Jump to content

Lineage and Banking apps


Recommended Posts

It seems I have to give up stock android and move to lineage for security reason.

Before I do this, I wanted to ask the community about banking apps on lineage. Does it work? I understood we have to use magisk, but reading the forum, I see that users also have some difficulties make it work.

Edited by OKSun
Link to post
Share on other sites
3 hours ago, OKSun said:

It seems I have to give up stock android and move to lineage for security reason.

Before I do this, I wanted to ask the community about banking apps on lineage. Does it work? I understood we have to use magisk, but reading the forum, I understand that users also has some difficulties make it work.

Basically I can use banking apps which need to pass SafetyNet test using Magisk...
However, there were changes around Magisk and I don't know what the current solution is instead of MagiskHide which also needed for these apps to work.

As far as I know, current version of Magisk has that removed but old version still works on LineageOS 18.1 (Android 11), however, I doubt it will work on any later major Android version(s).

  • Like 2
Link to post
Share on other sites

Wow, seems I haven't been up to date with regard to Magisk...

Looks like not only MagiskHide, but also everything related to SafetyNet is removed from current Magisk releases.

(See John Wu's statement in https://topjohnwu.medium.com/state-of-magisk-2021-fe29fdaee458) now that he's working for Google, and also this XDA Developers thread: https://forum.xda-developers.com/t/discussion-magisk-the-age-of-zygisk.4393877/.)

That said, MagiskHide seems to be in the state of being replaced by the Zygisk (Magisk running in the new Zygote mode) "deny list"... And the tools to ensure SafetyNet is passed now seem to be external. 

Also, the Xposed framework (EdXposed/LSposed) needs new versions for the new Magisk, and I haven't looked yet whether that's already happened. Personally I need Xposed plus a specific Xposed module to make my employer's security token app for VPN access run on a non-stock ROM. (Funnily that means I couldn't ever get it to work on LineageOS without root...)

Right now, I'm still running a Magisk version predating those changes, and everything from SafetyNet to banking works for me, except for one banking app (German Fidor bank) which detected a non-stock ROM and complained about it. I don't know whether some trick has been found in the meantime to make it work, too.  

(Lineageos 18.1, here.)

 

 

Edited by Rob. S.
  • Like 2
  • Thanks 1
Link to post
Share on other sites
11 minutes ago, Rob. S. said:

Right now, I'm still running a Magisk version predating those changes, and everything from SafetyNet to banking works for me

Also for me... anyway, Magisk has started to notify an update is available few months ago which lead for disabled notification for Magisk on my phone as I did not want to update to the "dumb" version.

(Also, one of my friends did it and Safetynet has stopped working.)

However, I am curious of the new solution but I will stick to LineageOS 18.1 till I don't see it is working...

 

  • Like 2
Link to post
Share on other sites

You might want to get acquainted with XPrivacyLUA, which can restrict what information an app gets. E.g. my banking apps are not allowed to execute shell commands. When they ask "which su", XPL intercepts and replies "[empty]". This way the app does not know that it can't execute shell commands because it gets a valid reply from XPL, but the app won't see su either.

The "only" problem is that you need ... Magisk with Riru and EdExposed or LSPosed. Down the rabbit hole, never to see the light of day again. Magisk reached its EOL, Riru is a mess, and Android (including LOS!) is getting more and more restricted by Google.

  • Like 1
Link to post
Share on other sites
17 hours ago, daniel.schaaaf said:

You might want to get acquainted with XPrivacyLUA, which can restrict what information an app gets. E.g. my banking apps are not allowed to execute shell commands. When they ask "which su", XPL intercepts and replies "[empty]". This way the app does not know that it can't execute shell commands because it gets a valid reply from XPL, but the app won't see su either.

The "only" problem is that you need ... Magisk with Riru and EdExposed or LSPosed. Down the rabbit hole, never to see the light of day again. Magisk reached its EOL, Riru is a mess, and Android (including LOS!) is getting more and more restricted by Google.

Thanks. Definitely beyond the skills of an average user like me. I do not want to spend time learning and experimenting in this area.

Link to post
Share on other sites

The new magisk is not any dumber that the old one. I am using magisk v24.3. Everyhting works the same that in the older versions, what is different is that the hide list is deny list and you need zygisk mode on and configuring the list is in the app settings, but the functionality is the same and if you have to use external modules like MagiskHidePropsConfig you need to download them manually but they work the same. So i have all the same banking apps still working that i had since magisk v20 ->.
Edit: And there is no more the builtin safetynetcheck but there are various apps for that in play store.

Edited by Kaali
Edit
  • Like 2
  • Thanks 2
Link to post
Share on other sites
On 4/27/2022 at 4:15 PM, Kaali said:

Magisk 24.3 supports android 12 so i guess it should work all the same. One person in the discord alrready upgraded to OS19 with magisk.

Thanks.

I will wait a bit further till I have more time so I hope every potential problems reveal. 🙂

Anyway, how about further restrictions of SDCard access under Androdi 12?

  • Like 1
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

Terms