rather than anything practical. Second, root doesn't threaten security if used responsibly. Third, root is HELPFUL for security when used competently.
Now for the other thing... lsposed... avoid like the plague.

Thank you for your answers!
The thing is that I cannot avoid LSPosed for XPrivacyLua on Android 12. I really want to use it in order to avoid tracking by getting IDs and other data from my device. So my question still remains on how to make LSPosed runnable.
I tried to install it with Riru. Riru was telling me that LSPosed is loaded, but the LSPosed app told me it cannot find LSPosed. It seems the same as with LSPosed on Zygisk. Is there any way to get LSPosed (or maybe EdXposed) working?

Oebbler1 said:
Thank you for your answers!
The thing is that I cannot avoid LSPosed for XPrivacyLua on Android 12. I really want to use it in order to avoid tracking by getting IDs and other data from my device. So my question still remains on how to make LSPosed runnable.
I tried to install it with Riru. Riru was telling me that LSPosed is loaded, but the LSPosed app told me it cannot find LSPosed. It seems the same as with LSPosed on Zygisk. Is there any way to get LSPosed (or maybe EdXposed) working?
Click to expand...
Click to collapse
Please read this about ID's: https://grapheneos.org/faq#hardware-identifiers

Thank you! This sounds good, but leaves something out which I also want to do:
I want to allow access to particular contacts for some apps only. And maybe in the future it should be possible to hook some other methods (with XPrivacyLua Pro) that apps use for things I don't want them to do. So I think I cannot avoid LSPosed, EdXposed or something like that. How can this be achieved?

Oebbler1 said:
Thank you! This sounds good, but leaves something out which I also want to do:
I want to allow access to particular contacts for some apps only. And maybe in the future it should be possible to hook some other methods (with XPrivacyLua Pro) that apps use for things I don't want them to do. So I think I cannot avoid LSPosed, EdXposed or something like that. How can this be achieved?
Click to expand...
Click to collapse
Contacts permission does not need any additional hacks to be denied.

hellcat50 said:
you lose more for the little gain you get by using xprivacylua. also graphene os isn't meant to be used with root since you defeat the main goal of the os itself: security. it hardens several aspects of android to make it more secure, and that's why things like lsposed won't work.
Click to expand...
Click to collapse
Unless you're running GrapheneOS via yellow state boot loader (and you checking the finger print each boot), I can't take claims of "root is insecure" quite seriously.

I don't want to deny contacts permission at all, but I want to allow only certain contacts to be seen by some apps. So I want e. g. Telegram or Signal to only see the contacts I am using in these apps. These aren't the same so Telegram's and Signal's access to the contacts list need to be hooked in order to provide individual faked/manipulated lists to these apps.
And maybe in the future some apps do a call to e. g. some app-internal ID which is used for tracking, so I want to hook that later on.
To me it doesn't matter if there are other hacks available to do these things. I'd just like to do that with XPrivacyLua Pro. So how can I get this working on GrapheneOS?

ezdiy said:
Unless you're running GrapheneOS via yellow state boot loader (and you checking the finger print each boot), I can't take claims of "root is insecure" quite seriously.
Click to expand...
Click to collapse
Yeah right rooting makes your device more secure haha. https://madaidans-insecurities.github.io/android.html#rooting

Oebbler1 said:
I don't want to deny contacts permission at all, but I want to allow only certain contacts to be seen by some apps. So I want e. g. Telegram or Signal to only see the contacts I am using in these apps. These aren't the same so Telegram's and Signal's access to the contacts list need to be hooked in order to provide individual faked/manipulated lists to these apps.
And maybe in the future some apps do a call to e. g. some app-internal ID which is used for tracking, so I want to hook that later on.
To me it doesn't matter if there are other hacks available to do these things. I'd just like to do that with XPrivacyLua Pro. So how can I get this working on GrapheneOS?
Click to expand...
Click to collapse
I don't think lsposed will ever work on graphene os. for that you will have to switch the os

hellcat50 said:
Yeah right rooting makes your device more secure haha. https://madaidans-insecurities.github.io/android.html#rooting
Click to expand...
Click to collapse
Applications don't just have access to root if you make it available to yourself. Again, its about the USER being competent and not just granting root permission willy nilly like a total retard. Nice try, but NOPE.

A project to keep an eye on...
GitHub - chriswoope/resign-android-image: Resign Android OS (esp. GrapheneOS) images with your signing keys and add ADB root and other modifications
Resign Android OS (esp. GrapheneOS) images with your signing keys and add ADB root and other modifications - GitHub - chriswoope/resign-android-image: Resign Android OS (esp. GrapheneOS) images wit...
github.com

Related

Android Pay error on rooted devices.

Ok, So i got the new updates from Google Wallet to the new Google Wallet and Android Pay.
When I attempted to setup Android Pay, I received the error that my device couldn't be "verified as being compatible."
A little browsing turned up some information that Android Pay doesn't like rooted devices, and even gave a couple of solutions.
1. Disable Superuser access if your Superuser app has the capability.
2. If option one isn't possible, then go back to stock, activate, and re-root.
This fix will NOT work for everyone, but since it is a simple setting change, it can't hurt to try this before looking into more 'drastic' measures. This will most likely only work on rooted stock ROMS.
I know that I use Chainfire's SuperSU app, and it has the ability to be disabled so the operator does not has superuser access until it is re-enabled. Simply go to your SuperSU app, go into the "Settings," and uncheck the "Enable Superuser." Different versions and other apps may be a little different, but principle should remain the same if it is an option.
After disabling SuperSU, open Android Pay and complete your initial setup. Once completed, return to the SuperSU app and re-enable Superuser access. The Android Pay app has continued working since then for me.
Based on information given by 'rbeavers,'
https://koz.io/inside-safetynet/
Guess I'm screwed
Click to expand...
Click to collapse
it appears rooted stock ROMs will probably work if you disable superuser (no guarantee though). Custom and ported ROMs most likely will never work unless the devs figure out a workaround. I would also imagine a otherwise stock ROM running a custom kernel wouldn't work either based on rbeavers' link.
Another note, I've integrated updated system apps and certain other apps into the system partition, so that probably won't matter if anyone is curious about that. (Could be different for other people though.)
Original Posting:
Just got the new Android Pay. I received an error that my device couldn't be verified as being compatible. Found some where else that it doesn't like rooted devices . Fix with SuperSU is easy. Go to SuperSU, touch Settings, and uncheck Enable superuser. Setup Android Pay, then re enable it, and so far, it's working for me.
Click to expand...
Click to collapse
Tried it didn't work for me "turned off " SU. My bank isn't on the "list". So that might be it?
Maybe? I didn't think Android Pay used the bank account, only Wallet does. Pay requires you to link your debit or credit card. Both apps automatically pulled my information, so I didn't have to dig into that very much.
Another thing my ROM is otherwise stock.
I've also read that Android Pay just doesn't like some ROMs, so users on custom or ported ROMs and a few devices in general are probably going to be left out in the cold... unfortunately.
Hopefully someone with more knowledge of the Android system can help us out here soon.
https://koz.io/inside-safetynet/
Guess I'm screwed?
Interesting read. Thanks for sharing
So, rooted stock ROMs will probably work if you disable superuser (no guarantee though). Custom and ported ROMs most likely will never work unless the devs figure out a workaround. I would also imagine a otherwise stock ROM running a custom kernel wouldn't work either based on your link.
Another note, I've integrated updated system apps and certain other apps into the system partition, so that shouldn't matter if anyone is curious about that.

Failing SafetyNet shortly after a fresh upgrade install of Rooted Stock US998 30b

I decided that I needed a fresh start with my LG v30+ after over a year on Oreo, and figured I would go ahead and wipe everything and install rooted stock pie per this thread (using the TWRP flashable method).
From there, I went ahead and installed the Magisk Modules for Busybox, Riru - Core, and Riru -EdXposed, because I wanted to have a few Xposed modules. I started out with XPrivacyLUA, and GravityBox [P], making TWRP Backups and checking SafetyNet status after each install. Because it kept passing every time, I got complacent, and stopped checking. I installed Buttered Toast Revived, GM Dark Theme Enabler, and MinMInGuard in EdXposed, followed by several apps. I then installed the 4.4.153_haumea_I.base_1.9_3 kernel, and a bunch of more apps.
It was around this time I decided that I should try and set up Google Pay, only for it to complain about the device it was installed on. I went back to Magisk Manager and sure enough I was failing SafetyNet checks on both ctsProfile and basicIntegrity. And because I wasn't checking every step of the way, I don't know what caused it to break. I've tried unloading the various modules but none of them seem to be a smoking gun, as both check continue to fail even when some or all of them are turned off.. It's not the custom kernel is it? and if so, what do I do to to roll back to stock?
I also looked into the Magisk Module, MagiskHide Props Config but the developer of that says it doesn't have much chance of fixing basicIntegrity fails. Also, they don't have a device fingerprint in their database for v30+ Pie yet. So when I have some free time to dedicate to phone tinkering, I'm going to back up what I have now, revert to an earlier backup from before things broke, pull a getprop ro.build.fingerprint, and then restore my backup of the current broken state so I can give it a try anyway. Because I'm stubborn like that.
That is, unless I get easier suggestions to try first. Passing SafetyNet would be a nice to have thing, but I wasn't passing before I did my wipe, and so I won't really miss it if I'm not passing now either.
Try looking through here: https://github.com/ElderDrivers/EdXposed/issues/386
Seems a recent SafetyNet update is halfassedly checking for the edXposed Magisk module and workarounds are hit-and-miss, with no word from the dev(s) if they're working on it or intend to.
Septfox said:
Try looking through here: https://github.com/ElderDrivers/EdXposed/issues/386
Seems a recent SafetyNet update is halfassedly checking for the edXposed Magisk module and workarounds are hit-and-miss, with no word from the dev(s) if they're working on it or intend to.
Click to expand...
Click to collapse
This was it. Blacklisting Google Play, Google Play Services, and Google Services Framework in EdExposed (the suggested workaround) seems to be working for now.
And if anyone's curious, the device fingerprint on my US998 30b is
Code:
lge/joan_nao_us/joan:9/PKQ1.190414.001/192451445de41:user/release-keys
Not that that's changed at any point in my installation process, according to the backups that I've checked. So MagiskHide Props Config wouldn't have been any use, because that wasn't the problem in the first place.
radwolf76 said:
Code:
lge/joan_nao_us/joan:9/PKQ1.190414.001/192451445de41:user/release-keys
Not that that's changed at any point in my installation process, according to the backups that I've checked. So MagiskHide Props Config wouldn't have been any use, because that wasn't the problem in the first place.
Click to expand...
Click to collapse
Well I mean...the device fingerprint is only a contributer to the long list of crap that'll trip Safetynet; Google really, really doesn't want non-compliant devices to use Safetynet apps. The scans have become quite invasive.
All the official ROMs should have compliant fingerprints, anyway.
Thing is...I didn't mean "halfassedly" in a offhand or facetious way; they probably have implemented a check, in an experimental and thus inconsistent way, that only catches the module often enough to be annoying. Or the way they're checking might depend on other things in the environment (looking for signs of its presence rather than the module itself), which would explain why the workaround works on some phones and not others. Try to keep track of any root- or Magisk-requiring changes you make.
I couldn't get a pass when I tried a few days ago, and ultimately couldn't figure out why despite doing the usual stuff and the workaround above. Decided Ingress and PokeGO were more important than GravityBox, which I've done without for years anyway :v
Enjoy being able to pass the checks, but be prepared for it to break at any moment. Google has been annoyingly persistent about patching workarounds, and the workarounds for the patches to workarounds, and so on.
I've had the same problem, although blacklisting Google play, Google services framework, and Google play services didn't help.

Snapchat login - One hekkin challenge.

Hey team,
Long time forum creeper and general tech hacker / fiddler. I don't generally post on forums but I'm hoping to nab some suggestions. Done a fair lot of looking already, but either turning up stones / outdated info / things that just aren't applicable to me.
Been looking to get Snapchat (and other stubborn apps similar) logged in on my device, honestly I don't even really use it and it's turned into more of a challenge getting it to run at this point because instead of thinking if I should I'm fixated more with the idea of proving that I could.
The phone is rooted, yes I know I could un-root it, stock rom, blah blah, but where is the fun in that?
Anywho the setup is as follows.
Galaxy S10+ SM-975F (Exynos)
Lineage OS 17.1 (Custom rom found here)
I have TWRP in as a recovery, phone is rooted with Magisk and it runs MicroG.
I have signature spoofing working with EdXposed (FakeGapps) and funnily enough I pass SafetyNet (lol I know, wassup google)
(HiddenCore for Xposed helps with this for those who seem to be struggling with newer devices)(Google is your friend "sometimes")
Now, I've done the obvious and sorted out Magisk hide, I've also tried RootCloak for Xposed with no success, again done the obvious install / reinstall / clear app data storage etc etc.
Does anyone have any ideas about what further detection methods they are employing? You'd think hiding root and passing SafetyNet would do it, but noooooo.
NB: In before It's some silly app I've left installed it doesn't like.
Your suggestions would be greatly appreciated!
deusxanthus said:
Hey team,
Long time forum creeper and general tech hacker / fiddler. I don't generally post on forums but I'm hoping to nab some suggestions. Done a fair lot of looking already, but either turning up stones / outdated info / things that just aren't applicable to me.
Been looking to get Snapchat (and other stubborn apps similar) logged in on my device, honestly I don't even really use it and it's turned into more of a challenge getting it to run at this point because instead of thinking if I should I'm fixated more with the idea of proving that I could.
The phone is rooted, yes I know I could un-root it, stock rom, blah blah, but where is the fun in that?
Anywho the setup is as follows.
Galaxy S10+ SM-975F (Exynos)
Lineage OS 17.1 (Custom rom found here)
I have TWRP in as a recovery, phone is rooted with Magisk and it runs MicroG.
I have signature spoofing working with EdXposed (FakeGapps) and funnily enough I pass SafetyNet (lol I know, wassup google)
(HiddenCore for Xposed helps with this for those who seem to be struggling with newer devices)(Google is your friend "sometimes")
Now, I've done the obvious and sorted out Magisk hide, I've also tried RootCloak for Xposed with no success, again done the obvious install / reinstall / clear app data storage etc etc.
Does anyone have any ideas about what further detection methods they are employing? You'd think hiding root and passing SafetyNet would do it, but noooooo.
NB: In before It's some silly app I've left installed it doesn't like.
Your suggestions would be greatly appreciated!
Click to expand...
Click to collapse
Sorry for double post, I've spent time podding and poking with some code and packaged something that seems to be working!
I'll keep testing it and come back
deusxanthus said:
Hey team,
Long time forum creeper and general tech hacker / fiddler. I don't generally post on forums but I'm hoping to nab some suggestions. Done a fair lot of looking already, but either turning up stones / outdated info / things that just aren't applicable to me.
Been looking to get Snapchat (and other stubborn apps similar) logged in on my device, honestly I don't even really use it and it's turned into more of a challenge getting it to run at this point because instead of thinking if I should I'm fixated more with the idea of proving that I could.
The phone is rooted, yes I know I could un-root it, stock rom, blah blah, but where is the fun in that?
Anywho the setup is as follows.
Galaxy S10+ SM-975F (Exynos)
Lineage OS 17.1 (Custom rom found here)
I have TWRP in as a recovery, phone is rooted with Magisk and it runs MicroG.
I have signature spoofing working with EdXposed (FakeGapps) and funnily enough I pass SafetyNet (lol I know, wassup google)
(HiddenCore for Xposed helps with this for those who seem to be struggling with newer devices)(Google is your friend "sometimes")
Now, I've done the obvious and sorted out Magisk hide, I've also tried RootCloak for Xposed with no success, again done the obvious install / reinstall / clear app data storage etc etc.
Does anyone have any ideas about what further detection methods they are employing? You'd think hiding root and passing SafetyNet would do it, but noooooo.
NB: In before It's some silly app I've left installed it doesn't like.
Your suggestions would be greatly appreciated!
Click to expand...
Click to collapse
Are you able to help me unlock a permanently locked Snapchat?

SafetyNet?

Is there anything I can do about this?
Did you try this:
https://forum.xda-developers.com/apps/magisk/fix-magisk-manager-20-3-ctsprofile-t4080921
- Before starting the steps, uninstall all Magisk modules and reboot.
- If your device is not listed in the Props Config, you can try Google Pixel 2 or 3 and Android 10.
- Don't forget to hide Magisk in the Options and Google Play Services, Google Play Store, Google Pay and all banking/game apps in the Magisk Hide menu.
- You should know that all Samsung services (Pay, Pass, Secure Folder, etc.) related to KNOX will never work after rooting (= KNOX tripped)...
LeGi0NeeR said:
Did you try this:
https://forum.xda-developers.com/apps/magisk/fix-magisk-manager-20-3-ctsprofile-t4080921
- Before starting the steps, uninstall all Magisk modules and reboot.
- If your device is not listed in the Props Config, you can try Google Pixel 2 or 3 and Android 10.
- Don't forget to hide Magisk in the Options and Google Play Services, Google Play Store, Google Pay and all banking/game apps in the Magisk Hide menu.
- You should know that all Samsung services (Pay, Pass, Secure Folder, etc.) related to KNOX will never work after rooting (= KNOX tripped)...
Click to expand...
Click to collapse
@jhill110 sorry for necroposting this, but does it work out for you?
Arobase40 said:
SafetyNet fix !
Quicker and easier SafetyNet fix :
Erase the cache from Magisk and flash one of these two fixes :
I used the first one and it works so I didn't test the second...
At least Secure Folder is working fine. Knox deployment is behaving weirdly as it is asking a two pass authentication and it is asking a numerical code when I receive an alphanumerical code... ^^
I don't use Samsung Pay (should at least work with Android Pay but I didn't test it) and I don't use Samsung Pass either but I don't think there should be a real problem as it was asking me to set it up but I removed totally from the system...
Click to expand...
Click to collapse
actually for me safety net fix only works for android 11 version rom of this device, and even then secure folder doesnt work correctly (for me?), it doesnt save the password, and keep poping up asking to set a password whenever I tried to enter it. The device itself become unstable and keep hot rebooting after every unlock, eventually get thermal throttled for no reason. Though the safety net solution I used was this one: kdrag0n/safetynet-fix , and prob not the one you listed actually its the same developer, though his repository does not contain a v2 release. I still gona try it though
edit: working now, not hot rebooting (yet), but secure folder still doesnt save password, thus cant still be used yet
Arobase40 said:
So make sure you pass the SafetyNet test in Magisk. When done and passed, uninstall completely and properly Secure folder from your settings, and reboot.
Click to expand...
Click to collapse
the safetynet fix worked on my device when the rom is still on android 10. That is to say, it passed the safetynet test. It was extremely unstable though, hot rebooting after every unlock (unlock, black screen samsung, then back to lock screen) I couldn't get into magisk and disable it, had to delete it through twrp. It was until android 11 that I tried it again. not extremely unstable, just "useable unstable". That was the release file on kdrag0n's repository. Your uploaded v2 file works amazingly. Thanks for sharing:>
Arobase40 said:
I wonder why you mention Android 10 when we're with Android 11 for a long time now...
So is your issue totally fixed with no instability at all anymore and is Secure Folder working also ?
Click to expand...
Click to collapse
I just want to share my experience about the same device with (prob) the same safety net fix that works on yours, but not my device.
yes, with your safety net fix my tab runs absolutely stable, and I've just tried uninstall secure folder and reinstall it again. Its working perfectly now

Question How to root Pixel 6 and successfully hide root with latest version(s) of Magisk?

I have never used a Pixel phone, but I am strongly considering a Pixel 6 now. I want to root the phone using Magisk **and** I want to successfully hide root. Furthermore, I want to be able to install some modules in an Xposed-like framework such as LSPosed, and I want the existence of that XPosed-like framework also to be hidden. Ever since Android 11, it's been complicated and confusing to figure out how to accomplish all of this in a reliable manner, given the latest changing versions of Magisk and given the various root-hiding mechanisms that are now offered, and which are also now still in development.
There is a huge amount of information about this general topic in the following threads ...
https://forum.xda-developers.com/t/magisk-general-support-discussion.3432382/page-2689#post-87696219
https://forum.xda-developers.com/t/discussion-magisk-the-age-of-zygisk.4393877/
https://forum.xda-developers.com/t/...r-unofficial-third-party-magisk-fork.4460555/
https://forum.xda-developers.com/t/lsposed-xposed-framework-8-1-13-0-simple-magisk-module.4228973/
... however, there are collectively more than 50,000 messages in this group of threads, and for me, this fits into the category of "Too Much Information", especialy given that much of this info is contradictory, with different people reporting success and others reporting failure, and different people reporting slightly different versions of the same procedures.
The reason I'm posting here is that I'm wondering of anyone has successfully accomplished what I'm trying to do with a Pixel 6 under Android 11 or Android 12, and if so, whether that person (or people) might be willing to share a straightforward, step-by-step, cookbook-like set of instructions about how to accomplish all of this from beginning to end.
By "beginning to end", I mean to start with a brand new locked Pixel 6 and to install all of the software and features that I described above, with the end result being a reliably rooted Pixel 6 (with root reliably hidden) running some sort of XPosed-like framework under Android 11 or Android 12, and which can be consistently rebooted with no boot loops.
If that is considered off-topic here, I'm glad to take this into private chat.
Thank you very much in advance for any help that you might be able to offer.
What he said, but instead of android 11 or 12, give me one for 13 please.
Oh! I somehow overlooked the following thread when I first came here:
https://forum.xda-developers.com/t/...nlock-bootloader-pass-safetynet-more.4388733/
It covers a lot of the information I'm looking for.
I will soon dig into that thread in more detail, and if it indeed ends up explaining everything that I want to learn, then I will abandon this current thread.
But for the moment, I'll keep this thread alive.
I can confirm my rooted Pixel 6 running 13 passes SafetyNet check and is certified in the Play app following those instructions. However, Google is not using SafetyNet to check for an unlocked bootloader in their apps anymore. GPay complains about device security and there are some apps that I can't download. Netflix, Hulu. Other than GApp and having to sideload Netflix, I don't have any issues.
Here's a thread about the new security check.
https://forum.xda-developers.com/t/discussion-play-integrity-api.4479337/
anyone having issues with some apps detecting root even after magiskhide should try the shamiko module. helped me
few stupid questions regarding rooting my pixel 6 .....
1) its new unlocked phone, should i have the new SIM in phone when rooting, does it matter ?
ok to put it when its done ?
same question for being signed into Google account when rooting, does it even matter, either way ?
2) is there a way to get the pixel phone transfer to show back up, or a way to access it ?
Its very easy for me to transfer all backed up data from my current Pixel 3 that way...
3) can I still run my banking & crypto apps once rooted ? I have read conflicting reports on this... elsewhere that is.
Thank y'all for the awesome information ya provide on here, and Thank You in advance if you have any input for me rooting...
Its amazing how far along we've come along since my bag phone
kengel1969 said:
few stupid questions regarding rooting my pixel 6 .....
1) its new unlocked phone, should i have the new SIM in phone when rooting, does it matter ?
ok to put it when its done ?
same question for being signed into Google account when rooting, does it even matter, either way ?
2) is there a way to get the pixel phone transfer to show back up, or a way to access it ?
Its very easy for me to transfer all backed up data from my current Pixel 3 that way...
3) can I still run my banking & crypto apps once rooted ? I have read conflicting reports on this... elsewhere that is.
Thank y'all for the awesome information ya provide on here, and Thank You in advance if you have any input for me rooting...
Its amazing how far along we've come along since my bag phone
Click to expand...
Click to collapse
1. No, yes, no
2. Yes, kind of
3. Yes with safetynet module and magisk deny list, and sometimes magisk props.
Read @Volatyle's and @Homeboy76's guides. Great info in both.
It would be better if you explained what your end result is. Hiding root can be very difficult; depending on the app requirements, simply having an unlocked bootloader can be enough, because an unlocked device will always fail hardware backed attestation.
If you're simply trying to get apps like Google Pay to work, you should need to do nothing more than install Displax's modded USNF module, and enforce DenyList on the Play Store and Play Protect service.
If on the other hand you're trying to use apps that specifically detect the presence of Magisk, then you may need to hide the Magisk app. As far as hiding the presence of root itself, I am unsure as to whether any app without root privileges can detect whether an SU binary is installed. Someone like @pndwal would know better than I would.

Categories

Resources