Develop Bugs

[Guide] Android Pay on rooted T-Mobile G5 - UPDATE: Workaround developed!

Android Pay use after rooting has been discussed in a few other threads, here on XDA, notably the 6P and 5X Nexi:
http://forum.xda-developers.com/nexus-6p/general/android-pay-root-t3309072
http://forum.xda-developers.com/nexus-5x/general/passing-safetynet-root-t3307659
With our newly rooted H830s (courtesy of http://forum.xda-developers.com/tmobile-lg-g5/development/root-h830-t3384526), it'd be nice to collect our information here.
I am very interested in how Android Pay may or may not work after our TOT flash. Here's a quick tutorial:
SuperSU must install via a 'systemless' root method due to security changes with Marshmallow. Thus, when SuperSU is flashed in TWRP as described in the TOT root thread, it can only install this way. It should not affect the /system partition.
Android Pay uses the "Safetynet API" to detect for tampering/root. What they classify as tampering is not entirely clear. But they do check /system among other things. It looks like apps that have altered the /system partition in some way are detected via this method.
(more boring info here http://www.howtogeek.com/241012/saf...y-and-other-apps-dont-work-on-rooted-devices/ )
It must also check the permissions of the /su/bin folder, as it should have a 751 permission profile (which is the described fix in the TOT root original post).
That is:
-Run "adb shell"
-From the shell run "su"
-On the # prompt run "chmod 751 /su/bin/"
Or, you can use root explorer to change the permissions octal to 751 for that folder.
It is set to this permission state in the rooted TOT upon first install. Obviously other root alterations you do may change it.
There are apps, such as Safetynet Helper sample (https://play.google.com/store/apps/details?id=com.scottyab.safetynet.sample), which can utilize the API to see if the API is tripped.
Right after installing the TOT and getting everything to boot properly, the app shows everything is still kosher. I was able to run Android Pay, add credit cards, and have confirmed with a payment transaction.
I believe any root app that doesn't make permanent changes to /system in and of itself will probably keep Android Pay working. Obviously, for instance, if you have a terminal program app with root, and run some commands that alter your system partition/files, it may trip SafetyNet, though just having the app installed does not.
EDIT1: As of 7/25/16, a change was made to the SafetyNet API and it now detects systemless root. Android Pay no longer works on rooted devices, regardless of method. A new method will need to be developed.
EDIT2: As of 8/22/16, a workaround has been developed and tested!​Developer @topjohnwu has created Magisk (http://forum.xda-developers.com/android/software/mod-magisk-v1-universal-systemless-t3432382). This is a new way of integrating systemless changes into Android devices. This includes root, xposed, etc. The unique thing with Magisk is that you can instantly un-root your device, run Android Pay, and then reactivate root, all without rebooting. It is pretty seamless.
See the referenced thread for the latest information. It does take some work to install but it's fairly straightforward.
If you want to start from a clean install, @Gungrave223 has detailed the steps here:
http://forum.xda-developers.com/showpost.php?p=68353051&postcount=22
If you want to keep your data, it's just slightly more work. Assuming you are starting with a rooted install, here is a quick summary on how to do this:
0. You may want to first un-register the cards you have in Android Pay. Some banks apparently only allow a set # of installs before they block additional installs, thus requiring you to call the bank directly to have them reset that number. If Android Pay resets (unsure what security changes trigger this), it will forget your cards, thus leaving those cards registered on a phantom install. Un-registering first may prevent this.
1. Get the Magisk flashable zip, the Magisk-altered phh-superuser.zip, and the Magisk manager apk from the referenced thread.
2. Go to SuperSU and select full unroot. DO NOT restore the stock boot.img. DO NOT restore the default recovery. The phone should reboot and your root will be lost.
3. You should now restore the stock boot.img. This can be done without losing your data or re-encrypting your data. There are 2 ways.
Flash autoprime's stock boot.img zip file through TWRP (recommended), OR
Flash the TWRP-ed TOT file through LGUP, using the UPGRADE (not refurbish) setting
Why not just allow SuperSU to restore the stock boot.img in step 2? Because it will reboot instantly into system and start encrypting your data, with no way for you to intervene and boot into TWRP first!
4. You likely did not have data encryption on your initial rooted installation. If you want to keep yourself un-encrypted, you MUST immediately boot into TWRP before the next power on. If you do not, it will re-encrypt your data. This is the default behavior of the stock boot partition, which you just restored in the step above. You can make this easy for yourself by TWRP flashing autoprime's stock boot.zip and then immediately doing the next steps. Note: Magisk can be installed just fine on a phone with an encrypted data partition if you don't care about data encryption.
Flash the magisk.zip from the Magisk thread. This installs Magisk and also disables the forced encryption (just like the dm-verity zip)
Re-establish root by then flashing the special modified phh-superuser.zip
Note: Chainfire's SuperSU is NOT compatible if you want to use Android Pay
5. Reboot into system. You need to then install from the Playstore phh's superuser app. You also need to install the Magisk manager apk. Grant all your usual apps root permission in the superuser app.
6. Run Magisk Manager and grant it superuser access. You'll find a simple toggle to mount/unmount root. Unmount! Check that SafetyNet will pass. If you've done everything right, it will!
7. Run Android Pay. Add your card(s) back. Mount root back and go about your business.
8. When you want to use Android Pay, unmount root and run the app. Here's a tricky part (and currently a work in progress). We do not know how often or when Android Pay checks for root. We DO know that it does this when you initiate adding a new card. So you can try an Android Pay transaction. If it fails (they often do, even if you are unmounted root at that time), pretend to add a card, cancel it, and then do the transaction again. It should work now!

pay was not working after I installed the Fluence patch, uninstalled xposed and Android Pay is working with no issues with root.

fatapia said:
pay was not working after I installed the Fluence patch, uninstalled xposed and Android Pay is working with no issues with root.
Click to expand...
Click to collapse
The Fluence patch has a huge # of system changes. I would totally expect xposed to break the SafetyNet.
So do you have Fluence still installed, with only xposed removed?

waylo said:
The Fluence patch has a huge # of system changes. I would totally expect xposed to break the SafetyNet.
So do you have Fluence still installed, with only xposed removed?
Click to expand...
Click to collapse
Yup you got it, I had been running Xposed off Fluence for a while until I left my wallet at home and didn't feel like starving. So I downloaded the Xposed uninstaller only, ran it in recovery and then let it reboot and Pay was working again.

I followed the instructions for rooting in this thread, http://forum.xda-developers.com/tmo...p-step-guides-rooting-t-mobile-lg-g5-t3388272 and then the instructions here to change the permissions but an still having problems. The only app root app I installed after rooting was an app to export google play music with track names intact.

What problems specifically are you having?
Did you install the safetynet helper app? What happens when you run it?
What root app did you install? Was it this one? http://forum.xda-developers.com/showthread.php?t=2620331 (play music exporter) aka https://www.david-schulte.de/en/play-music-exporter/
Looks like that app doesn't work in MM regardless, per the developer's page.

waylo said:
What problems specifically are you having?
Did you install the safetynet helper app? What happens when you run it?
What root app did you install? Was it this one? http://forum.xda-developers.com/showthread.php?t=2620331 (play music exporter) aka https://www.david-schulte.de/en/play-music-exporter/
Looks like that app doesn't work in MM regardless, per the developer's page.
Click to expand...
Click to collapse
Yes, that is the app. I noticed MM was not supported after I had it installed
I have installed and run the safetynet app and it shows it gets tripped on the CTS profile
---------- Post added at 02:03 PM ---------- Previous post was at 01:40 PM ----------
I just realized I also had Adguard installed. I have uninstalled it and turned off suppersu and restarted but the phone still does not pass the CTS profile check

Wondering if any of those apps made some changes to /system that were not completely reversed.
Doesn't look like that music app does any permanent changes anyway, rather just copies cache not normally accessible into another folder.
Can you check the permission profile of your /su/bin folder?
Briefly looking at the Adguard website I can't make out how its root version works exactly.
What other apps are listed under your SuperSU app list? You're not running xposed, right?

Apps listed in supersu are adb shell, root checker basic, and Titanium backup.
Titanium backup was installed after safetynet app test failed.
I'm not 100% sure what the permissions are but I followed your instructions above to change the permissions and it appeared to run correctly

eremeya said:
Apps listed in supersu are adb shell, root checker basic, and Titanium backup.
Titanium backup was installed after safetynet app test failed.
I'm not 100% sure what the permissions are but I followed your instructions above to change the permissions and it appeared to run correctly
Click to expand...
Click to collapse
SafetyNet still failing after the permissions change?

It was today. I can try changing them again tonight when I'm at my computer and report back.

I have confirmed that the folder permissions are set to 751

eremeya said:
I have confirmed that the folder permissions are set to 751
Click to expand...
Click to collapse
Well if we can't track down the actual changes made, and you're interested in getting Android pay to work, you could try reflashing the system partition.

It looks like from reports on other threads (Nexus mostly), that something has changed with the SafetyNet check. Phones that were working just fine yesterday now fail. Most likely something server-side was patched so now Android Pay will not work with systemless root.
Details updated as I find them.

For those interested in this topic, a pretty major development has occurred at this thread:
http://forum.xda-developers.com/android/software/mod-magisk-v1-universal-systemless-t3432382
Essentially, this is a brand new way to implement root systemless, which can be toggled via an app, without rebooting. This does allow the SafetyNet api to remain untripped. The steps involved include flashing back to stock kernel/system, flashing the application .zips, and flashing special SuperSU or SuperUser .zips. I have not done any of this yet as it is still very early.
There are some reports, unfortunately, such as this post:
http://forum.xda-developers.com/showpost.php?p=68045722&postcount=121
which reports that despite SafetyNet passing, Android Pay still does not work (user is on Nexus 6P).
I have read of no G5 users doing this yet, but there is a V10 user who has. Stay tuned.

I've been watching the Magisk threads for the past week and decided to take the plunge today. Many Nexus phones seem to have a lot of trouble with Android Pay, but other makes seem to do better. There were confirmations from LG G4 owners. As of this writing Magisk is on v3.
The install steps from the Magisk thread are this:
1. Reflash a stock boot.img to reset your systemless root
2. Flash Magisk.zip
3. Flash modified phh-superuser.zip (not the official one). Chainfire's SuperSU does not currently have as much support, but there is a modified supersu zip as well.
4. Boot and install phh's superuser app from the App store.
5. A 'magisk manager' app is installed via the flashed .zips. This allows you to turn off root for a set # of minutes, without rebooting.
Given the unique way the G5 is rooted, with automatic encryption, I figured it might not be so simple to install this if I wanted to keep my data without a full wipe. It quickly became much more complicated than what I wanted. Here's exactly what happened.
First, I made a full boot+system+data backup.
Then, these were my thoughts/concerns:
I have Adaway installed with the systemless addon zip and SuperSU installed. Magisk installation requests flashing back the stock boot.img. What would this do to the supersu install and Adaway?
The adaway systemless zip makes a script file which is kept in the /su/su.d/ folder. I removed this.
The SuperSU has a complete uninstall feature. As part of this uninstall process, it asks if you want to restore the boot.img (yes--this stock one is backed-up after the initial supersu.zip flash during our initial root/TOT process) and/or the recovery (no, don't do this, but it probably would not have done anything as there is no stock recovery backup). I thought this would accomplish our goal. It does warn you that you may have re-encrypting of the data partition if you go this route.
And unfortunately, after rebooting, it automatically and immediately encrypted the data partition.
Well shoot. Correct me if I'm wrong, but an encrypted data partition cannot be worked on. It booted just fine, but without root.
I started having some doubts at this time so I decided to try to restore back to my initial setup. Through TWRP, I wiped the data partition and flashed the no-verity.zip, to hopefully stop any re-encryption.
Then, after figuring out how to mount system properly (TWRP defaulted to mount system as r/o), I restored my nandroid backup in its entirety.
But upon reboot, it went immediately into bootloader mode. And it continued to do this after every battery pull and power on. I had never heard of this before! Finally, I realized I could still boot into TWRP. I flashed the 10Dcomplete.zip made by autoprime, restoring the boot and system partitions to stock. And then I flashed the magisk v3.zip and the modified phh-superuser zip.
It finally rebooted into Android, with data intact! Oddly, my unlock pattern had changed without my knowledge, but the backup PIN worked. I installed the market phh Superuser. Magisk is installed properly and it passes SafetyNet, and I can add cards to the app. I'll test out Android Pay next opportunity I have.
If I had to do it all again and wanted to keep data intact, this is what I would do.
1. Autoprime did make a 10D boot flashable zip. So this would restore the stock boot.img as intended. There are some files to clean up, such as data/su.img, but that can be dealt with later.
2. I do not know if just flashing the stock boot.img would result in re-encrypting. It probably would. So, immediately after flashing the boot.img in TWRP I would flash magisk and the phh-superuser.
Alternatively, they say you should not dirty flash for things this complex. So consider starting completely new from a 10Dcomplete flash with wiped data.

I've learned that Magisk will work fine with an encrypted data partition, so if you are set on having that, it won't be a problem.

waylo said:
I have a thread here discussing Android Pay while rooted on our G5s:
http://forum.xda-developers.com/tmob...le-g5-t3395036
I thought I was the only one who cared about this kind of stuff!
Which version Magisk did you install?
I just did this 2 days ago but haven't had the opportunity to test AP yet.
What rooted apps are you running? AdAway?
Click to expand...
Click to collapse
To answer your question... I'm using v3 with his v2 of his modified phh superuser.
As for rooted apps...yes AdAways still works perfectly....TB...my one time use of System App Remover etc...
I haven't been able to test Android util tomorrow....but SafetyNet did pass when Magisk was disabled and failed when enabled.
I'll report back tomorrow after I go buy my weekly chicken at my local Fresh Mart.

I'm using the same install as you.
I tried it this AM for the first time and it failed.
On the Magisk-AP thread, someone has posited that maybe the AP app caches any root inquires during that boot. So if you test out AP and it fails while the root is active, it will remember that failure until the next reboot.
That could explain how so many people are getting weird inconsistent results. I'm testing out that theory later today.

Bah, still doesn't work, even if done immediately after a reboot =(

Snapchat gives "login temporarily failed" error with CM ROM

Hey guys,
I've done some searching around on this issue, and it looks like Snapchat is not allowing me to login as my device is rooted. However, I had the factory OxygenOS ROM (rooted as well) installed before and never had this issue. Now that I have installed Sultanxda's "Unofficial CyanogenMod 13.0 with custom kernel", I can no longer get Snapchat to login. Like I said, from the searching that I've done it look like it is root related, so I went into SuperSU and did a complete unroot. This still hasn't solved the issue yet, so now I'm stuck and not sure what to do. Is there something I'm missing or is there a way to solve this without having to reflash a different ROM and loose all the time spent setting this one up?
Thanks for the help!

saleenman95 said:
Hey guys,
I've done some searching around on this issue, and it looks like Snapchat is not allowing me to login as my device is rooted. However, I had the factory OxygenOS ROM (rooted as well) installed before and never had this issue. Now that I have installed Sultanxda's "Unofficial CyanogenMod 13.0 with custom kernel", I can no longer get Snapchat to login. Like I said, from the searching that I've done it look like it is root related, so I went into SuperSU and did a complete unroot. This still hasn't solved the issue yet, so now I'm stuck and not sure what to do. Is there something I'm missing or is there a way to solve this without having to reflash a different ROM and loose all the time spent setting this one up?
Thanks for the help!
Click to expand...
Click to collapse
Hi, the searching can be useful sometimes
http://forum.xda-developers.com/search/forum/5476?query=snapchat
You need an fully unrooted rom to login into snapchat, after that you can flash supersu.

NevaX1 said:
Hi, the searching can be useful sometimes
http://forum.xda-developers.com/search/forum/5476?query=snapchat
You need an fully unrooted rom to login into snapchat, after that you can flash supersu.
Click to expand...
Click to collapse
Ah, looks like I just didn't search enough. This seems to have done the trick, thanks!

I think you just need to uninstall Xposed Framework for Snapchat to login and then after login you can install Xposed again.

This sounds weird but what worked for me was to download superkiwi via xposed installer, it's supposed to bypass root detection for banking apps in New Zealand but works with snapchat [emoji14]
I found this workaround in a thread somewhere and thought that it wouldn't hurt to try but actually works mighty fine!
Sent from my ONEPLUS A3003 using Tapatalk

Leaving this here in the hopes it helps someone else, took me a bit to find the correct steps.
Currently running the last official CM 13 build for the Droid Turbo (will be moving to LOS soon), rooted with SuperSU Pro, Xposed framework v87, on the newest TWRP.
Nothing worked, not Xposed Switch, Root Switch, nothing. In fact I had to reinstall Xposed Switch to be able to turn root back on, while Root Switch simply uninstalled the SuperSU binary, I had to reflash it. Finally I put it all together and in the following order I got Snapchat to work.
Make sure any OS root (my case CMroot) was turned off.
Download the correct version of Xposed framework Installer, Xposed Uninstaller, and the SuperSU binary (all flashable zip files) for your device to a location on your system that you can easily access from recovery. For me its my TWRP folder.
Uninstall Snapchat. Open a File Explorer and delete the entire Snapchat folder left over.
Select the uninstall "permanently unroot" option from SuperSU, but DON'T let it install the original... Whatever it is, the name escapes me. But don't let it!
Phone will reboot automatically after taking out root, boot to recovery, run Xposed Uninstaller, wipe Cache & Dalvik, reboot phone.
When the phone boots, confirm it is unrooted and Xposed Framework is uninstalled. A root checker app and opening the Xposed App worked for me here.
Install Snapchat, sign into Snapchat. It will accept your login if you did everything correctly.
*This step I did to save myself work in the future, but you can do it later. Turned on CMroot and took a TiBackup of logged in Snapchat in case I ever have to login again, I can just reload the data.*
Boot to recovery. Flash the Xposed framework and the SuperSU binary (in that order), wipe Cache and Dalvik, reboot system.
Open Snapchat to confirm its still logged in. If so grab a TiBack of it for use as needed later.
I hope this helps!
Sent from my DROID Turbo using XDA-Developers Legacy app

GPay Can tell root now???

FIX:
1. Add Google Services to Magisk Hide (if you're on Magisk 18.1 use "su magiskhide --add com.google.android.gms" in terminal)
2. Add Google Pay and Google Services Framework to Magisk Hide
3. Go to data/data and rename com.google.android.gms to com.google.android.gms.bak for example (or delete it altogether, but backing up seems safer)
Reboot and do whatever you like in GPay, it should work now. That's all I've done. I don't think you need to reinstall Magisk.
cts profile - true
basicintegrity - true
" couldnt finish setup to pay in stores
this phone can't be used to pay in stores. This is because it is rooted or altered in some way "
i dont get it... it passes but fails?????
can someone help me understand??

mine is fine
try re flash your rom

i42o said:
cts profile - true
basicintegrity - true
" couldnt finish setup to pay in stores
this phone can't be used to pay in stores. This is because it is rooted or altered in some way "
i dont get it... it passes but fails?????
can someone help me understand??
Click to expand...
Click to collapse
Long thread and a lot of moving parts, so work backwards on the thread. Personally, I am just waiting until a final and formal fix is found on stable Magisk and up to date Play apps.
https://forum.xda-developers.com/app...ssion-t3906703

My experience with this issue is I run GPay, go back to Magisk, safetynet fails on both.. So I force close Magisk, clear cache and data.. reboot. Open Magisk back up, Safetynet passes.. Gpay sets up fine. Sometimes you have to do this several times and it's a real pain but it's always worked for me..

this thread has info: https://forum.xda-developers.com/pixel-3-xl/how-to/march-security-update-t3907281
this worked for me:
1. Disable Google Pay/Find My Device as Device Administrators in Settings > Security & location > Device Administrators.
2. Search "Google Play services" in the Settings search bar.
3. Press the three dots and press "Uninstall previous updates".
4. Download this update - https://www.apkmirror.com/apk/google...-7-99-release/
Pick your needed edition (arm or arm64, etc.), download it and install it.
5. Disable Background data access for Google Play Services and Google Play in their respective App Info pages.
6. Download Google Pay from the Play Store.
7. Set up your cards. Enjoy!

dipstik said:
this thread has info: https://forum.xda-developers.com/pixel-3-xl/how-to/march-security-update-t3907281
this worked for me:
1. Disable Google Pay/Find My Device as Device Administrators in Settings > Security & location > Device Administrators.
2. Search "Google Play services" in the Settings search bar.
3. Press the three dots and press "Uninstall previous updates".
4. Download this update - https://www.apkmirror.com/apk/google...-7-99-release/
Pick your needed edition (arm or arm64, etc.), download it and install it.
5. Disable Background data access for Google Play Services and Google Play in their respective App Info pages.
6. Download Google Pay from the Play Store.
7. Set up your cards. Enjoy!
Click to expand...
Click to collapse
My way of fixing this issue is no longer working.. The second I start Gpay it breaks and detects root.. The link you gave for apkmirror .. I think it's missing info?

jbarcus81 said:
My way of fixing this issue is no longer working.. The second I start Gpay it breaks and detects root.. The link you gave for apkmirror .. I think it's missing info?
Click to expand...
Click to collapse
Get a 2.83 build. Xda shortens links and you lose them on copy text

dipstik said:
Get a 2.83 build. Xda shortens links and you lose them on copy text
Click to expand...
Click to collapse
I know.. it's ridiculous, appreciate the clarification!

I have the same problem, Gpay detects root.
After I've gained root using extracted boot.img from January's update and Magisk, it's impossible to hide the root.
Natwest bank app won't let me use fingerprint because it detects root, even Zoho mail detect root.
I am going to unroot, install march's update, then re-root using the same method, and if still doesn't work I will try what you described "dipstik"
I will let you know once it's done.

rob42ert said:
I have the same problem, Gpay detects root.
After I've gained root using extracted boot.img from January's update and Magisk, it's impossible to hide the root.
Natwest bank app won't let me use fingerprint because it detects root, even Zoho mail detect root.
I am going to unroot, install march's update, then re-root using the same method, and if still doesn't work I will try what you described "dipstik"
I will let you know once it's done.
Click to expand...
Click to collapse
I update this way:
Copy 18.1 Magisk to the phone.
Flash the factory image after editing out the -w so data is saved.
Boot to TWRP, but I do not install it.
Install the Magisk zip with TWRP.
That's it. I have never had a problem with GPay. I also have it hidden in Magisk, perhaps because I have always had it hidden I am ok.....dunno.

This workaround worked for me with magisk 18.2 Canary build.
GPS 14.8.49
Google pay 2.82.231680166
Make sure to hide Google play services and Google services framework in Magisk hide.
https://forum.xda-developers.com/showpost.php?p=79028818&postcount=5

TonikJDK said:
I update this way:
Copy 18.1 Magisk to the phone.
Flash the factory image after editing out the -w so data is saved.
Boot to TWRP, but I do not install it.
Install the Magisk zip with TWRP.
That's it. I have never had a problem with GPay. I also have it hidden in Magisk, perhaps because I have always had it hidden I am ok.....dunno.
Click to expand...
Click to collapse
TonikJDK,
Have you added a card and actually used GPay at the terminal since this all started? I am in the same boat as you.
GPay is installed and opens fine on my wife's Pixel 3. Her device is running stock/rooted March rooted with 18.1 and has no TWRP. The only two things hidden are GPay and Play Store. The catch is that the card was already there. The new version of GPay showed up after clearing data/cache for Play Store and was loaded right after March install which decertified the design in Play Store forcing the data/cache clear. The card was always there. I have been hesitant to try loading a card or using this one at the terminal due to all of this.
My Pixel 3 XL also opens GPay fine, but like hers I have been hesitant to add a card or use it at the terminal. I am running dotOS (based on February), rooted with 18.1 with TWRP 3.2.3-3 fully installed. Same two relevant aps hidden, but in my case I didn't have to do anything to get the new version of GPay to show up since I didn't install March.

sliding_billy said:
TonikJDK,
Have you added a card and actually used GPay at the terminal since this all started? I am in the same boat as you.
GPay is installed and opens fine on my wife's Pixel 3. Her device is running stock/rooted March rooted with 18.1 and has no TWRP. The only two things hidden are GPay and Play Store. The catch is that the card was already there. The new version of GPay showed up after clearing data/cache for Play Store and was loaded right after March install which decertified the design in Play Store forcing the data/cache clear. The card was always there. I have been hesitant to try loading a card or using this one at the terminal due to all of this.
My Pixel 3 XL also opens GPay fine, but like hers I have been hesitant to add a card or use it at the terminal. I am running dotOS (based on February), rooted with 18.1 with TWRP 3.2.3-3 fully installed. Same two relevant aps hidden, but in my case I didn't have to do anything to get the new version of GPay to show up since I didn't install March.
Click to expand...
Click to collapse
My cards were already in there before anyone started having all these problems and before the March update.. I use it all the time, it has never failed to work. I used it yesterday several times.

TonikJDK said:
My cards were already in there before anyone started having all these problems and before the March update.. I use it all the time, it has never failed to work. I used it yesterday several times.
Click to expand...
Click to collapse
Thanks. That gives me some comfort in using the already loaded cards at least. I am not planning on loading any new cards or having to start from scratch any time soon. Seems like an already working GPay with a previously loaded card is OK.

sliding_billy said:
Thanks. That gives me some comfort in using the already loaded cards at least. I am not planning on loading any new cards or having to start from scratch any time soon. Seems like an already working GPay with a previously loaded card is OK.
Click to expand...
Click to collapse
It depends. My Gpay was opening fine and cards were loaded but payments didn't work, was getting error message that said I can't use payments because phone is rooted or altered in some other way.

Bogega said:
It depends. My Gpay was opening fine and cards were loaded but payments didn't work, was getting error message that said I can't use payments because phone is rooted or altered in some other way.
Click to expand...
Click to collapse
And the doubt kicks back in, LOL. Luckily, I just carry a real card until this is formally solved (hopefully).

Bogega said:
This workaround worked for me with magisk 18.2 Canary build.
GPS 14.8.49
Google pay 2.82.231680166
Make sure to hide Google play services and Google services framework in Magisk hide.
https://forum.xda-developers.com/showpost.php?p=79028818&postcount=5
Click to expand...
Click to collapse
Sadly this method only works for a limited time.
Overnight GPS updates to version 15 by its own self and GP stops working.
I'm not sure I'm ready to to this procedure daily just for Google pay. For the time being I'll use my card until Magisk developer finds solution to this problem.

Well, I jinxed it a few posts back saying I was ok. It just told me no more when I used it.

yeah nothing worked for me even when I uninstalled magisk and tried the steps above on stock. Ended up factory resetting. but thats the last move to do

TonikJDK said:
Well, I jinxed it a few posts back saying I was ok. It just told me no more when I used it.
Click to expand...
Click to collapse
Google Pay is a real asshole and doesn't let you know something is wrong until you actually tap to pay.
It's happened to me a couple of throughout my ownership of Pixels.

Question C.48, April Security Update and SafetyNet

Since updating to C.48 (2125 [phone], coming from C.47, my Google Play and Pay have stopped working on my rooted phone (Magisk 24.3), even though it passes SafetyNet with YASNAC. When I try to open Play I get a "Try Again" screen. When I try to open Pay, I get "Google Pay is updating right now...". I've got Universal SafetyNet Fix 2.2.1 and MagiskHide Props Config installed, and Play and Pay in the Deny List. Tried using Shamiko 0.4.4 (while disabling deny) with no better results. Cleared cache and data on both apps multiple times. Uninstalled Magisk and unrooted, and everything worked again. Re-rooted w/o opening either app, put them both into "deny" and, for a brief time, both worked -- but eventually (without my doing anything that I could tell), they both reverted to the behavior described above.
I'm wondering if this behavior has anything to do with the April security update included in C.48? Because it's really odd that I YASNAC still shows safetynet as having passed. More likely, it's user error on my part, but has anyone else run into this yet on C.48?

I have a LE2127 running your firmware and I don't notice issues. One thing you could try is just flashing the update zip over your current OS using the OPlocalupdate apk here https://oxygenos.oneplus.net/OPLocalUpdate_For_Android12.apk

Thanks. I presume you're rooted? Which version of Magisk are you using and are you using Deny List or Shamiko?

rogerinnyc said:
Thanks. I presume you're rooted? Which version of Magisk are you using and are you using Deny List or Shamiko?
Click to expand...
Click to collapse
Yes, I'm rooted. I'm using Denylist on Magisk 24.3.

No problems on my end with Gpay while rooted

I gave up and did a total restore with MSM and then made sure to root and fill up the Deny List (and add SafetyNet Fix) before opening up Google Pay or Play. That seemed to work. Not sure how I messed it up in the first place, but I think it was in upgrading from C47 to C48 and my sequencing of unrooting, upgrading, clearing storage in the apps and re-rooting. Thanks all.

Magisk-in-recovery, unable to reboot to unrooted mode

I've got magisk in recovery installed, but it's quite annoying to reboot to non-rooted mode.
To reboot to recovery mode, I need my headphones plugged in, but the reboot works fine.
When I want to reboot to unrooted mode, I have to reboot to download mode, then cancel out of it for it to work. I've tried shutting down and rebooting, using the magisk app to reboot, but all just reboot to rooted recovery mode instead. Is this intentional or something I'm doing wrong?

See Magisk in Recovery
Why are you trying to reboot to non-rooted mode? If you're having issues with certain apps, simply having an unlocked bootloader may be causing the issue. See this thread.

V0latyle said:
See Magisk in Recovery
Why are you trying to reboot to non-rooted mode? If you're having issues with certain apps, simply having an unlocked bootloader may be causing the issue. See this thread.
Click to expand...
Click to collapse
Nah. The apps that are locked during root work fine in unrooted mode. Kinda weird, but they work fine with an unlocked bootloader. It's mostly government apps and banking apps which are locked when in recovery root mode.
Also, yes I saw the magisk in recovery page, and I tried booting from power off, but it somehow goes into recovery root mode instead of unroot. Which is why I'm so confused.

FreSchDude said:
Nah. The apps that are locked during root work fine in unrooted mode. Kinda weird, but they work fine with an unlocked bootloader. It's mostly government apps and banking apps which are locked when in recovery root mode.
Also, yes I saw the magisk in recovery page, and I tried booting from power off, but it somehow goes into recovery root mode instead of unroot. Which is why I'm so confused.
Click to expand...
Click to collapse
I would still check your Play Integrity verdicts to see if that might be part of the problem. It's also possible that the apps in question are able to detect the SU binary; there are Magisk modules that can help hide this such as Shamiko

V0latyle said:
I would still check your Play Integrity verdicts to see if that might be part of the problem. It's also possible that the apps in question are able to detect the SU binary; there are Magisk modules that can help hide this such as Shamiko
Click to expand...
Click to collapse
Alright. So I should check play integrity for root and non-root, and then what is that other test?

Alright, so, non-root mode only passes basic whilst failing device and strong. Root recovery mode fails all 3 checks.
Is there a magisk module to pass the basic check? Or there might be something else besides that that the apps check for when verifying root...

FreSchDude said:
Alright, so, non-root mode only passes basic whilst failing device and strong. Root recovery mode fails all 3 checks.
Is there a magisk module to pass the basic check? Or there might be something else besides that that the apps check for when verifying root...
Click to expand...
Click to collapse
Read the OP, I linked a Magisk module that should fix BASIC and DEVICE verdicts

V0latyle said:
Read the OP, I linked a Magisk module that should fix BASIC and DEVICE verdicts
View attachment 5890551
Click to expand...
Click to collapse
Shamiko, Universal SafetyNet Fix and zygisk has been enabled. Most apps are working, but some still don't work.
Configuring them was sure a pain, I've got over 30 banking/government apps, and a handful still don't work.
I pass the device and basic now, and Momo doesn't detect SU and magisk anymore. I'm curious how some apps are still able to detect root. Probably has the strongest security because it's a government app.

Sorry about all this trouble, I remember that I once tried back when magiskhide was a thing, but couldn't get some apps to work. I then settled for just booting into non-rooted mode and kinda just stuck with it. As of now, around 5 apps of the 30 still refuse to work and are blocked, detecting root, even with shamiko and the other stuff configured.

Hmmm. Try TB Checker and run the root check.

V0latyle said:
Hmmm. Try TB Checker and run the root check.
Click to expand...
Click to collapse
root management apps, SU binary, 2nd SU Binary, Root via native and Magisk specific checks failed.
After setting up the denylist for Shamiko, it only fails the first test, the Root Management Apps one.

FreSchDude said:
root management apps, SU binary, 2nd SU Binary, Root via native and Magisk specific checks failed.
After setting up the denylist for Shamiko, it only fails the first test, the Root Management Apps one.
Click to expand...
Click to collapse
Update: I activated magisk hide and now all checks pass.
I'll be goin off to bed now, I'll be back in the morning.
Thanks for all the help so far mate

No problem.
I'd suggest bringing this up in the Magisk General Support/Discussion thread as the wizards over there might be able to help. Make sure you mention the specific app you're having trouble with.