Hi all,
Device is a rooted Google Pixel 5a with Android 11, Magisk 25.1 with zygisk (Modules: MagiskHide props config, Shamiko, systemless hosts, universal safetynet fix, and zygisk-LSPosed), and XprivacyLua.
Device is passing safety net Basic Integrity and CTS profile match.
Can use other banking apps like Bank of America and PNC just fine. Just opened new account with U.S. Bank. U.S. Bank app opens and lets me log in, then wants to verify my phone number. It sends me the OTP and after I enter it I get a message that 'something has gone wrong' and I am logged out. When I try to log back in, I get a message that my username/account is disabled. I have to wait 48 hours and then ask U.S. Bank customer support to re-enable it.
I'm assuming this has something to do with rooted status of my device. Usually banking apps will open and crash quickly, or say something about detecting root. In the past I just add these apps to the DenyList in Magisk and all is well. Is there a way to troubleshoot what exactly is triggering the locking of my account?
Thanks
Maybe the Magisk Hide Option of the Magisk v25.1 is not fully effective for the U.S. Bank app.
Who knows. Either way US Bank has now closed my account so I won't be able to figure it out anyway. I was trying to send a zelle payment to one of my vendors I've used before and it wasn't going through. When I inquired as to why, they informed me the vendor had been involved with fraud and they were closing my account too, for just attempting to send a payment. Bankers are such morons and their policies are fascist. Guilty by association is their mantra, ****ing snowflakes.
Related
I downloaded the subway app today & when i opened it i got this message. Question is why would the app look to see if im rooted?
It's not uncommon for apps that allow pre-payment or NFC payments to disable that function or not work at all if you're rooted. If all you want to do is find a store or look at the menu, root obviously wouldn't allow anything nefarious, but anything involving payment could be suspect if you're rooted (at least in their eyes).
Because with root it's possible to hack the device to alter digital transactions and steal money from the account on the phone.
Not sure why you'd want to rob your own bank account, but alas.
It's there for the same reason they put "Don't put your baby or cat in the microwave" warning labels on microwave ovens. Someone, somewhere (we all know where) will no doubt find a way to sue them over it if they don't slap a warning on it.
My banking app stopped working 30mins ago and after I nuked the data/cache and got it working again. I caught the app asking for new permissions that I don't believe it asked for before
telephoneManager/getSimOperatorName - in my case o2
settings.Secure.getstring/android_id - same as asking for the serial, why does my bank need this.
PackageManager.getindstalledPackages - wtf does it need to know what apps are on my personal phone?
NetworkInfo.getextrainfo - why does it need to know who my data provider is?
AdvertisingClient$Info.getid - why the actual f*** does a banking app or my bank need my advertising id.
TelephonyManager/getNetworkOperatorName - asking who my operator again, why.
Fabric.with/Kits - not quite sure what this is, cant find anything beyond its something to do with android SDK.
I am emailing my bank app support to see if I can get some straight answers, but in the meantime can someone tell me what "Fabric.with/Kits" is and why the app would be asking for this permission?
b1k3rdude said:
My banking app stopped working 30mins ago and after I nuked the data/cache and got it working again. I caught the app asking for new permissions that I don't believe it asked for before
telephoneManager/getSimOperatorName - in my case o2
settings.Secure.getstring/android_id - same as asking for the serial, why does my bank need this.
PackageManager.getindstalledPackages - wtf does it need to know what apps are on my personal phone?
NetworkInfo.getextrainfo - why does it need to know who my data provider is?
AdvertisingClient$Info.getid - why the actual f*** does a banking app or my bank need my advertising id.
TelephonyManager/getNetworkOperatorName - asking who my operator again, why.
Fabric.with/Kits - not quite sure what this is, cant find anything beyond its something to do with android SDK.
I am emailing my bank app support to see if I can get some straight answers, but in the meantime can someone tell me what "Fabric.with/Kits" is and why the app would be asking for this permission?
Click to expand...
Click to collapse
Yes, seems like a lot of unnecessary permissions, I'd be suspicions also. Though they might be using those permissions to increase security by "fingerprinting" your phone, thus making it harder for someone to impersonate you, though you can change your advertisers ID on newer Android versions, so maybe not! Or app legitimately need that info for some other reason. Also app permission fall into 2 categories "normal" & "dangerous" you are not asked to approve normal ones only dangerous ones eg access to contacts, network access etc. I'm not a dev so not sure if they have been moved to a new category now & that is why you are seeing them now. Maybe permissions added by bank legitimately but on other hand seem excessive to me.
The Fabric one might be OK as fabric is a module framework that uses kits & is used by some developers to implement crashlytics etc, but guess some kits could be used maliciously. (Google are pushing devs form Fabric to Firebase)
But if suspicions give that app a scan with a good security app (not that this proves app is safe!) Try the Sophos security app, its free, might identify if malicious but also gives a nice summary of permissions granted to all your apps.
Hello. In Turkey Google Pay & Samsung Pay banned because of some stupid law. We need to use Banks own mobile apps to pay with NFC on phone. I'm able to use Android's "Tap to pay" option in my phone. But banks are not creating apps for WearOS watches. Do I have a chance to bridge watch's NFC functionality to Phone's NFC functionality? Phone is not rooted btw. Thanks.
Hi, you can try sideloading the payment app form your phone into your smartwatch, UI will be messy and not being natively made for the watch will produce some bugs, i've tried it myself and this was the outcome:
(names not mentioned because of privacy)
Bank A: app couldn't be sideloaded because of incompatible architecture
Bank B: app can be sideloaded, but nfc payment functionallity is missing
Bank C: nfc payment can be set up and initialized, but trying to use it produces a system crash (reboot)
Bank D: nfc payment can be set up, initialized and succesfully works, but the app itself sometimes fails to recognize that the watch is password unlocked, making it somewhat useless
When I try to open the pushTAN app of my bank, I get a security notice: blah blah ROOT something something.
My phone is the OnePlus Nord and I'm using the lastest magisk version with zygisk and the SafetyNet Fix from kdrag0n enabled. If I check the SafetyNet Attestation with various apps, I pass both "Basic integrity" and "CTS profile match", but for some reason my banking app still doesn't work.
Any help is appreciated.
Banks aren't soft. I don't think you'll find a way around it and if you do it won't last for long. The banks have a responsibility to keep things secure so see it as a good thing that they're protecting YOU from fraud. Root is insecure and blocked by banking apps for a very good reason.
Sorry but that's just the truth of it.
Take note that only 1 line of program code is needed to detect whether Android got persistently rooted or not. And such a line of code can get implemented in every app.
@m0.ke What I'm finding surprising -- correct me if I'm wrong -- is that if you weren't rooted, the app would work despite the other factors, like being unlocked. In an unrooted state here, at least, but on LineageOS so unlocked, which is something else that some apps don't like), I don't get a security notice when running it (of course I can't actually try logging in).
So, the irony may be that Magisk created a problem that it's designed to get around just by virtue of the root.
I'm beginning to wonder at this point just what percentage of problem apps actually object to a phone being unlocked (and/or being on a 3rd-party ROM like LineageOS) compared to that AND being rooted. So far, and I'm trying all that I can think of, including several banking apps and Google Pay (update: I did later see the issue with this one: it happens when trying to enable contactless), I haven't found one that has given me a problem. I don't quite know why, but it's making me much less inclined to bother with Magisk, something that I was positive that I would need after going to LineageOS.
m0.ke said:
When I try to open the pushTAN app of my bank, I get a security notice: blah blah ROOT something something.
My phone is the OnePlus Nord and I'm using the lastest magisk version with zygisk and the SafetyNet Fix from kdrag0n enabled. If I check the SafetyNet Attestation with various apps, I pass both "Basic integrity" and "CTS profile match", but for some reason my banking app still doesn't work.
Any help is appreciated.
Click to expand...
Click to collapse
Have you also hidden: Magisk root, Zygisk module and the Magisk app itself by renaming?
Nowadays banking apps also validate for this.
I've been using a banking app for the last year downloaded from Aurora. After a routine update it will not open because of an "invalid installation source".
This happened once before but cleared up after a few uninstalls and reinstalls.
I checked my phones Safetynet status using YASNAC and it passed both the Basic Integrity and CTS Profile Match tests.
I've done the uninstalling, installing, restarting, etc, without any sucess.
Any ideas how I can get the app working again?
Isn't this banking app available on Google Play Store?
Tom100% said:
I've been using a banking app for the last year downloaded from Aurora. After a routine update it will not open because of an "invalid installation source".
This happened once before but cleared up after a few uninstalls and reinstalls.
I checked my phones Safetynet status using YASNAC and it passed both the Basic Integrity and CTS Profile Match tests.
I've done the uninstalling, installing, restarting, etc, without any sucess.
Any ideas how I can get the app working again?
Click to expand...
Click to collapse
Uninstall old Aurora Store & then try installing Aurora Store from Aurora Droid or F-Droid. Aurora Store is working for me after I reflashed Android 10 Custom ROM RR yesterday evening.
FYI :
When my device was new like 5 years ago, just for once I installed banking apps directly from playstore and let it finish all the safety checks & droid guard checks it had to , after that its been 5 years now that I've ditched banking apps for net-banking & each time I login to banking apps if the need be, I can use them without a glitch (thanks to magisk hide which is now zygisk) even though I've been using 3 or 4 different Custom ROMS on the same device all these years & even now. I think what the banks check primarily is that the phone number & device ID should be the same as before when it had passed safety check, if its other than that then they get suspicious.
James_Watson said:
Isn't this banking app available on Google Play Store?
Click to expand...
Click to collapse
As per Mr.Snowden Gugle does a fabulous job of protecting its users from hackers but who saves its users from Gugle espionage & ad-mob? Thats the reason why many want de-gugled devices and open-source alternatives like Midro-G etc.
OldNoobOne said:
Uninstall old Aurora Store & then try installing Aurora Store from Aurora Droid or F-Droid. Aurora Store is working for me after I reflashed Android 10 Custom ROM RR yesterday evening.
FYI :
When my device was new like 5 years ago, just for once I installed banking apps directly from playstore and let it finish all the safety checks & droid guard checks it had to , after that its been 5 years now that I've ditched banking apps for net-banking & each time I login to banking apps if the need be, I can use them without a glitch (thanks to magisk hide which is now zygisk) even though I've been using 3 or 4 different Custom ROMS on the same device all these years & even now. I think what the banks check primarily is that the phone number & device ID should be the same as before when it had passed safety check, if its other than that then they get suspicious.
Click to expand...
Click to collapse
Thanks for your advice. I"ve installed the latest Aurora, 4.1.1 but the problem persists - I can install the banking app but when I open it just get a screen saying "invalid installation source".
It's an banking app for the country I live in. In the past I used Aurora Anon log in without problems to use the app. I've now also tried Insecure log in, but still get the "invalid installation source".
I have not logged in to ***gle on my phone but so far have had no problems. This is the only app that won't open, all other Aurora/Fdroid apps are OK.
The Safetynet status check using YASNAC passed both the Basic Integrity and CTS Profile Match tests.
I've uninstalled/ installed/ restarted phone, etc, witthout success.
Is there anything else I could try?
James_Watson said:
Isn't this banking app available on Google Play Store?
Click to expand...
Click to collapse
Yes, but I prefer to not sign into %¢€gle.
Tom100% said:
Thanks for your advice. I"ve installed the latest Aurora, 4.1.1 but the problem persists - I can install the banking app but when I open it just get a screen saying "invalid installation source".
It's an banking app for the country I live in. In the past I used Aurora Anon log in without problems to use the app. I've now also tried Insecure log in, but still get the "invalid installation source".
I have not logged in to ***gle on my phone but so far have had no problems. This is the only app that won't open, all other Aurora/Fdroid apps are OK.
The Safetynet status check using YASNAC passed both the Basic Integrity and CTS Profile Match tests.
I've uninstalled/ installed/ restarted phone, etc, witthout success.
Is there anything else I could try?
Click to expand...
Click to collapse
> Can you elaborate on what kind of Play Services are you using? Try microG Services Core, microG Services Framework Proxy / microG standard zip (github)
> If the banking app detects whether the install was from Package Installer instead of Pleysthore then use the Pleysthore provided by microG but before connecting to net be sure to disable 2 services within Pleysthore using Service Disabler app (PleySetapServyceV2 & ResthoreServyceV2) then after bank apps download finishes Disable all servycces of pleystore app & 3-rd Party Freeze it.
The attachment is the original downloaded version of microG from microg website. If you dont trust the attachment then you can download directly from microg website.
OldNoobOne said:
> Can you elaborate on what kind of Play Services are you using? Try microG Services Core, microG Services Framework Proxy / microG standard zip (github)
> If the banking app detects whether the install was from Package Installer instead of Pleysthore then use the Pleysthore provided by microG but before connecting to net be sure to disable 2 services within Pleysthore using Service Disabler app (PleySetapServyceV2 & ResthoreServyceV2) then after bank apps download finishes Disable all servycces of pleystore app & 3-rd Party Freeze it.
The attachment is the original downloaded version of microG from microg website. If you dont trust the attachment then you can download directly from microg website.
Click to expand...
Click to collapse
Thanks again. Apologies, I should have said in my first post that my phone is not rooted, and that I have not signed in to gugle, and use only Aurora and Fdroid apps. (Probably a futile gesture!) Nevertheless the banking app from Aurora has worked up to now...
If I can't get it to work I will probably have to give in and log into gugle. Damn!
Tom100% said:
Thanks again. Apologies, I should have said in my first post that my phone is not rooted, and that I have not signed in to gugle, and use only Aurora and Fdroid apps. (Probably a futile gesture!) Nevertheless the banking app from Aurora has worked up to now...
If I can't get it to work I will probably have to give in and log into gugle. Damn!
Click to expand...
Click to collapse
Alternatively, maybe you can try by using Opera Browser either from your device or from a PC/Laptop if banking apps is what you want. I ditched bank apps for the same very reason- dont want Pleysthore on device. I find Opera browser to be fast & secure, only caution is to turn off Opera VPN before logging into bank website because the password will be exposed to opera servers. all banks will have HTTPS Secure Login so no worries there. I find net-banking more complete than bank apps btw.
OldNoobOne said:
Alternatively, maybe you can try by using Opera Browser either from your device or from a PC/Laptop if banking apps is what you want. I ditched bank apps for the same very reason- dont want Pleysthore on device. I find Opera browser to be fast & secure, only caution is to turn off Opera VPN before logging into bank website because the password will be exposed to opera servers. all banks will have HTTPS Secure Login so no worries there. I find net-banking more complete than bank apps btw.
Click to expand...
Click to collapse
Thanks again for your advice!
MOD ACTION:
Thread closed at the request of the OP.