Develop Bugs

Devs challenge: CPU leak in Stock ROM &Custom maybe (GPS+WIFI Location Services)

Description: (http://youtu.be/YEKa24hhYd4)
Before running Google Maps (or any Location software) the CPU load of 'Android System' is near 10%. After enabling both GPS module AND WiFi connection (connected to IPV6 Router) and running Google Maps the CPU load will jump and remain at around 85%.
How to check:
Reboot phone (without fast startup enabled) and install 'CPU Usage' app. See the load of 'Android System' process. Enable both GPS module AND WiFi connection and start Google Maps. Close Google Maps after a position lock and check load of 'Android System' process.
My experiments:
- I had this problem on 2.13.401.3 and also on stock 2.14.401.1 ROM
- no custom kernel installed or root active, only CWM 5.0.2.8 recovery
- it is not related to Google maps version
- google latitude is not enabled
- tried it with no other apps installed (stock only)
- Pico TTS has nothing to do with it
- GPS fix 1.2 has no effect, still same behavior
- dalvik cache clear and user cache clear has no effect
- as I said, factory reset to stock did not help
- a reboot temporary solves the issue
LOG file:
I have attached log file. I opened Maps at 23:12 and between 23:13-23:14 CPU load has jumped to over 85%
Challenge:
Do you have this problem too (please confirm or infirm)? Is it present on your stock or custom ROM? Your router has IPV4 or IPV6?
Do you have any idea what might be the root cause?
FINAL CONCLUSION: the issue appears for me only on a ipv6 router. might be because of tomato firmware on router or ipv6 bug in htc. either way, let's forget this thread

So you thought your question was SO important it had to be put in the DEVELOPMENT section? Get real. I KNOW the site asks you if you're posting a question, and then warns you that you're breaking the rules. AND it was ALREADY in the right place earlier. Reported.

BigChillin said:
So you thought your question was SO important it had to be put in the DEVELOPMENT section? Get real. I KNOW the site asks you if you're posting a question, and then warns you that you're breaking the rules. AND it was ALREADY in the right place earlier. Reported.
Click to expand...
Click to collapse
Yes, let's move it. thanks for testing and being so helpful... always a pleasure.

Problems using Blank Store

Hi folks,
I'm trying to keep my Fairphone free of googleApps (because, you know, $reasons), but as usual it's not that easy.
I am struggeling to get NoGApps working. First of all: kudos to @MaR-V-iN - I don't have a paypal account, but I could invite you for a Kölsch next time I'm in the area.
Can anybody review my steps and possibly describe how to get it running properly?
0. installed OI File Manager (to be able to access the internal partition)
1.1. downloaded μg v1.3.2 (NetworkLocation.apg)
1.2. ( tried to copy to /system/app/NetworkLocation.apk - to no avail: "... could not be copied")
1.3. installed NetworkLocation, allowed access in XPrivacy popup, rebooted.
1.4. downloaded cells-world.db, renamed to cells.db, moved it to /sdcard/.nogapps/cells.db
1.5 tried to find any sign of the application. (Found nothing.)
Sadly, Network location does not show up, anywhere. Am I looking in the wrong places?
2.1. downloaded Blank Store 0.6.6 (BlankStore.apk)
2.2. (renamed it to com.android.vending.apk, tried to copy it to /system/app/com.android.vending.apk - no success.)
2.3. renamed again, installed BlankStore.apk, allowed access in XPrivacy popups, rebooted.
2.4. downloaded android-checkin-1.0.jar and bla.bat, copied them to the location of java.exe, generated an android ID.
2.5. went to menu [Settings]{Accounts}
2.5.1 entered (dedicated...) google credentials and android ID,
2.5.2 entered slightly changed credentials that @DSoundso mentioned (SDK should be 17, I think. I also used a German carrier's MCC-MNC).
2.5.3 rebooted.
2.6 opened BlankStore: yay, I can search it. But I can't install any app: it crashes constantly.
I should mention that the Account settings were gone several times, so the BlankStore would close immediately. I had to re-enter them, and tried also exactly the credentials @DSoundso mentioned in the NOGAPPS thread.
I can't "sync" the account under [Settings]{Accounts}{Sync}. It just "says Sync is OFF", "sync now" does not seem to work.
I logged into the google account on a desktop PC, and no devices show up. ("No active devices").
So, the next steps are unfinished:
3.1. downloaded Maps API v1 (nogapps-maps.zip)
3.2. tried to download via Blank store: BusyBox, TWRP, TitaniumBackup. (BlankStore crashes.)
...to be continued?
Can anybody walk me through?
Or at least single out any errors I made above?

Hey, did you have a look at the XDA-Wiki section about installing the Blank Store? Following this step-by-step should hopefully install the Blank Store
I am too avoiding the Google Apps and also installed the maps successfully (didn't try NetworkLocation yet) and your problems with "could not be copied" sound like a problem with the user rights.. I'm not sure how your file manager works but the with the Android SDK (see above link) and the right commands it should work.
As far as the crashes of the Blank Store are concerned: at first mine also didn't start and crashed, which was caused by the missing Store account but as it sounds yours IS starting but then not really functioning, right? :|

arghwhymustiregister said:
Hey, did you have a look at the XDA-Wiki section [...] As far as the crashes of the Blank Store are concerned: at first mine also didn't start and crashed, which was caused by the missing Store account but as it sounds yours IS starting but then not really functioning, right? :|
Click to expand...
Click to collapse
Thanks, I gave that a try yesterday. 1.7 gb download, what a mess... But solved the problem: it was a rights issue. I was under the impression that the OI File Manager had superuser rights. I was wrong. Got BlankStore working now, but it crashes still quite often on download.
I'm still not sure what to make of it. As I said, it *seemd* to be working before as well, but *no* download was finished. Now, *some* finish their dl, and if they don't I get an error notification (was missing before).
However, whenever I try to load a paid app, the BankStore crashes instantly.
I tried to read the whole NOGAPPS thread and realised: it only works for free apps. And I already redeemed a gift card at the Play Store to buy a paid Titanium Backup version. ****e, I'm stupid. :silly:
Still, it would be nice if it would not crash, or at least tell me it would crash when trying to load a paid app.
Also, I still can't see any active device when logging into the account on the web. Any ideas there? Is that supposed to be like this?
(Funny enough, I *can* see which apps I downloaded through BlankStore.)
arghwhymustiregister said:
also installed the maps successfully (didn't try NetworkLocation yet)
Click to expand...
Click to collapse
It seems both are not working properly for me. OSMAnd can find it's position by GPS. Offi is working, but can not find a location (GPS turned on). Also in Offi Stations, 'Acquiring location' never gets finished. The map stays blank in landscape mode. I would very much appreciate it if you would report your status here: if you can get it to work, how - and if not, what $reasons do you assume?

The permissions are not the problem. /system has to be mounted writable.
Sent from my FP1 using xda app-developers app

permissions for Offi / Maps Api access?
elchi1234 said:
The permissions are not the problem. /system has to be mounted writable.
Click to expand...
Click to collapse
Thanks for pointing that out, @elchi1234. I'm not used to work on linux-like systems, but I'm eager to learn.
However, I assume this could have something to do with permissions:
boondiordna said:
Offi is working, but can not find a location (GPS turned on). Also in Offi Stations, 'Acquiring location' never gets finished. The map stays blank in landscape mode.
Click to expand...
Click to collapse
I tried to figure out why Offi is not showing any map. It seems like it's trying to DL / access map tiles and not getting access, which sometimes even causes crashes:
Code:
W/MapsAPI ( 5201): MapTileDownloader: Problem downloading MapTile: /17/65535/65535 HTTP response: HTTP/1.1 403 Forbidden
According to the crash report, this happens with every tile the app is trying to access.
Did I mess up somehere?

Nice to hear that the Blank Store is now working for you.
Hm, that problem with Öffi sounds familiar to me - I seem to recall that I had these problems too.. since you could install those Apps it looks like your installation of the map files was succesful. I think you should try the GPS fix mentioned here. It really helps A LOT (or did you already do that..?)
Report back!

Well, the MapsAPI seems to be installed correctly. (It was never working for me, too. I use it for that apps that require it but don't really need it.)
I would guess that there is a change in the API of the webserver that MapsAPI doesn't know about.

Problem with Rooted Stock Rom with AirWatch

My company is now enforcing and managing BYOD with AirWatch. I'm trying to enrol my Magisk-rooted Pixel 2 XL. I've searched around XDA and other sites and I was able to enrol the phone when I use Magisk Hide to hide from the AirWatch agent, aka now the Intelligent Hub. It creates a Work profile and installed several work related apps. The only other app aside from Intelligent Hub I've tested so far is Boxer and it works for the few minutes during my test.
When I say Boxer works for a few minutes, that is because next I attempted to open Workspace One. As it loads, I'm guessing it checks other details about the phone, then it would popup a message saying Work apps and profile removing because the device is "compromised" and uninstall the work apps and Word profile.
I would like to use Magisk Hide and hide from Workspace One app, but Magisk Hide doesn't even list that and other apps in the Work profile. An admin at work checked the AirWatch server and it shows the device compromised detection with the status "Malicious file found - Check files in system or exec folder".
So my question is, outside of troubleshooting step by step from wiping phone and setting up each thing from scratch, anyone else have an insight on what else I can check?
FYI, these are the following setup I have on my phone
- Pixel 2 XL
- Rooted with latest version of Magisk and Manager
- Latest Pie 9.0 Aug 2019 Update
- Magisk Modules Installs: Busybox, Viper4Android
- Apps with Root Access: AdAway, BetterBatteryStats, Franco Kernel Manager, Material Terminal, Titanium Backup

s0l1dsn8k3 said:
My company is now enforcing and managing BYOD with AirWatch. I'm trying to enrol my Magisk-rooted Pixel 2 XL. I've searched around XDA and other sites and I was able to enrol the phone when I use Magisk Hide to hide from the AirWatch agent, aka now the Intelligent Hub. It creates a Work profile and installed several work related apps. The only other app aside from Intelligent Hub I've tested so far is Boxer and it works for the few minutes during my test.
When I say Boxer works for a few minutes, that is because next I attempted to open Workspace One. As it loads, I'm guessing it checks other details about the phone, then it would popup a message saying Work apps and profile removing because the device is "compromised" and uninstall the work apps and Word profile.
I would like to use Magisk Hide and hide from Workspace One app, but Magisk Hide doesn't even list that and other apps in the Work profile. An admin at work checked the AirWatch server and it shows the device compromised detection with the status "Malicious file found - Check files in system or exec folder".
So my question is, outside of troubleshooting step by step from wiping phone and setting up each thing from scratch, anyone else have an insight on what else I can check?
FYI, these are the following setup I have on my phone
- Pixel 2 XL
- Rooted with latest version of Magisk and Manager
- Latest Pie 9.0 Aug 2019 Update
- Magisk Modules Installs: Busybox, Viper4Android
- Apps with Root Access: AdAway, BetterBatteryStats, Franco Kernel Manager, Material Terminal, Titanium Backup
Click to expand...
Click to collapse
The following works but I am not sure if all the steps are crucial and which ones may be superfluous. Those instructions in (parentheses) may be not necessary).
I am not a programmer (Basic on a C-64 doesn't count, I take it), don't know anything about computer architectures etc., just able to follow instructions and wrap my mind around them to tweak my devices.
The main part is to "Hide Magisk Manager" after Boxer is installed (but before it is opened/setup) as that also creates another Magisk app (instance?) with the new name for the work profile where Boxer etc. show up and can be hidden with Magisk Hide.
The other (first) part is to hide anything that would alert and conflict with Hub before or during setting up the work profile - I pretty much hid everything under Magisk Hide...
I don't know BYOD nor Workspace One, so the solution below may not work.
- uninstall Hub (that's the only app remaining after the auto-uninstall, right?)
- if Magisk Manager is already hidden: go to Settings\Restore Magisk Manager "with original package and app names" - that seems to be important, as hiding it later and with another name will then also create a Work Profile where one can see and click and hide the work profile apps such as Boxer (not sure if it works the other way around, i.e. starting off hidden with a different name and then later restoring to original will create a Magisk work profile)
- Magisk Hide: click almost every system app, not just the Google ones, but almost everything, camera, calendar, contacts etc. and your phone maker's versions as well (not sure what is necessary, but only Google system apps didn't seem to do it...), also all root and SU related apps like BusyBox etc. (not sure what Hub looks for)
(- System\Apps > clear storage data for Google Play Store and other Play Apps, also make sure Hub is really uninstalled. If not or having problems at least clear data storage as well)
- reboot (can also go into TWRP and wipe cache/Dalvik, not sure if necessary)
- install Hub, don't open it
- open Magisk, go to Magisk Hide: click Hub
(- close Magisk)
(- reboot)
- open Hub, let setup run its course creating the work profile
- if there are conflicts showing in Hub (and/or on your employer's MDM website for your device), e.g. root certificate not installed, don't install any apps yet such as Boxer etc. and reboot instead
- Are those conflicts resolved after reboot?
- install Boxer and other apps (trough Hub itself, MDM website push (or Google Play)) but don't open/start them
(- reboot)
- open Magisk, go to Settings\Hide Magisk Manager and click on it, pick a name and confirm: this will then change the name of Magisk AND create a another Magisk app (with the new name) for the work profile.
- open that new Magisk work profile and go to Magisk Hide: click Boxer (and other apps controlled by Hub); Hub itself and everything already hidden in the private (= non-work) profile Magisk app should show up here as already hidden. Double and triple check.
(- reboot)
- open Boxer and start set-up
That's it. Stable, even after another reboot.

Did this solution work for you @s0l1dsn8k3?

I am in a similar boat. @s0l1dsn8k3 please let me know if you found an alternate solution.

I am in a similar boat. @s0l1dsn8k3 please let me know if you found an alternate solution.

Question Magisk-safety net verification error / Google pay

I can't use a credit card via google pay. Google pay writes that I have a root device even though it is marked in magisk in exceptions.
Magisk show - safety net verification error.
Please help.
Thanks

jkmaxfli said:
I can't use a credit card via google pay. Google pay writes that I have a root device even though it is marked in magisk in exceptions.
Magisk show - safety net verification error.
Okrasné help.
Thanks
Click to expand...
Click to collapse
You have to hide it fully in magisk. And then reboot

Are you using stock rom? Or any other custom rom? If you can't pass safetynet, Magisk hide doesn't "hide", so we have to locate the error.

I using Stock Rom.
Fully hide, reboot And nothing change.

Flash magisk module and you will be ok
https://github.com/kdrag0n/safetynet-fix/releases/download/v1.1.1/safetynet-fix-v1.1.1.zip

In Google Play:
Certification play protect - the device is not certified.
what should I do with it now

hexisg said:
Flash magisk module and you will be ok
https://github.com/kdrag0n/safetynet-fix/releases/download/v1.1.1/safetynet-fix-v1.1.1.zip
Click to expand...
Click to collapse
Thanks ill try it

after flashing the module test your safetunet status.
after clear data of Goole Play Store , google Services and google Pay.And you should be good to use Google Pay.

Safety net is successful, Google play is also successful, but the payment card cannot be added - error:
request failed - transaction could not be performed. When adding a credit card.
Edit:
...the current credit card cannot be removed, it is said to be associated with some one payment method. I wanted to try removing it completely and signing in again. :-(

jkmaxfli said:
Safety net is successful, Google play is also successful, but the payment card cannot be added - error:
request failed - transaction could not be performed. When adding a credit card.
Edit:
...the current credit card cannot be removed, it is said to be associated with some one payment method. I wanted to try removing it completely and signing in again. :-(
Click to expand...
Click to collapse
Try deleting all data a of Google Play Services and Google Pay app, restart the phone, and try if you u can do it now

I tried that, unfortunately no change.

Try this:
Working: Magisk with Google Pay as of gms 17.1.22 on Pie
Ok. I tried this and it worked on gms 17.1.22, allowing one to add cards and pay in store. Warning YMMV, but this is the process I did to get this working. One caveat is that I suspect users will have to reverse some step if gms is updated and...
forum.xda-developers.com
Release GPay SQLite Fix v2.4 · stylemessiah/GPay-SQLite-Fix
Changes to service.sh: -Fixed broken/mangled pipes that left the log file blank - dont ask me why If you need logging (only useful if youre having an issue and want to troubleshoot) you can choose ...
github.com

UnderscoreKer said:
Try this:
Working: Magisk with Google Pay as of gms 17.1.22 on Pie
Ok. I tried this and it worked on gms 17.1.22, allowing one to add cards and pay in store. Warning YMMV, but this is the process I did to get this working. One caveat is that I suspect users will have to reverse some step if gms is updated and...
forum.xda-developers.com
Release GPay SQLite Fix v2.4 · stylemessiah/GPay-SQLite-Fix
Changes to service.sh: -Fixed broken/mangled pipes that left the log file blank - dont ask me why If you need logging (only useful if youre having an issue and want to troubleshoot) you can choose ...
github.com
Click to expand...
Click to collapse
Dont work :-(
So for now, to sum it up:
magisk safety net is pass-ok.
In magisk I have two fix modules (screenshots) and google pay adding a credit card still not working. Still error OR-TAPSH-08.
I also read on the net that it helped someone wait 1 day and then the payment card went to add.
Next:
when I run clean and select the security check, it turns out to me that there is a problem in the payment environment.(screenshots)

jkmaxfli said:
Dont work :-(
So for now, to sum it up:
magisk safety net is pass-ok.
In magisk I have two fix modules (screenshots) and google pay adding a credit card still not working. Still error OR-TAPSH-08.
I also read on the net that it helped someone wait 1 day and then the payment card went to add.
Next:
when I run clean and select the security check, it turns out to me that there is a problem in the payment environment.(screenshots)
Click to expand...
Click to collapse
Not trying to be mean or anything but, have you enabled magisk hide?
Uninstall universal safety net fix first and restart.
IMPORTANT: Make sure that you are running the latest version of magisk.
Make sure hide is on and you have selected all core Google services and gpay.
Then install magiskhide props config and restart.
Install an command terminal from the play store and type "props". You may have to enter "su" first.
Type "1" then “f”
Then follow the steps to select your phone model.
Then apply the fingerprint and restart.
If you cannot find your phone model, then ignore this step.
Go into magisk settings and click on the option to hide the magisk app. The app should reinstall itself under the "settings" name.
Restart again.
Then, turn data and WiFi off, go into settings and clear the storage/data of all Google apps and especially Google play services. Then just reflash the gpay fix (DON'T RESTART). Turn connection back on and try to add your cards as well as any nfc setup for those cards.
Then restart your phone.
Then go into Google play store, and into settings, and ensure that the device is certified.
This allowed me to get gpay working, however, I'm running a custom rom though.
You may want to carry your cards physically in case the phone doesn't work for the first month or so.

Hello.
I have a magisk hide.
For the item google services framework, if I check, after leaving and re-entering the already checked google services framework is not, the check mark does not hold.(screenshot)

jkmaxfli said:
Hello.
I have a magisk hide.
For the item google services framework, if I check, after leaving and re-entering the already checked google services framework is not, the check mark does not hold.(screenshots)
Click to expand...
Click to collapse
Hi, sorry, I had to edit my reply several times.
Just enable them all just in case. For the 2nd screenshot, enable the hide thing. I have it enabled so the option says to restore it.

For the services framework bugthing, ignore it. The gpay fix was the one that added it. Just expand it and ensure its on

I'll try it all, thank you. I'll get back to you today

I'm tangled in it, you wrote a lot. Please send me one more steps 1 to ..... Thank you very much

!!!!!!!!!!!!!!!!!!!!!!!!! Dude, you're really a giant, it all works !!!!!!!!!!!!!!!!!!!!!!!
Safety net in magisk PASS.
Google play store - device is certified.
Credit card added successfully.
Tomorrow I will try payment using a mobile phone and NFC and see if it is fully functional.
I'll let you know tomorrow if the payments are working.
BIG BIG thanks

Question [Magisk/root/shimeko] Hiding root from Microsoft Teams and Company portal.

HI all. Keep in mind that I did my first root and install of Magisk this week for some gaming desires. I am a bit of a noob, but I had a blast learning about rooting. I was also encouraged because everything went pretty well and only took me around an hour.
Then I ran into a wall.
I use my Pixel 6 Pro to attend work meetings and track work form home or in my car. I had really grown to need this feature so I was a bit worried that I would have to reverse the root. So for the last 2-3 days I have been using trial and error and guides on how to hide banking apps. I saw so many threads that never resolved the teams issue or missed steps that I thought I would write up a detailed guide for what worked for me.
Keep in mind this is for Android 13 and a Google Pixel 6 Pro. This assumes you Rooted your phone and have latest Magisk installed as well.
Prep:
1. Go to Google Play Store settings and turn off automatic updating. I'm sure most people who use magisk do this anyway.
2. Go here https://en.uptodown.com/android/browsing and download older versions of Teams and Company portal. Not too old. You want something from just 2-3 months ago. If it is too old the phone won't let you install it but will put files on your phone that already know you're rooted.
3. Make sure you have the latest Universal Safty fix. You can run a scan to show if you meet the safety fix standard. Again I think the problem isn't safty fix so much as Company portal looks for an unlocked boot loader.
4. install Mgiskhide Props Config module and Android terminal from the play store. (You do this to put a legit looking device ID, or non unlocked bootloader ID - just encase your phone doesn't work, or has been previously detected). Its a simple process where you input some number options through android terminal to set the ID. Just follow the steps. AND MAKE SURE YOU DELETE TERMINAL AFTER YOU'RE DONE. They look for that.
GitHub - Magisk-Modules-Repo/MagiskHidePropsConf: This tool is now dead...
This tool is now dead... Contribute to Magisk-Modules-Repo/MagiskHidePropsConf development by creating an account on GitHub.
github.com
5. Use Magisk hide and rename Magisk to MYJOBSUCKS
Action:
1. install Shamiko https://github.com/LSPosed/LSPosed.github.io/releases/tag/shamiko-120
2. Reboot.
3. Make sure Zygisk is enabled.
4. Make sure Enforce Denylist is OFF (This seems nonsensical but Shamiko handles the enforcement now that it's installed. The Zygisk enforcement is a conflict.)
5. Go back and install Company portal and Teams. Don't do anything in either. Don't sign in. Don't configure. Don't open the apps.
6. Go back to Zygisk and open Configure Denylist. This, I feel, is the MOST important step that makes or breaks this process. Do the following in Denylist:
MAKE SURE YOU TOGGLE EVERYTHING not just the default hides. Each hide has a submenu and for sub processes to hide.
This is everything I had to deny to make it work:
Authenticator.
Carrier OMADM
Carrier provision service
Carrier services
Certificate installer
Com.andorid.angle
Companion device manager
device health service adaptor
device policy
Gpay
OemDMTrigger
Permission controller
TEAMS
Work setup
Company portal
Google play protect services
Google Play Store
*** I Believes the bottom 5 are the main ones - the rest I just guessed and may or may not impact things 100% *****
7. Sign into Teams.
8. This will force you to sign into Company portal. If it works - not much will happen because it will look like a legit non-rooted phone.
If it fails you'll have to setup your profile in Company portal and it always fails after a 5 step process and says DEVICE NOT HEALTHY) This means you didn't deny something or you didn't reboot or something. You also need to go into your google accounts and look for your work profile and delete it and uninstall teams and company portal - I think company portal leaves files that you want off so you have to start from scratch)
9. You should be able to join your work meetings and use teams.
Ongoing:
Make sure you never update teams or Company Portal.
I don't know if this works for other MS mobile apps because I don't check my mail on my phone - but I assume just adding them to the deny list would be the only step extra you need to take.
Thanks!!

For me it works without props config and with the latest version of MS Teams and the Intune portal app. Use Shamiko (latest), configure denylist but don't enable denylist in Magisk. Magisk is hidden (some banking app which I use checks the Magisk package name).

Guzzlor said:
HI all. Keep in mind that I did my first root and install of Magisk this week for some gaming desires. I am a bit of a noob, but I had a blast learning about rooting. I was also encouraged because everything went pretty well and only took me around an hour.
Then I ran into a wall.
I use my Pixel 6 Pro to attend work meetings and track work form home or in my car. I had really grown to need this feature so I was a bit worried that I would have to reverse the root. So for the last 2-3 days I have been using trial and error and guides on how to hide banking apps. I saw so many threads that never resolved the teams issue or missed steps that I thought I would write up a detailed guide for what worked for me.
Keep in mind this is for Android 13 and a Google Pixel 6 Pro. This assumes you Rooted your phone and have latest Magisk installed as well.
Prep:
1. Go to Google Play Store settings and turn off automatic updating. I'm sure most people who use magisk do this anyway.
2. Go here https://en.uptodown.com/android/browsing and download older versions of Teams and Company portal. Not too old. You want something from just 2-3 months ago. If it is too old the phone won't let you install it but will put files on your phone that already know you're rooted.
3. Make sure you have the latest Universal Safty fix. You can run a scan to show if you meet the safety fix standard. Again I think the problem isn't safty fix so much as Company portal looks for an unlocked boot loader.
4. install Mgiskhide Props Config module and Android terminal from the play store. (You do this to put a legit looking device ID, or non unlocked bootloader ID - just encase your phone doesn't work, or has been previously detected). Its a simple process where you input some number options through android terminal to set the ID. Just follow the steps. AND MAKE SURE YOU DELETE TERMINAL AFTER YOU'RE DONE. They look for that.
GitHub - Magisk-Modules-Repo/MagiskHidePropsConf: This tool is now dead...
This tool is now dead... Contribute to Magisk-Modules-Repo/MagiskHidePropsConf development by creating an account on GitHub.
github.com
5. Use Magisk hide and rename Magisk to MYJOBSUCKS
Action:
1. install Shamiko https://github.com/LSPosed/LSPosed.github.io/releases/tag/shamiko-120
2. Reboot.
3. Make sure Zygisk is enabled.
4. Make sure Enforce Denylist is OFF (This seems nonsensical but Shamiko handles the enforcement now that it's installed. The Zygisk enforcement is a conflict.)
5. Go back and install Company portal and Teams. Don't do anything in either. Don't sign in. Don't configure. Don't open the apps.
6. Go back to Zygisk and open Configure Denylist. This, I feel, is the MOST important step that makes or breaks this process. Do the following in Denylist:
MAKE SURE YOU TOGGLE EVERYTHING not just the default hides. Each hide has a submenu and for sub processes to hide.
This is everything I had to deny to make it work:
Authenticator.
Carrier OMADM
Carrier provision service
Carrier services
Certificate installer
Com.andorid.angle
Companion device manager
device health service adaptor
device policy
Gpay
OemDMTrigger
Permission controller
TEAMS
Work setup
Company portal
Google play protect services
Google Play Store
*** I Believes the bottom 5 are the main ones - the rest I just guessed and may or may not impact things 100% *****
7. Sign into Teams.
8. This will force you to sign into Company portal. If it works - not much will happen because it will look like a legit non-rooted phone.
If it fails you'll have to setup your profile in Company portal and it always fails after a 5 step process and says DEVICE NOT HEALTHY) This means you didn't deny something or you didn't reboot or something. You also need to go into your google accounts and look for your work profile and delete it and uninstall teams and company portal - I think company portal leaves files that you want off so you have to start from scratch)
9. You should be able to join your work meetings and use teams.
Ongoing:
Make sure you never update teams or Company Portal.
I don't know if this works for other MS mobile apps because I don't check my mail on my phone - but I assume just adding them to the deny list would be the only step extra you need to take.
Thanks!!
Click to expand...
Click to collapse
This solve my problem with my bank app thank you so much...!!!

foobar66 said:
For me it works without props config and with the latest version of MS Teams and the Intune portal app. Use Shamiko (latest), configure denylist but don't enable denylist in Magisk. Magisk is hidden (some banking app which I use checks the Magisk package name).
Click to expand...
Click to collapse
I'm not sure what was wrong but simply doing those steps did not work for me. I had to start from scratch and that's why I wrote all this up.

Guzzlor said:
HI all. Keep in mind that I did my first root and install of Magisk this week for some gaming desires. I am a bit of a noob, but I had a blast learning about rooting. I was also encouraged because everything went pretty well and only took me around an hour.
Then I ran into a wall.
I use my Pixel 6 Pro to attend work meetings and track work form home or in my car. I had really grown to need this feature so I was a bit worried that I would have to reverse the root. So for the last 2-3 days I have been using trial and error and guides on how to hide banking apps. I saw so many threads that never resolved the teams issue or missed steps that I thought I would write up a detailed guide for what worked for me.
Keep in mind this is for Android 13 and a Google Pixel 6 Pro. This assumes you Rooted your phone and have latest Magisk installed as well.
Prep:
1. Go to Google Play Store settings and turn off automatic updating. I'm sure most people who use magisk do this anyway.
2. Go here https://en.uptodown.com/android/browsing and download older versions of Teams and Company portal. Not too old. You want something from just 2-3 months ago. If it is too old the phone won't let you install it but will put files on your phone that already know you're rooted.
3. Make sure you have the latest Universal Safty fix. You can run a scan to show if you meet the safety fix standard. Again I think the problem isn't safty fix so much as Company portal looks for an unlocked boot loader.
4. install Mgiskhide Props Config module and Android terminal from the play store. (You do this to put a legit looking device ID, or non unlocked bootloader ID - just encase your phone doesn't work, or has been previously detected). Its a simple process where you input some number options through android terminal to set the ID. Just follow the steps. AND MAKE SURE YOU DELETE TERMINAL AFTER YOU'RE DONE. They look for that.
GitHub - Magisk-Modules-Repo/MagiskHidePropsConf: This tool is now dead...
This tool is now dead... Contribute to Magisk-Modules-Repo/MagiskHidePropsConf development by creating an account on GitHub.
github.com
5. Use Magisk hide and rename Magisk to MYJOBSUCKS
Action:
1. install Shamiko https://github.com/LSPosed/LSPosed.github.io/releases/tag/shamiko-120
2. Reboot.
3. Make sure Zygisk is enabled.
4. Make sure Enforce Denylist is OFF (This seems nonsensical but Shamiko handles the enforcement now that it's installed. The Zygisk enforcement is a conflict.)
5. Go back and install Company portal and Teams. Don't do anything in either. Don't sign in. Don't configure. Don't open the apps.
6. Go back to Zygisk and open Configure Denylist. This, I feel, is the MOST important step that makes or breaks this process. Do the following in Denylist:
MAKE SURE YOU TOGGLE EVERYTHING not just the default hides. Each hide has a submenu and for sub processes to hide.
This is everything I had to deny to make it work:
Authenticator.
Carrier OMADM
Carrier provision service
Carrier services
Certificate installer
Com.andorid.angle
Companion device manager
device health service adaptor
device policy
Gpay
OemDMTrigger
Permission controller
TEAMS
Work setup
Company portal
Google play protect services
Google Play Store
*** I Believes the bottom 5 are the main ones - the rest I just guessed and may or may not impact things 100% *****
7. Sign into Teams.
8. This will force you to sign into Company portal. If it works - not much will happen because it will look like a legit non-rooted phone.
If it fails you'll have to setup your profile in Company portal and it always fails after a 5 step process and says DEVICE NOT HEALTHY) This means you didn't deny something or you didn't reboot or something. You also need to go into your google accounts and look for your work profile and delete it and uninstall teams and company portal - I think company portal leaves files that you want off so you have to start from scratch)
9. You should be able to join your work meetings and use teams.
Ongoing:
Make sure you never update teams or Company Portal.
I don't know if this works for other MS mobile apps because I don't check my mail on my phone - but I assume just adding them to the deny list would be the only step extra you need to take.
Thanks!!
Click to expand...
Click to collapse
Awesome! This is the only method that worked for me after hours of struggling. Thank you!

Method is not working for me. Followed all steps

Not worked for me. Intune still detecting the root

Harshatxda said:
Not worked for me. Intune still detecting the root
Click to expand...
Click to collapse
Harshatxda said:
Method is not working for me. Followed all steps
Click to expand...
Click to collapse
This seems to be an ongoing evolving issue; especially in light of recent updates/events. There are many threads on the site here discussing it, although I've seen some that have been successful (but in various different device forums). The thread (linked below) seems to be fairly up-to-date recently updated that looks most promising...
[Tutorial] [Root] How to configure 'Microsoft Intune' to make it work with 'Magisk' (Update: Q1/2023)
Update 04.01.2023: I've updated/added additional steps to make this tutorial work again. This question was asked many times and often all the answers did not work: How do I get Magisk to work with Microsoft Apps like Microsoft Teams, Microsoft...
forum.xda-developers.com

Rooted Pixel 6A, rooted and literally <24H out of box. All I did was:
1. Hide Magisk (obviously)
2. Enable Zygisk
3. Configure DenyList (every Microsoft app I saw)
4. Enforce DenyList
5. Reboot
Portal passes device health test, and Teams works like a charm. Both are installed straight from Play Store.