Again (see previous response above) which PI spoofing you use?
PI Fork or PI Fix Inject or something else?
[Discussion] The root-and-mod-hiding / fingerprint-spoofing / keybox-stealing cat-and-mouse game
- Thread starter HippoMan
- Start date
PI Fork or PI Fix Inject or something else?
I'm using PI Fork, but spoofing is disabled. I'll be honest, i didn't understand all the nuances of the apps like Integrity Box. It's complicated
Ok, still you can check PI Attesting directly in PlayStore. Go to Settings, General, About and keep tapping to the Playstore version until you become a developer
Then go a step back, into that new Developer Options and run Check Integrity there
You should pass PI Attest but for the Brand, Device, Model, PlayStore must properly show your actual values, not the spoofed values
Also, check in your custom.pif.prop, your spoof settings should be
spoofBuild=1
spoofProps=1
spoofProvider=0
spoofVendingSdk=0
spoofVendingFinger=0and in target txt you must have (among others - depending which apps you use):
com.android.vending
com.google.android.gmsOk, within the play store integrity, this checks out. It passes and shows my actual values.
My custom.pif.prop had so of those but also spoofSignature=1
Target.txt had many items but also those 2 required ones. I went back to tricky store and selected only necessary including those 2, then realized the target file. None of this worked however, i still have no room it claims.
This might be my opportunity to switch from latest Magisk to ksun?
Maybe disable all Magisk modules, or remove Magisk entirely, before jumping to another rooting method.
Fix the Pending Update Loop with ADB
Bash:
# Clear Play Store and GMS data with shell more thorough than the UI
adb shell pm clear com.android.vending
adb shell pm clear com.google.android.gms
# Reset the Package Mgr temp cache
adb shell rm -rf /data/local/tmp/*You also might need to address the PI and Device Spoofing issue. Make sure that you haven't enabled Force Basic Attestation with a fingerprint from a device with very little storage because you’ve been messing with PI modules and now the Store thinks it’s living on a 2012 toaster with 8GB of storage.
Check
/data/adb/modules/ for any folder related to PI or spoofing.
Code:
adb shell getprop | grep -E "model|product|fingerprint"Since your About tab won't update, the bin might be corrupted. Sideloading a fresh version sometimes fixes the installation directory permissions and remember to reboot in between any changes that you make. ( ͡° ͜ʖ ͡°)
I had the nohello module active for reasons. Once I disabled it, the store works again. I can't pass device security, but much happier to be able to update me apps
Well it's over. It was fun while it lasted. My country officially banned ADB and bootloader unlocked devices fromm using banking apps. Effective from Mar 1.
vanban.chinhphu.vn
Thông tư số 77/2025/TT-NHNN của Ngân hàng Nhà nước Việt Nam: Sửa đổi, bổ sung một số điều của Thông tư số 50/2024/TT-NHNN của Thống đốc Ngân hàng Nhà nước Việt Nam quy định về an toàn, bảo mật cho việc cung cấp dịch vụ trực tuyến trong ngành Ngân hàn
Thông tư số 77/2025/TT-NHNN của Ngân hàng Nhà nước Việt Nam: Sửa đổi, bổ sung một số điều của Thông tư số 50/2024/TT-NHNN của Thống đốc Ngân hàng Nhà nước Việt Nam quy định về an toàn, bảo mật cho việc cung cấp dịch vụ trực tuyến trong ngành Ngân hàng
vanban.chinhphu.vn
Regulated in Circular 77/2025/TT-NHNN amending Circular 50 on online service security in the banking industry, to be in affect from March 1st:
Thông tư số 77/2025/TT-NHNN của Ngân hàng Nhà nước Việt Nam: Sửa đổi, bổ sung một số điều của Thông tư số 50/2024/TT-NHNN của Thống đốc Ngân hàng Nhà nước Việt Nam quy định về an toàn, bảo mật cho việc cung cấp dịch vụ trực tuyến trong ngành Ngân hàn
Thông tư số 77/2025/TT-NHNN của Ngân hàng Nhà nước Việt Nam: Sửa đổi, bổ sung một số điều của Thông tư số 50/2024/TT-NHNN của Thống đốc Ngân hàng Nhà nước Việt Nam quy định về an toàn, bảo mật cho việc cung cấp dịch vụ trực tuyến trong ngành Ngân hàng
Clause 2, Article 5: Amend and supplement Clause 4 of Article 8 as follows:
4. Implement solutions to prevent, combat, and detect unauthorized interference with the Mobile Banking application installed on customers' mobile devices. The Mobile Banking application must automatically exit or stop functioning and notify the customer of the reason if any of the following signs are detected:
a) A debugger is attached or the environment has a debugger running; or when the application is running in an emulator/virtual machine/emulator; or operating in a mode that allows the computer to communicate directly with the Android device (Android Debug Bridge);
b) The application software is injected with external code while running, performing actions such as monitoring executed functions, logging data transmitted through functions, APIs, etc. (hooks); or the application software is tampered with or repackaged.
c) The device has been rooted/jailbroken; or its bootloader has been unlocked."
But it doesn't say:
4.Implement solutions to prevent, combat, and detect unauthorized interference with the Mobile Banking application installed on customers' mobile devices, including but not limited to deploying a 'device destruct' mechanism, inducing electric shock or otherwise limiting a user's capacity to continue to use the device by any means deemed necessary. The Mobile Banking application must automatically exit or stop functioning and then notify the Police of the reason and specifics of any offending party if any of the following signs are detected:
Does it?
PW
4.Implement solutions to prevent, combat, and detect unauthorized interference with the Mobile Banking application installed on customers' mobile devices, including but not limited to deploying a 'device destruct' mechanism, inducing electric shock or otherwise limiting a user's capacity to continue to use the device by any means deemed necessary. The Mobile Banking application must automatically exit or stop functioning and then notify the Police of the reason and specifics of any offending party if any of the following signs are detected:
Does it?
PWI mean if they could find a reason to do it then they would. People may have wild conspiracy theories but that's very reasonable, given that I said a while ago that the head of our political system was the minister of public security aka the police.But it doesn't say:
4.Implement solutions to prevent, combat, and detect unauthorized interference with the Mobile Banking application installed on customers' mobile devices, including but not limited to deploying a 'device destruct' mechanism, inducing electric shock or otherwise limiting a user's capacity to continue to use the device by any means deemed necessary. The Mobile Banking application must automatically exit or stop functioning and then notify the Police of the reason and specifics of any offending party if any of the following signs are detected:
Does it?
This indeed sad news. And unfortunately, it isn't very surprising news ... which is even more sad.
It's just part of a world-wide trend.
Last edited:
Vision
Recognized Contributor / Recognized Translator
New Year, new version.
Targeted Fix v4
Best, Vision.
Targeted Fix v4
- Add nlohmann/json as submodule
- Update libcxx prefab
- Update 5ec1cff/local_cxa_atexit_finalize_impl submodule
- Improved target.txt handling and organization
GitHub - VisionR1/TargetedFix: "Fix" FP in the apps you want with a target list.
"Fix" FP in the apps you want with a target list. Contribute to VisionR1/TargetedFix development by creating an account on GitHub.
github.com
Best, Vision.
Happy New Year, and good news!
Just out of curiosity, what is "nlohmann"? Is it just a particular json-parsing implementation?
Vision
Recognized Contributor / Recognized Translator
Happy New Year.Happy New Year, and good news!
Just out of curiosity, what is "nlohmann"? Is it just a particular json-parsing implementation?
Hippopotamum hodie ad prandium affer.
The name of the author is Niels Lohmann.
I have enough devices lying around my room to act as a banking phone should this happen
Similar threads
Top Liked Posts
-
2
I had the nohello module active for reasons. Once I disabled it, the store works again. I can't pass device security, but much happier to be able to update me apps1But it doesn't say:
4.Implement solutions to prevent, combat, and detect unauthorized interference with the Mobile Banking application installed on customers' mobile devices, including but not limited to deploying a 'device destruct' mechanism, inducing electric shock or otherwise limiting a user's capacity to continue to use the device by any means deemed necessary. The Mobile Banking application must automatically exit or stop functioning and then notify the Police of the reason and specifics of any offending party if any of the following signs are detected:
Does it?
PW1New Year, new version.
Targeted Fix v4
- Add nlohmann/json as submodule
- Update libcxx prefab
- Update 5ec1cff/local_cxa_atexit_finalize_impl submodule
- Improved target.txt handling and organization
GitHub - VisionR1/TargetedFix: "Fix" FP in the apps you want with a target list.
"Fix" FP in the apps you want with a target...github.com
Best, Vision.1
Happy New Year, and good news!
Just out of curiosity, what is "nlohmann"? Is it just a particular json-parsing implementation?
Hippopotamum hodie ad prandium affer.
1
Happy New Year.Happy New Year, and good news!
Just out of curiosity, what is "nlohmann"? Is it just a particular json-parsing implementation?
Hippopotamum hodie ad prandium affer.
The name of the author is Niels Lohmann. -
7
There are many ill informed and gullible users, but you would need to be ill informed and gullible to fall for that scam. Really really...And yet many countries seem to be forcing pay by phone on their population
What Is 'NGate'? The Android Phone ATM Scam You Need To Know About - BGR
Unsuspecting users are losing money from ATMs...
www.bgr.com
Apps like G Pay/Wallet don't have any access to account/card details and use one time cryptographically signed tokens with plenty of extra security safeguards too.
So the scam, as the article says, works this way: "By remotely targeting your Android phone, these criminals can gain access to your card information and you might never be aware that you're giving it to them". Of course, this can only occur if the user is ill informed and gullible enough to sideload the "special" app sent by txt or email, and then obligingly locates their physical card and 'places their credit card against their phone and then enters their PIN', which is how the criminals actually get access to real account/card details. And, of course, the user must be fooled into thinking that the requests are not at all suspicious.
This does illustrate beautifully why Google is introducing new sideloading and verified developer protections, as well as other security measures, designed to protect users from themselves as much as to protect against cyber criminals seeking to scam tech users... Tech users today are collectively simply too trusting to be trusted!
Thankfully for us, there are reasons Google wants to make sure sideloading, use of unverified apps, bootloader unlocking and even root (superuser) access remain available (are "going nowhere") aside from supporting the modding community. These mainly involve supporting app, platform and other breeds of security testers.
Such testing includes Android application Functional testing (verifies that the application performs its intended functions and meets specific business requirements) and Non-Functional testing (assesses quality attributes of the system, focusing on how well the app performs rather than what it does), Android platform testing (involving App Analysis, Platform Security, Data Storage Security, Communication Security, Reverse Engineering code etc), Full Penetration Testing (with a much wider scope than the Platform tests, it simulates a real-world cyberattack against an organization's entire IT infrastructure to identify security weaknesses across all systems with the aim of securing the entire 'enterprise ecosystem'), as well as testing for Android CVEs (Common Vulnerabilities and Exposures are specific security flaws in the Android operating system or its components, identified by a unique CVE ID, that help developers and users track, prioritize, and fix critical software bugs that could compromise device security.)
All these abilities, including ability to use root solutions like Magisk with its ability to allow or deny modifications for an app at will, and to run specialised root apps, especially those available to pen testers, along with ability to make system changes etc that require elevated privileges, benefit developers and testers contributing to Android immensely, and Google knows this. The need for these deviations from standard Android use also makes it easier to include non-standard access for and to accommodate Android modders in general, and Google continues to show willingness* to do this, especially since many tester are actually modders who do the right thing and make untold contributions to the Android ecosystem.
For example, @canyie#, of XDA, XPosed (her own Dreamland Xposed as well as LSposed), Riru and Magisk fame, is often in the top 10 in Google's Bug Hunters program worldwide... She was #7 in 2024, #23 (as of 28 june) but #4 in the entire Android Program this year. (seems she's #11 bug hunter again ATM?)...
-----
* Of course, giving system and superuser access to 3rd parties is largely done in the interests of security, so it's no shock that this willingness in no way includes supporting efforts to override Google's security model and attestation system (the latter of course being proprietary code designed to safeguard use of proprietary apps as demanded by their owners), even though security measures themselves are allowed to be switched off if a user wishes (unlike iOS).
# Now a 21 y.o. Android framework developer & security researcher, @canyie discovered, while researching ART aged only 15, that native bridge, which was normally disabled on ARM devices but used in x86, could be adapted for injecting into zygote in Android. She tested this on a Pixel 3 (as a Magisk module.) She made her https://github.com/canyie/NbInjection repo just days after turning 16 in Aug 2020. This was soon adopted by RikkaW as Riru's new injection method in Riru v22, Nov 10 2020, and also allowed the first reliable RiruHide to be implemented in the same version. She also created her still current Dreamland Xposed framework in Jan 2020 at age 15, https://github.com/canyie/Dreamland. By April 2020 she had developed her own Pine dynamic java hooking framework, https://github.com/canyie/pine, and added Pine support in Dreamland. In Jan 2023, aged 18, Canyie became a Magisk collaborator and was soon credited as a Main Magisk Dev on the Magisk App home screen.
-----(I wrote all this cos our truck broke down, so I've been sitting in a café drinking coffee and waiting for my boss.) PW6So i accidentally signed up for Advanced Account Protection (not to be confused with the setting Advanced Protection) and suddenly couldn't install apks (this was different from the apk blocking of the setting AP which just ignores other apps permission to install apks) had to unenroll which included a 24 hour hold on my account being accessed from my phone's browser.
Only good of this is that, at least right now, it's an opt-in "improvement"6
Simply uninstall Play Store updates and/or clear Play Store & Services data and reboot.What do I do when the play store tells me I don't have enough space to download, when I have plenty? Is there a setting I tweaked somewhere that I can untweak?
It thinks you're out of room because it’s still holding onto some failed download from 3 months ago, but usually it points to corrupted cache or some hidden stuck installation process.
If you have used ADB, your system might be trying to install apps to a location that doesn't exist or is full.
You can try to force it back to internal storage
( ͡° ͜ʖ ͡°)Bash:# Check the current install location; 0 = auto, 1 = internal, 2 = external adb shell pm get-install-location # Force it back to internal storage if it was set to 2 adb shell pm set-install-location 15
Deterring rooted users, I can understand. But the "sideload" developer verification will ultimately fail since:
1. A bunch of Play store apps may have the same or even more advanced malware behavior that the "unverified" apks might have
2. ID checking is worthless when the malicious developer really wanted to engage in such activities: they can buy real IDs online, or require people working for them to submit their ID for verification.
The second argument have multiple similar examples already. In Vietnam they pretty much forced all existing phone numbers and bank accounts to re-verify their accounts by requiring the payment/telco apps to read the ID's NFC chip and a live recording of an user's face to "reduce scams" (one of the reasons). Not verifying? They will lock the phone No. and disable online banking/card functionality. Collected information afaik will be sent to the govt. for verification.
The results? Scam increased, actually. Criminals did get arrested, but only a few and after already extorted lots of people. I could never defend such thing from Google, and have already said in this thread a bunch of times.4
Note that the hippo is a well educated beast and happily uses "hippopotami" as its plural (ref: https://www.thefreedictionary.com/hippopotamus) -
41The purpose of this current thread is to offer a place where people can freely opine, editorialize, complain, and rant about the cat-and-mouse game between Google and those of us who are trying to bypass their PlayIntegrity checks ... and about the future of rooting, modding, bootloader unlocking, etc. All such posts will be on topic here.
But before writing anything here, please follow official XDA rules which stipulate that before posting messages in any thread -- including this one, of course -- you need to read and understand the OP of that thread (this **entire** current "Original Post").
We know that Google supports rooting and bootloader unlocking, while at the same time, they are engaged in ongoing efforts to keep enhancing rooting-detection and modding-detection and unlocked-bootloader-detection capabilities in order to make it easier for app developers to know when to cripple or even totally disable their applications on rooted devices or modded devices or devices with unlocked bootloaders, if they so choose.
A parallel effort is ongoing among other developers who are trying to improve root-hiding and mod-hiding and unlocked-bootloader-hiding utilities with the goal of thwarting Google's various detection capabilities.
This is now a major cat-and-mouse game between Google (the cat) and those detection-thwarting devs (the mice). Given the cat's ongoing improvements in root-detection and mod-detection and unlocked-bootloader-detection, the mice are having to come up with more and more counter-measures, many of which are not yet ready for prime time, and which currently collectively comprise a complex, confusing, and sometimes self-contradictory set of software options.
This cat-and-mouse game has resulted in huge amounts of wasted productivity as well as literally tens of thousands of messages asking for and offering help in discussion threads about Magisk, APatch, KernelSU, Play Integrity, TrickyStore, fingerprints, keyboxes, etc., where many of these discussions end up being convoluted, confusing, and repetitious.
When people editorialize in those threads about this cat-and-mouse game itself and about the future of rooting, modding, and bootloader unlocking, the posters of such messages are more and more tending to get ostracized and even sometimes have their posts blocked by the moderators.
And I repeat: the purpose of this current thread is to offer a place where people can freely opine, editorialize, complain, and rant about this cat-and-mouse game and about the future of rooting, modding, bootloader unlocking, etc. All such posts will be on topic here.
Hippopotamum hodie ad prandium affer.18"Another one bites the dust."
I'll say goodbye here, I'm following @chiteroman .
The time and efforts to have my modded and rooted Android-devices working and running as I want, becomes more and more, and now it's too much.
Yet I switched to an unrooted midclass device, Galaxy A35, locked BL.
- I changed ACC with builtin battery saver,
- I changed AdAway to adguard in Private DNS,
- I changed AfWall+ to netguard-without-root,
- I installed Shizuku for adb-access,
- I use SwiftBackup/Shizuku for Backup/Restore instead of former NeoBackup or older TitaniumBackup,
- I use MiXplorer/Shizuku for some better storage access as normal file explorers.
So this works (yet) for me. Not really good, but it works.
Bye, bye modding. (Sigh)
"Time to say Goodbye..."
I began with Unix working in 1985 on Sun, Apollo, DECstations and IBM RiscStations. All the time as Administrator and as supporter for students and scientists.
I started with Smartphones with "HTC HD2" in 2010, running Windows-Mobile 6.5 (it was awful). Later I modded it to run with dualboot Windows/Android.
I began with "real" Android in 2013 and modding in 2014 with CyanogenMod-11 and SuperSU on HTC One(M7).
It was really a good time.
But... "The times, they are a-changing".
So Byebye to all of you... and many many thanks for all of your work.
"So long, and thanks for all the fish."
samhhmobil16
No, we were expected to read and do our homework by searching before posting rather than be repetitive and have things handed to us. It's literally the XDA rules and they used to enforce them.
By adopting an oral tradition similar to Telegram instead of strictly making people search and pointing them to known good explainer posts XDA has gone downhill and this is no more evident than in the bloated mass of the current PIF thread.13I have made a lot of progress towards my goal of abandoning Android and moving to a linux phone.
I got a Pinephone Pro and installed the Tow-Boot bootloader and then the PostmarketOS linux version with the Phosh gui manager. It's an offshoot of Gnome.
It uses no Google software nor has any Play Store connection nor emulation. All its apps are linux programs.
I can send and receive SMS and MMS, I can run browsers, I can send and receive email, I can run chat apps like Telegram and also probably WhatsApp (although I don't use WhatsApp).
It doesn't support RCS, but I don't use that.
It doesn't support any Wallet/Payment-type apps, but I don't use those, either.
There is no LINE Messenger that runs under linux, and I do indeed use that app extensively to keep in touch with my Japanese friends. However, the Chromium browser runs on the device, and there is a LINE-Messenger plugin that runs on Chrome and Chromiun.
And I can run Google Maps on a browser.
The only apps that I use which don't run under linux are Uber Rider and Lyft Rider. For those apps, I'll have to use Android or iOS, but I can use a low-capacity, used, really cheap iPhone or Android device (with a locked bootloader) for Uber and Lyft and probably nothing else.
I still have to get everything configured and running the ways I want on the PPP ("Pinephone Pro"), and I don't have a lot of free time. So it will probably be another month or so before I can fully abandon my daily Android use.
Linux runs by default in rooted mode (as do macOS and Windows, for that matter), and so I soon won't have to deal with the increasing restrictions, complexity, and pain in Android of trying to configure my phone in the ways that *I* want, instead of what Android shoves down our throats.
I'll be able to configure, install, and write any software in any ways that I want on my generically rooted linux phone.
So, now it won't be long before the day when I can finally say, "Good riddance, Android! Don't let the door slam you in the ass on your way out."10As for me, I see rooting and modding to be on a death spiral.
While rooting and bootloader unlocking themselves will continue be allowed, rooted, modded, and unlocked devices will have an increasing number of apps blocked or crippled due to Google's ongoing improvements in detection coupled with a parallel increase in the magnitude of the set of apps which will make use of these detection capabilities.
This will lead to an increasingly undesirable Android experience for many of us.
As for me, I've been staying on Android 10 and Magisk 23.0. This allows me to pass SafetyNet and run my banking app and other apps and mods, and I can still use TWRP for nandroid backup and restore of System, Boot, and Vendor, as well as for Data.
I see no advantage to Android 11, 12, or beyond, given the crazy, headache-stimulating rabbit hole that I currently would have to enter in order to try to obtain workable root-hiding and mod-hiding under these OS versions. Given Google's ongoing detection improvements, I fear that this rabbit hole will only continue to get more psychedelic.
So for me, Android 11, 12, and beyond are already pretty much as good as dead.
New posts
-
-
MX Player stopped working after yesterdays update to 2.6.0 (09.01.2026)
- Latest: silver2004
-